Deeper Than the Headlines: The Compliance Program Element of Auditing

Auditing and Monitoring: One of the 7 Elements of an Effective Compliance Program

The OIG frequently creates and shares short videos about important compliance topics in their series, “Eye on Oversight.” Their most recent release demonstrates the importance of OIG Audits. There is much to learn from this video and prior OIG publications regarding best practices for your organization’s auditing efforts. The video highlights Deputy IG of Audit Services, Gloria Jarmon, who leads the largest civilian audit force in the federal government. Jarmon highlights the impact of OIG's audits, including the potential to save lives and protect critical HHS programs. It also includes the many audits Jarmon has been in involved in, the compliance audits her department has performed, and what has been the most meaningful to her.

As compliance professionals, we know the important role auditing and monitoring has in an effective compliance program. In this blog post I’d like to examine some of the most important characteristics of effective auditing as outlined in prior OIG publications.

Annual Audit Plan

Auditing plans should be created on a regular time interval such as annually. This is not to mean that the plan can’t change depending on higher priorities or unexpected needs, but it does mean that proactive and thoughtful effort has been put forth to develop a plan. From the OIG’s compliance guidance to hospitals we read, “Hospitals should develop detailed annual audit plans designed to minimize the risks associated with improper claims and billing practices.” Basing the annual plan on minimization of the greatest risks is one approach that can be taken.
In addition, the annual plan may need to be re-evaluated and adjusted based on findings of previous audits. The OIG asks, “Is the audit plan re-evaluated annually, and does it address the proper areas of concern, considering, for example, findings from previous years’ audits, risk areas identified as part of the annual risk assessment, and high-volume services?”

Auditor Experience and Autonomy

Auditors need to be experienced and qualified to be auditing the area they are asked to audit. One way to identify a qualified auditor is an appropriate certification. Auditors also need to be independent and have the proper autonomy to audit any area in the organization or to make sure no area is off-limits to review or monitoring. The OIS asks, “Is the role of the auditors clearly established and are coding and audit personnel independent and qualified, with the requisite certifications?” In addition, “Is the audit department available to conduct unscheduled reviews and does a mechanism exist that allows the compliance department to request additional audits or monitoring should the need arise?”

Audits Should Lead to Action

When an audit identifies a problem, that problem should be taken care of. Whether it requires a new or updated policy or perhaps focused training for certain employees, an audit finding isn’t useful if it doesn’t lead the organization to some corrective action. The OIG puts it this way,
“When audit results reveal areas needing additional information or education of employees and physicians, the physician practice will need to analyze whether these areas should be incorporated into the training and educational system.” Furthermore, they’ve stated, “After the internal audit identifies the practice’s risk areas, the next step is to develop a method for dealing with those risk areas through the practice’s standards and procedures.”

Documenting Your Auditing Efforts

Finally, it’s important to remember that to demonstrate all the hard work your compliance program is completing, it’s essential to document what is being done from a compliance perspective. This includes your organization’s auditing efforts. The OIG has stated, “The primary compliance documents that a practice would want to retain are those that relate to educational activities, internal investigations and internal audit results.”

Let’s all take a lesson from the recent OIG’s Eye on Oversight series and ponder our own auditing efforts, just as they have done in their recent video.