Quality of the estimate. December, p. 47 - Health Care Compliance ...
Quality of the estimate. December, p. 47 - Health Care Compliance ...
Quality of the estimate. December, p. 47 - Health Care Compliance ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>December</strong> 2011<br />
60<br />
How internal controls<br />
support compliant<br />
business practices:<br />
Editor’s note: Kelly Nueske is a<br />
Managing Director in Enterprise<br />
Risk Services, Internal Audit &<br />
<strong>Compliance</strong> at Sinaiko <strong>Health</strong>care<br />
Consulting, Inc. in Los Angeles.<br />
Kelly may be contacted by e-mail at<br />
kelly.nueske@altegrahealth.com.<br />
Recently, a number <strong>of</strong><br />
us “seasoned” compliance<br />
pr<strong>of</strong>essionals spoke<br />
with a group <strong>of</strong> new compliance<br />
<strong>of</strong>ficers who had varying degrees<br />
<strong>of</strong> health care experience. We<br />
spent a fair amount <strong>of</strong> that time<br />
discussing <strong>the</strong> evolution <strong>of</strong> compliance-related<br />
regulatory guidance.<br />
A number <strong>of</strong> <strong>the</strong> seasoned<br />
compliance pr<strong>of</strong>essionals started<br />
our careers in Internal Audit and<br />
transitioned into <strong>the</strong> <strong>Compliance</strong><br />
space over <strong>the</strong> past 15 years. We<br />
have observed or read about a<br />
number <strong>of</strong> <strong>the</strong> scandals over <strong>the</strong><br />
years that have lead to much <strong>of</strong><br />
<strong>the</strong> current health care regulatory<br />
environment. This article is<br />
part one <strong>of</strong> a two-part series and<br />
outlines <strong>the</strong> framework <strong>of</strong> internal<br />
control as it relates to health care<br />
compliance. The second article<br />
will discuss monitoring and auditing<br />
<strong>of</strong> various internal controls.<br />
Part 1<br />
By Kelly Nueske<br />
In <strong>the</strong> beginning, <strong>the</strong>re were five<br />
pr<strong>of</strong>essional associations that<br />
independently worked to address<br />
<strong>the</strong> needs <strong>of</strong> various accounting,<br />
financial, and auditing pr<strong>of</strong>essionals<br />
and to establish standards,<br />
including guidance on internal<br />
controls:<br />
1. American Institute <strong>of</strong> CPAs,<br />
formed in 1887<br />
2. American Accounting Association,<br />
formed in 1916<br />
3. Institute <strong>of</strong> Management<br />
Accountants, formed in 1919<br />
4. Financial Executives International,<br />
formed in 1931<br />
5. The Institute <strong>of</strong> Internal Auditors,<br />
formed in 1941<br />
These five pr<strong>of</strong>essional organizations<br />
joined forces in 1985 to form <strong>the</strong><br />
Committee <strong>of</strong> Sponsoring Organizations<br />
<strong>of</strong> <strong>the</strong> Treadway Commission<br />
(COSO or Treadway Commission).<br />
The US Congress and <strong>the</strong> Security<br />
and Exchange Commission (SEC)<br />
asked COSO to inspect, analyze,<br />
and make recommendations on<br />
fraudulent corporate financial reporting<br />
due to questionable corporate<br />
political campaign finance practices<br />
and corrupt foreign practices in <strong>the</strong><br />
mid-1970s.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
COSO is a voluntary, private-sector<br />
organization that provides guidance<br />
concerning organizational<br />
governance, business ethics, internal<br />
control, enterprise risk management,<br />
fraud, and financial reporting.<br />
COSO studied <strong>the</strong> issues for a few<br />
years and published a four volume<br />
report in 1992, entitled Internal<br />
Control—Integrated Framework. The<br />
report established a common internal<br />
control model that companies and<br />
organizations may use to assess <strong>the</strong>ir<br />
control systems. However, “may”<br />
hasn’t become much <strong>of</strong> an option,<br />
given <strong>the</strong> framework is a common<br />
<strong>the</strong>me in <strong>the</strong> US Federal Sentencing<br />
Guidelines, OIG model compliance<br />
program guidance, and Corporate<br />
Integrity Agreements (CIAs).<br />
So what is an internal control<br />
The COSO framework defines<br />
internal control as “a process,<br />
effected by an entity’s board <strong>of</strong><br />
directors, management and o<strong>the</strong>r<br />
personnel, designed to provide<br />
‘reasonable assurance’ regarding<br />
<strong>the</strong> achievement <strong>of</strong> objectives in<br />
<strong>the</strong> following categories:<br />
n Effectiveness and efficiency <strong>of</strong><br />
operations,<br />
n Reliability <strong>of</strong> financial reporting,<br />
and<br />
n <strong>Compliance</strong> with applicable<br />
laws and regulations.”<br />
If you are like me, <strong>the</strong> first time<br />
you read <strong>the</strong> COSO definition,<br />
your question was still “So what is<br />
an internal control” Simply, it is<br />
<strong>the</strong> following five components.