palomar pomerado health · 2011. 3. 17. · internal auditing & ccm - committee education . 2011...
TRANSCRIPT
-
Palomar Pomerado Health
Audit and Compliance Board Committee
Agenda
PPH Grand Office Bldg Thursday, March 17, 2011 456 E. Grand, Escondido 5:15 – 6:45 P.M. Conference Room — 1st floor
Call to Order Public Comments Item Presenter Page Mins
1.
2.
3.
4.
5.
6.
7.
* Meeting Minutes – February 17, 2011 * Review External Audit Engagement - Deloitte Internal Auditing & CCM - Committee Education 2011 Audit Plan External Audit Engagement
* Date/Time/Location of Next Meeting – April 21, 2011 Adjournment
T. Kleiter
M. Kawauchi
T. Boyle
T. Kleiter
T. Boyle
T. Kleiter
T. Kleiter
2-4
N/A
5-24
25-35
36-39
N/A
N/A
5
20
30
15
15
5
5
Nancy Bassett, R.N, Chairman Michael Covert, CEO John Lilley, M.D. Ted Kleiter, Director Janine Sarti, General Counsel Lachlan Macleay, M.D. Bruce Krider, Director Bob Hemker, CFO Linda Greer, R.N., Director (Alternate) Tom Boyle, District Audit Officer Marty Knutson, Corporate Compliance Officer Pernell Jones, Admin Fellow
*NOTE: Asterisks indicate anticipated action; action is not limited to those designated items. “In observance of the ADA, Americans with Disabilities Act, please notify us at (858) 675-5230,
forty-eight hours prior to meeting so that we may provide reasonable accommodations”.
-
Palomar Pomerado Health AUDIT & COMPLIANCE
BOARD COMMITTEE MEETING 456 E. Grand Ave.
1st Floor Conference Room February 17, 2011
AGENDA ITEM/
PRESENTER DISCUSSION CONCLUSIONS/ACTION
CALL TO ORDER 5:15 P.M. by Director Bassett. Present: Directors Kleiter and Krider Also attending: Michael Covert, Bob Hemker, Tom Boyle, Marty Knutson, Janine Sarti, John Lilley, M.D., and Lanissa Weddington
NOTICE OF MEETING Notice of Meeting was posted consistent with legal requirements.
PUBLIC COMMENTS There were no members of the public present.
APPROVAL OF MINUTES January 20, 2011
MOTION: by Director Kleiter, 2nd by Director Bassett and carried to approve the minutes of January 20, 2011 as submitted. All in favor. None opposed.
COMPLIANCE AND ETHICS COMMITTEE REPORT
Mr. Hemker reported on the Compliance and Ethics activity for the months of January and February. The full reports were included in the packet for the committee’s review. Mr. Hemker noted that the Code of Conduct was approved by the POM MEC and went to the Board for adoption on February 14, 2011.
2
-
AGENDA ITEM/ PRESENTER
DISCUSSION CONCLUSIONS/ACTION
He also informed the committee PPH will be facilitating HCPro's Medicare Bootcamp at PPH in May. Mr. Hemker reported that the committee has heavy involvement with executive leadership, has good attendance and is meeting expectations. There are approximately 14 members with both clinical and business representation.
COMPLIANCE HOTLINE ACTIVITY REPORT
Ms. Knutson presented the quarterly compliance hotline activity report for the months of October – December 2010. The report included allegation types, detail on actual calls and web submissions received and a monthly comparison of page views on the Compliance Intra and Internet sites. The full report was included in the packet.
COMPLIANCE AND ETHICS PLAN
The committee reviewed the draft Compliance and Ethics Plan. The plan will replace the Compliance Program Policy. The Compliance and Ethics Plan will meet the Federal Sentencing Guidelines for Organizations and Compliance Plan requirements from the Office of the Inspector General (OIG). Ms. Knutson addressed seven elements the Federal Government established for compliance and ethics plans. The seven elements are: (1) respond to offenses and prevent repetition, (2) assign specific responsibilities to individuals, (3) establish standards and procedures, (4) use due care in choosing and retaining those with discretionary authority, (5) methods to communicate standards and procedures, (6) check performance against standards in various ways, and (7) consistent enforcement of standards (discipline and incentives). Ms. Knutson also discussed the Board’s role with regard to the Compliance and Ethics Plan. The Board’s role is (1) to be knowledgeable about the content and operation of the compliance and ethics program, and (2) exercise “reasonable oversight” about its implementation and effectiveness.
MOTION: by Director Krider, 2nd by Director Kleiter and carried to approve the Compliance and Ethics Plan.
3
http://www.google.com/url?sa=t&source=web&cd=1&sqi=2&ved=0CBwQFjAA&url=http%3A%2F%2Fwww.hcprobootcamps.com%2F&ei=UBNcTdfnLIO8sAO9luSRCg&usg=AFQjCNEE0nZLj8-igXrxESD39mr5LJfGpg
-
February 17, 2011 Audit and Compliance Board Meeting Minutes Page 3 of 3
AGENDA ITEM/ PRESENTER
DISCUSSION CONCLUSIONS/ACTION
CODE OF CONDUCT – ROLL OUT PLAN
Ms. Knutson gave a status update on the Code of Conduct. Employees, Medical Staff and Volunteers will be receiving a letter with the Code of Conduct in the mail. Employees and volunteers will have until April 30, 2011 to commit to the Code. Medical Staff will commit to the Code at the time the time of staff appointment. The web address to the compliance hotline was changed to www.speakingupatpph.net. A “what the Code of Conduct means to you” contest will be announced in April. The winner will have a lunch with Mr. Covert.
CLOSED SESSION The committee recessed into closed session. OPEN SESSION & ADJOURNMENT
The committee reconvened into open session for adjournment at 8:00 P.M.
Director Bassett moved to adjourn.
DATE/TIME & LOCATION OF NEXT MEETING
The next meeting of the Internal Audit and Compliance Committee is tentatively scheduled to be held on Thursday, March 17, 2011 at 5:15 p.m. in the 456 E. Grand Conference Room.
SIGNATURES Committee
Chairperson
Secretary to
Committee
________________________
[Nancy Bassett, R.N., M.B.A.] ________________________
[Lanissa Weddington]
4
http://www.speakingupatpph.net/
-
ContinuousMonitoring
InternalAuditing
Palomar Pomerado HealthAudit and Compliance Committee
March 17, 2011
Committee Education Session
And
5
-
Agenda
1. What is Internal Auditing
2. What is Continuous Monitoring/Auditing
3. Why Audit Automation is Essential
4. Audit Automation at PPH
5. Summary
6
-
“Internal Auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness
of risk management, control, and governance processes.”
WHAT IS INTERNAL AUDITING ?
- The Institute of Internal Auditors 7
-
Limitations of Traditional Audits
• Analysis frequently occurs long after transaction has taken place– Too late for action
• Lack of timely identification of control risks and deficiencies
• Problems escalate - risks increase
The Solution Independently test all transactions at, or
soon after, point at which they occur 8
-
“A method used to automatically perform control and risk assessments on a
more frequent basis”
-The IIA Global TechnologyAudit Guide
WHAT IS CONTINUOUS AUDITING ?
In other words, automated processes to ensure that procedures and operations are effective to ensure that the direction
of management and the Board are being carried out as planned.
9
-
-The IIA Global TechnologyAudit Guide
WHAT IS CONTINUOUS AUDITING ?
“Continuous auditing changes the audit paradigm from periodic reviews of a
sample of transactions to ongoing audit testing of 100 percent of transactions.
It becomes an integral part of modern auditing at many levels.”
10
-
“The role of internal audit needs to be considered
throughout the continuous audit cycle…In some cases,
the active participation of internal audit would be necessary to make the
continuous audit feasible...”AICPA;Continuous
Auditing research report, ©1999
WHAT IS CONTINUOUS AUDITING ?
11
-
• A growing trend where key business processes are reviewed for effectiveness and compliance on a regular and timely basis
• A means to reduce business risk and increase operational efficiency
• Reviewed by an independent audit function to validate results and integrate controls and processes
WHAT IS CONTINUOUS MONITORING ?
12
-
WHAT IS CONTINUOUS MONITORING ?
•Allows management to monitor their own controls in their responsibility to meet organizational objectives
•Focus on analysis of results and correcting problems rather than gathering data.
13
-
Auditor’s Role in Continuous Monitoring
• Validation of Continuous Monitoring (CM) tests– Design– Processing
• Control of the Continuous Auditing process– Change controls– Totals reconciliations– Audit trails
• Security over access to the CM system• Security over changes to tests and test parameters • Processing audit trail• Follow up procedures – response to control deficiencies
detected14
-
“(management and auditing) processes must change radically so that they better use technology to check all of the financial (and related) data, all the time, to continuously search for anomalies and other indicators of controls problems or of outright fraud and abuse”
Sarbanes-Oxley Compliance Journal- Feb 9 2005; CONTINUOUS FINANCIAL CONTROLS REVIEW PROCESSES
By Grady E Means and J Donald Warren, Jr PhD, CPA.
Auditor’s Role in Continuous Monitoring
15
-
CONTINUOUS MONITORING Vs CONTINOUS AUDITING
• Continuous Monitoring is targeted to management
• Continuous Auditing is targeted to auditors
16
-
MONITORING INTERNAL CONTROLS
Management Involvement
Audit Effort
Less
More Monitoring
More Work
Less Work
Inverse relationship: the greater the role of management, the less
of a direct role of internal audit
17
-
•Timely discovery of fraud, waste, abuse Identify issues and risks when they occur, not months/years later
•Identification of control deficiencies
•Examination of consistency of processes
•Expanded audit coverage
•Shorter audit cycle
BENEFITS OF AUDIT AUTOMATION(Continued)
18
-
•Reduced audit staff time, costs
•Increased ability to mitigate risk
•Increased confidence in financial results
•Reduce financial errors - potential for fraud
•Eliminate recurring control assessments
•Sustainable, integrated control system
BENEFITS OF AUDIT AUTOMATION(Continued)
19
-
• Proactive – Not Reactive Approach– Identify, quantify, remediate
• Cost Savings– Automate manual tasks
– Reduce waste, misuse, fraud
• Management Confidence– Assurance that controls are working
• Regulatory Compliance– Demonstrable and auditable
BENEFITS OF AUDIT AUTOMATION(Continued)
20
-
Allows auditors to:• Build customized analytics to test key controls• Run tests automatically on a regular basis• Identify and quantify exceptions and anomalies• Embed best-practice control rules and
parameters• Provide easy, secure access
BENEFITS OF AUDIT AUTOMATION(Continued)
21
-
Allows auditors to:• Efficiently investigate abnormal results and
suspicious transaction• Trend and analyze historical results• Transfer knowledge of auditing, monitoring to
management/staff• Create a positive organizational culture change
BENEFITS OF AUDIT AUTOMATION(Continued)
22
-
Continuous Controls Monitoring Continuous Controls Monitoring
Clinical Utilization
Lab & Rad
Case Management
Complex Cases
Daily Unit Discharges
Medicare INPs & OBS
Compliance Excluded Providers
Finance Discount Pricing
Price Differences
Duplicate Invoices
Department Expenditures
Unclaimed Refunds
Managed Care Contract Performance
Internal Audit
Information Security
Process Automation
AX Admin
Audit Analysis
Process Admin
PFS PFS Dashboard
Performance Excellence
Daily Census
23
-
CERNER
AVEGA
LAWSON
Data Definitions
Standard Tests
Analytical Results
Auditors & Dept Specialists
Establishes data access protocols
Creates/distributes standard tests
Ensures data integrity
Analytical Results
Automated Data AcquisitionReview/Monitor test results
Department Managersand other users
Perform Ad Hoc Analysis
DATA
DATA
DATA
EBCDC
ASCII
PDF
Print Image
Flat Files
Delimited
Informatica ETL
Efficient Data Access
ODBC
DBF
CSV
Excel
Access
Up-to-date results
Customize needs
EDUCATION SESSION
HOW ACL WORKS !
24
-
Palomar Pomerado HealthInternal Audit
Report to The Audit and Compliance Committee
March 17, 2011 25
-
Arch Partners
PMC West
Palomar Medical Center
Pomerado Hospital PCCC
Escondido Surgery Center
Villa Pomerado
Internal Audit Department Universe
26
-
Internal Audit Process
27
-
Notification
Steps to Perform during an AuditSteps to Perform during an Audit
Planning
CommunicatingResults
Fieldwork
Access to Information
Entrance Meeting
Draft Report
Exit Meeting
Final Draft
Final Report Issued
Advance notice is provided to key stakeholders who may include Department Directors and their Executive Management Team (“EMT”) sponsor, vendors, or PPH affiliates. This is typically in the
form of an “Engagement Letter”
for formal audits. In situations, where fraud or illegal activities are suspected, some projects may have little or no notice.
For new projects, this phase includes gathering preliminary background information, developing audit approach and developing audit programs. For ongoing activities, such as long-term construction activities, planning has been established globally but specific review or adjustment of audit scope may be warranted to reflect the particular uniqueness or relevance to the auditee or trade.
An entrance conference is usually held to discuss the purpose, procedures, goals, schedule, scope, timing of the audit and any issues that management may have related to the audit. This dialogue may be conducted along with the presentation of the engagement letter. Attendees will include the relevant stakeholders, which may be vendor representatives: EMT executive or designee, department director, department manager and key personnel as appropriate.
The auditors may request documentation from auditee management prior to beginning or during fieldwork. Such items include: organizational charts, contact information, financial records, transaction files, access to data, policy and procedures, contracts, etc.
This phase is what is typically thought of as the audit work. During this phase, the auditor(s) may perform work both on and off site
IAS discusses all observations with the auditee management before fieldwork is completed. Auditees are given draft findings to review before the formal audit report is issued.
After completing fieldwork and validating findings and observations with auditee management, the auditors will develop a draft report.
Closing conferences are held for each audit engagement to clarify and validate findings and resolve any concerns the auditees
may have about the audit report. Comments regarding the audit and observations noted in the draft report will be discussed at this meeting. Attendees are typically those who also attended the entrance conference.
After the exit conference the final draft is issued to management. We typically request that management write responses to recommendation
made in the report. Management is typically given two weeks to submit written responses to audit findings and recommendations.
A final report, including management responses, is presented to the management of the areas, along with other appropriate stakeholders or EMT members, and to the Audit and Compliance Committee.
28
-
Continuous Controls
Monitoring15%
Operational22%
Compliance13%
Financial26%
Fraud16%
Information Technology
6%
Clinical2%
Financial Audits: Independent evaluation performed for the purpose of attesting to the fairness, accuracy, and reliability of financial data.
Information Systems (IS) Audit:Reviewing a data center, an operating system, a security software tool, or processes and procedures (such as the procedure for controlling production program changes).
Clinical Audit: A quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change.
Compliance Audit: Is a comprehensive review of an organization's adherence to regulatory guidelines
Fraud Audit: preventive measure to reduce business risk.
Operational Audit: Policies and achievements related to organizational objectives. Internal controls and efficiencies may be evaluated during this type of review.
Continuous Control Monitoring( CCM): Is the process and technology used to detect compliance and risk issues associated with an organizations financial and operational environment.
TYPES OF AUDITS
Continuous Controls
Monitoring15%
Operational22%
Compliance13%
Financial26%
Fraud16%
Information Technology
6%
Clinical2%
TYPES OF AUDITS
29
-
Audit Project
Con
tinuo
us
Con
trol
s M
onito
ring
Ope
ratio
nal
Com
plia
nce
Fina
ncia
l
Frau
d
Info
rmat
ion
Tech
nolo
gy
Clin
ical
Description of Scope and Objectives*
Case Management x x x IAS assists to reduce the risk of unfavorable RAC findings by obtaining the following reports, in compliance with Medicare regulations: Identify Inpatient Outpatient Status x x x Perform daily review of Medicare inpatients and observations.Complex Cases x x x Perform weekly review of unfunded complex cases.Daily Unit Discharges x x x Perform daily review of discharged Medicare patients as part of the Important Message (IM) procedure.
Clinical Utilization x x x IAS performs monthly trend review of numbers and charges of Lab and Rad tests for ICU patients in support of costs reduction.Compliance x x x IAS performs monthly review of excluded providers from OIG and GSA. Additionally, PECOS will be included in this review in the near future.Finance x x x x IAS assists the Accounts Payable department to identify the following:
Duplicate Invoice Test x x x x Obtain a monthly report of possible duplicate invoices to eliminate/recoup duplicate payments.Identify Discounts not taken x x x x Obtain a monthly report of missed price discounts.Identify Price/Payment Variance x x x x Obtain a monthly report of significant price differences between purchase orders and invoices to assist in process improvement and reduce payments.Identify Vendor Pricing Difference x x x x Obtain a monthly report of price differences between vendors in support of obtaining lower pricing.Report Monthly Expenditures by Dept x x x x Obtain a weekly generation of expenditures report for all departments.Report of Unclaimed Refunds x x x x Obtain a monthly acquisition of last date of payment for unclaimed refunds.
Managed Care x x x IAS obtains a weekly report of contract performance to identify shifts in utilization which can be addressed when negotiating the future contracts.
Internal Audit x x x xIAS obtains a monthly review of the list of recipients of CCM reports which contain HIPAA sensitive information. This review checks to see if recipients have changed departments, positions, or left PPH so that their continued access to these reports can be adjusted appropriately.
Process Improvement via Automation x x IAS has provided assistance in automating manual processes to free up limited resources for more important tasksPatient Financial Services x x x IAS performs a weekly generation of baseline PFS dashboard.Performance Excellence x x IAS obtains a daily update of PPH facilities census.Follow-up of CCM projects x IAS will perform a follow-up investigation on currently functioning CCM projects.
Established Continuous Monitoring Controls
*NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders. 30
-
Audit Project
Con
tinuo
us
Con
trol
s M
onito
ring
Ope
ratio
nal
Com
plia
nce
Fina
ncia
l
Frau
d
Info
rmat
ion
Tech
nolo
gy
Clin
ical
Description of Scope and Objectives*
External Auditors x Assist Deloitte with annual financial audit.Facilitate RFP/RFQ for Financial Audit x Coordinate a Request for Qualifications/Proposals for Independent Financial Audit
Perform/Coordinate Quality Assessment x Perform an Internal Quality Assessment Review for the Internal Audit Services departmentRisk Assessment x x x x x x x Continue to evaluate emerging and ongoing organizational risksReview of Executive Reimbursements x x x Determine if EMT reimbursements were made in compliance with PPH policies and procedures Emergency Projects/Special Requests x x x x x x x Internal Audit responds to unplanned events, projects and requests which take priority over projects identified in the audit plan. Cerner Contract Mgmt x x Ensure services and payments are in compliance with contract specificRAC x x Preparedness and managementStark legislation compliance x Continued support of STARK regularities with legal and compliance Clinical Documentation Initiative x x Validation of the initiative and report processMedical Staff Credentialing/Licensure x x x Ensure appropriate credentialing and licensing process is in placePerioperative Services/Surgery x x Evaluate controls related to billing and reporting of key proceduresInformation Systems x x Assist in the increased use and monitoring of Automated Controls Bio-Medical maintenance x x x Accuracy of device inventory
Charge Master Review x x Assist / coordinate independent review : Ensure that the organization maintains and updates the chargemaster (CDM) in order to report accurate, timely charges to payers.
Independent Coding Review x x x Assist / coordinate independent review: Evaluate both simple and complex coding errors that affect diagnosis-related group (DRG) assignment.Facilities Management x x Evaluate the practices related to capital leases
Payroll Processing x x xPerform payroll audit and develop CCM tools: Evaluate the internal and business environment surrounding payroll, to ensure that internal controls are in place and operating effectively and efficiently.
Pharmacy x x Follow up of action plan from previous audit recommendationsInformation Security x x x HIPAA phase 3
Planned Projects - (with current resources)
*NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders. 31
-
Palomar Pomerado Health Internal Audit
Construction Audit Plan 2011- 2012
Con
trac
tual
ly
Req
uire
d Pe
riodi
c A
udits
Ope
ratio
nal
Com
plia
nce
Fina
ncia
l
Frau
d
Info
rmat
ion
Tech
nolo
gy
General Scope and Objectives
Berg Electric x x x x Electrical Contractor - Cost Reimbursable with Risk and Incentive based on Target Price. 25% of Savings between Actual Cost of Work and Target PriceDPR Construction x x x x Drywall Contractor - GMP with Risk and Incentive. 25% of Savings in GMP
University Mechanical & Eng. Contractors x x x x Mechanical & Plumbing Contractor - Cost plus Fee with Risk and Incentive based on Target Price. 25% of Savings between Actual Cost of Work and Target Price
Best Interiors x x x Exterior Framing Contractor - GMP with Risk and Incentive. 25% of Savings in GMPCo-Architects x x x Primary Architects - Fee for Service DPR - Construction Management x x x x x Construction Manager - Review compliance to contractual obligations Pinnick x x x Earthwork Contractor - Lump Sum ContractTrade Contractors x x x Various Trade Contractors - Contract-based audits mostly Lump SumOwners Construction Ins. Program (OCIP) x x x x Confirm proper accounting for mandatory insurance program for all Trade Contractors
Change Order Process x x x x x Assess the appropriateness and controls in the change order process maintained by the Construction Manager, DPR.
Retention x x x x Verify the accuracy and appropriateness of Retention held in escrow for most of the Trades ContractorsRisk Assessment x x x x x x Continue to evaluate emerging and ongoing construction risks
Ongoing Operational Projects
Planned Projects
NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders.
32
-
Audit Project
Con
tinuo
us
Con
trol
s M
onito
ring
Ope
ratio
nal
Com
plia
nce
Fina
ncia
l
Frau
d
Info
rmat
ion
Tech
nolo
gy
Clin
ical
Description of Scope and Objectives*
Compensation/Benefits x x x Evaluate controls related to compensation and benefits administration.Escondido Surgery Center x x Verify the appropriateness of coding and billingTechnology acquisitions x x x Analyze the process for the acquisition of new technology.Home Health Services x x Verify the appropriateness of coding and billingRady's Contract x x Ensure services and payments are in compliance with contract specific for labor and delivery processPhysician Relations Analyze the procedures defined for the administration and relations with physicians.
Finance x x x x Month End Close/GL/CCMMarketing – limited scope x x Carry-over from prior year; evaluate the effectiveness of focused marketingWelcome Home Baby Grant x x x Evaluate compliance to grant requirements Balance Scorecard x Determine the effectiveness of metrics defined by business units
Supply Chain Services x xPerform audit and develop CCM tools: Evaluate the internal and business environment surrounding payroll, to ensure that internal controls are in place and operating effectively and efficiently.
Pharmacy x x Charge management – pricing, trackingEvaluate hiring practices and retention of key personnel x Evaluate practices of hiring staff Vs. use of temps and consulting for cost effectivenessKey Business Applications x Evaluate the process for selection/acquisition of business applicationsLaboratory x x x Evaluate appropriateness of E&M Coding; Verify compliance with coding rules, payer requirements, and information flow for laboratory servicesSkilled Nursing Facilities x x x x Evaluate controls for services provided on resident's behalf, use of debit cardsSKILLED NURSING x Evaluate benefits of pharmacy move to in house or continue external management Emergency Room/ x x x Determine appropriateness of Trauma levelsFoundation – limited scope x x Evaluate controls related to the receipt and processing of funds*NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders.
Identified Risks - Proposed Projects (additional resources required)
33
-
Administrative Tasks: Tasks include Internet web-page and Intranet updates and preparing for the Audit Committee meetings
Professional Development:Includes future certifications and training possibilities. Seminars, webinars, local meeting and workshops.
Special Projects & Requests:Special assignments or investigations brought to Internal Audit from an internal department.
Meetings:PPH Education/meetings/events, Departmental Meetings/Training.
PTO: Vacation holiday/sick days taken into account for projects.
Available Project Hours: Include all the audits planned for the current year plus Reviews/Follow ups (Report Follow ups) and the audit not completed last year due to time.
Audit Hours for Year 2011
Administrative tasks13%
Special Projects and Requests
7%
Available Project Hours63%
Meetings8%
Professional Development
2%
PTO7%
34
-
2011 Internal Audit Organizational Chart2011 Internal Audit Organizational Chart
District Audit Officer
Analytics Internal Audit Construction
Sr. Internal Auditor Construction Auditor Construction Auditor Sr. Audit Info Tech Specialist
Administrative Assistant
35
-
Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor
Form A - External Auditor for Audit and Compliance Committee
TO: Board Audit and Compliance Committee MEETING DATE: Thursday, February 17, 2011 FROM: Tom Boyle, District Audit Officer Bob Hemker, Chief Financial Officer Background: At its January 20, 2011 meeting, the Audit and Compliance Committee discussed the need / appropriateness of putting the Annual External Audit out to bid. The premise for this consideration being the current contract with Deloitte is ending as well as the duration of time that PPH has engaged Deloitte as its Auditors. Previously, the Committee agreed to retain the services of Deloitte for another contractual term subject to rotation of the In-Charge Partner and the Engagement Manager. These requirements were accomplished and Deloitte has utilized the rotated Partner and Manager during the current contract period.
The Committee had thorough discussion on the matter and solicited input from the District Audit Officer as well as the Chief Financial Officer. It was concluded based upon the verbal discussion that for the FY2011 audit, Deloitte’s services would be utilized. The Committee requested that the District Audit Officer and Chief Financial Officer memorialize the factors that provided the basis and rational for this decision. Following is the requested memorialization:
Discussion: The Audit and Compliance Committee of the Board for PPH is entrusted with the responsibility to recommend to the Board, a public accounting firm to conduct the yearend financial audit for the PPH District. Following the creation of the Internal Audit Department and the Audit Committee of the Board in 2004, the responsibility to oversee the audit was assigned to the Committee. The Committee’s Charter/Role of Responsibilities reflects this duty and was incorporated into the charter based on current best practices. Coincidentally, Audit Committee roles were being revised nationally as a result of significant attention toward public disclosure and independence, following numerous ethical debacles involving publicly held companies. During the past 10+ years, PPH has engaged Deloitte to perform the audit. In 2007, PPH entertained an RFP process to evaluate prospective audit firms. The decision was made to remain with Deloitte, due to a variety of factors; however, the audit team management was to be replaced, in order to attain a comfort level surrounding the issue of independence. We are now approaching 5 years again and the review of our public accounting firm needs to be evaluated.
36
-
Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor
Form A - External Auditor for Audit and Compliance Committee
There are several factors which need to be considered while evaluating whether or not it would be appropriate for PPH to change audit firms: 1) There is an obvious and significant cost to the District in the transition of external firms, not only in terms of direct fees, but also in the additional time/energy of PPH staff in orienting an entirely new audit firm with the financial operations, business strategies, and culture of our organization. Additionally, there exists a risk that the lack of familiarity by a new team may have different results than a team who is thoroughly familiar with past operations and personnel. At a minimal, it could result in a delay in the timing of issuance of the audit report. We have stipulated dates by which the audit report must be issued to comply with bond covenants. Further, the change in auditors could likely result in a single year presentation. The ability to issue a comparative year statement would require the new auditor to rely upon and test the previous auditors work and opinion on what would become the preceding year numbers. This requires additional work, costs, and time – which as previously noted is not something we have available to us. 2) The practice of changing firms or evaluating the need to change accounting firms holds a much higher importance with publicly held companies, where financial improprieties may be driven by stockholder demands and self interest by corporate executives. The structure of a District healthcare system and the PPH compensation program is arguably distinct from SEC corporations and may not need the rigid mandate for independent oversight. Our structure already contains a publicly elected board which oversees operations throughout the year, and our district is not driven by stockholder interests. Although there are some benefits in changing firms periodically, PPH is not legally mandated to do so. 3) Always of concern is an auditor becoming too familiar with the management and staff of an organization. This can lead to perceived or real complacency and lack of independence. In the case of PPH, this exposure is significantly mitigated in that for the last several years we have issued G.O. and Revenue Bonds. As part of these issuances, it is required that our audited financial statements be including in the bond offering materials i.e. the Preliminary Official Statement and Official Statement. This inclusion requires additional levels of review by Deloitte partners at the local, regional and national office levels. Effectively, our financial statements and the underlying audit work papers are reviewed by at least 4 Partners and various subject matter experts. Significant additional independence and distancing from PPH management and staff is achieved in this process. Thus, it is concluded that a minimal exposure exists related to this risk.
37
-
Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor
Form A - External Auditor for Audit and Compliance Committee
4). It is important to consider the timing of a transition to another firm with regard to matters such as bond rating agency and investor community effects, internal staffing impacts, and the existence of internal transitions and operations. PPH has several unique factors to consider including our bond rating, business development/ventures and a major transition to a new facility. As it relates to our bond rating, the latest ratings cited sustained financial performance and continuity of management as positive factors. Concerning was uncertainty related to construction risks. Effectively, the agencies want to see minimal / mitigated risk and no significant change in conditions. Changing auditors at this stage of construction could be viewed / perceived as a significant change and at a minimum raise uncertainty. Despite the rational reasons for doing so, they may interpret the change in auditors is a result of issued related to the FMP, construction risks, presentation of financial information, etc. While not necessarily so, it could be their reality. It could be argued that PPH has issued and sold all of its bonds so adverse reaction by the investor community is not a substantive risk. However, it should be noted that our December 2006 bonds ($180 million) were issued as Auction Rate Securities – series A, B, and C. These bonds are reset (effectively re-sold) every week on Monday, Tuesday and Wednesday. Thus, investor interest, and therefore their review and monitoring of PPH, is happening on a weekly basis. Their interest in re-buying the bonds, and also at what interest rate they demand, could be influenced by issues / perceptions similar to those identified for the rating agencies. Conclusion is the unknown risk of external agency and investor community reaction outweigh the benefits achieved by an auditor change. 5) The External Auditor has unbridled and confidential access to the Internal Audit Department, The Board Audit and Compliance Committee and the Board of Directors. No matters have resulted requiring this access or suggesting that their independence is at risk. This relationship provides for a separation from management and reduction of risk. Summary Conclusion: PPH takes very seriously its responsibilities in providing prudent fiscal management and transparency in its fiduciary oversight responsibilities. While not directly subject to the provisions of Sarbanes Oxley, the organization has voluntarily adopted many of the guiding principles. The use and role of its External Auditor is included in this thinking. In doing so, risks and benefits of those decisions must be evaluated. The current relationship with Deloitte must be assessed in the context of their own internal evaluation and review processes and their validation of independence, thoroughness, and oversight along with PPH’s validation of the auditor’s independence through its
38
-
Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor
Form A - External Auditor for Audit and Compliance Committee
Board Audit and Compliance Committee and Internal Audit Department. It is concluded that a rotation of auditors is not needed to achieve real and / or perceived independence. Further, the benefits of retaining Deloitte far outweigh the uncertainties of change at this critical time for PPH.
Budget Impact: N/A
Staff Recommendation: Information only
Committee Questions:
COMMITTEE RECOMMENDATION: Motion: Individual Action: Information: Required Time:
39
Audit-Compliance Committee Agenda 03.17.11PPH Grand Office BldgCall to Order*NOTE: Asterisks indicate anticipated action; action is not limited to those designated items.
Audit Compliance Minutes 02.17.11456 E. Grand Ave.CALL TO ORDERNOTICE OF MEETINGAPPROVAL OF MINUTESCOMPLIANCE AND ETHICS COMMITTEE REPORTCOMPLIANCE HOTLINE ACTIVITY REPORTCOMPLIANCE AND ETHICS PLANCODE OF CONDUCT – ROLL OUT PLANDATE/TIME & LOCATION OF NEXT MEETINGSIGNATURES
Education Internal Auditing and Continuous MonitoringSlide Number 1Slide Number 2Slide Number 3Limitations of Traditional AuditsSlide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Auditor’s Role in Continuous MonitoringAuditor’s Role in Continuous MonitoringCONTINUOUS MONITORING Vs CONTINOUS AUDITINGSlide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19
audit plan bodSlide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Medicare INPs and OBSFinance Monitors
External Audit Contracting Process2011-Internal Construction Audit Plan.pdf2011-2012 Construction Plan
2011-Internal Audit Risk Assessment Draft v3.pdf2011 Audit Plan