Quality of the estimate. December, p. 47 - Health Care Compliance ...

More documents

Recommendations

Info

December 2011 60 How internal controls support compliant business practices: Editor’s note: Kelly Nueske is a Managing Director in Enterprise Risk Services, Internal Audit & Compliance at Sinaiko Healthcare Consulting, Inc. in Los Angeles. Kelly may be contacted by e-mail at kelly.nueske@altegrahealth.com. Recently, a number of us “seasoned” compliance professionals spoke with a group of new compliance officers who had varying degrees of health care experience. We spent a fair amount of that time discussing the evolution of compliance-related regulatory guidance. A number of the seasoned compliance professionals started our careers in Internal Audit and transitioned into the Compliance space over the past 15 years. We have observed or read about a number of the scandals over the years that have lead to much of the current health care regulatory environment. This article is part one of a two-part series and outlines the framework of internal control as it relates to health care compliance. The second article will discuss monitoring and auditing of various internal controls. Part 1 By Kelly Nueske In the beginning, there were five professional associations that independently worked to address the needs of various accounting, financial, and auditing professionals and to establish standards, including guidance on internal controls: 1. American Institute of CPAs, formed in 1887 2. American Accounting Association, formed in 1916 3. Institute of Management Accountants, formed in 1919 4. Financial Executives International, formed in 1931 5. The Institute of Internal Auditors, formed in 1941 These five professional organizations joined forces in 1985 to form the Committee of Sponsoring Organizations of the Treadway Commission (COSO or Treadway Commission). The US Congress and the Security and Exchange Commission (SEC) asked COSO to inspect, analyze, and make recommendations on fraudulent corporate financial reporting due to questionable corporate political campaign finance practices and corrupt foreign practices in the mid-1970s. Health Care Compliance Association • 888-580-8373 • www.hcca-info.org COSO is a voluntary, private-sector organization that provides guidance concerning organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. COSO studied the issues for a few years and published a four volume report in 1992, entitled Internal Control—Integrated Framework. The report established a common internal control model that companies and organizations may use to assess their control systems. However, “may” hasn’t become much of an option, given the framework is a common theme in the US Federal Sentencing Guidelines, OIG model compliance program guidance, and Corporate Integrity Agreements (CIAs). So what is an internal control The COSO framework defines internal control as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide ‘reasonable assurance’ regarding the achievement of objectives in the following categories: n Effectiveness and efficiency of operations, n Reliability of financial reporting, and n Compliance with applicable laws and regulations.” If you are like me, the first time you read the COSO definition, your question was still “So what is an internal control” Simply, it is the following five components.
n Control environment The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization. n Risk assessment Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is the establishment of objectives and thus, risk assessment is the identification and analysis of relevant risks to the achievement of assigned objectives. Risk assessment is a prerequisite for determining how the risks should be managed. n Control activities Control activities are the policies and procedures that help ensure management directives are carried out. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. n Information and communication Information systems play a key role in internal control systems as they produce reports, including operational, financial and compliance-related information. In a broader sense, effective communication must ensure information flows down, across and up the organization. Effective communication should also be ensured with external parties, such as customers, suppliers, regulators, and shareholders about related policy positions. n Monitoring Internal control systems need to be monitored—a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities or separate evaluations. Internal control deficiencies detected through these monitoring activities should be reported upstream and corrective actions should be taken to ensure continuous improvement of the system. If you are in the “compliance business” the concepts may look familiar to you if you have read the Office of Inspector General’s (OIG) model compliance program guidance, the US Federal Sentencing Guidelines, and/or a Corporate Integrity Agreement (CIA). To write this article, I checked out the OIG website to Health Care Compliance Association • 888-580-8373 • www.hcca-info.org make sure I had the correct dates for program guidance, and this is the OIG’s introduction to the program guidance section: OIG has developed a series of voluntary compliance program guidance documents directed at various segments of the health care industry, such as hospitals, nursing homes, third-party billers, and durable medical equipment suppliers, to encourage the development and use of internal controls to monitor adherence to applicable statutes, regulations, and program requirements. (Emphasis added) When I came across the word “voluntary” my initial reaction was “not really,” if you look at the Federal Sentencing Guidelines and the content of CIAs. Table 1 on page 62 illustrates how the COSO framework maps to the “reality” of health care compliance. For the sake of simplicity, this table does not address Sarbanes Oxley, the Government Auditing Office “Yellow Book” Standards, and other guidelines that exist. However, these standards or regulations could also be mapped to the original COSO framework around internal control. So who is responsible for all of this Well, the guidance suggests Continued on page 62 December 2011 61
Page 1 and 2:
Volume Thirteen Number Twelve Decem
Page 3 and 4:
INSIDE 5 The rising tide: Recognizi
Page 5 and 6:
The rising tide: Recognizing your c
Page 7 and 8:
Legal function of any consulting ar
Page 9 and 10: side and show that proper actions w
Page 11 and 12: If you disagree with the requested
Page 13 and 14: n Starting from Scratch o I just re
Page 15 and 16: CFO was particularly timely in ligh
Page 17 and 18: territory in the early years. The m
Page 19 and 20: Social Networking John Falcetano Ed
Page 21 and 22: y the federal and state agencies th
Page 23 and 24: People on the Move Former Medicaid
Page 25 and 26: may find themselves in a netherworl
Page 27 and 28: Losing sleep over health care marke
Page 29 and 30: Editor’s note: Jeffrey N. Joyce i
Page 31 and 32: The first domain for establishing r
Page 33 and 34: for research services provided by p
Page 35 and 36: Community Relations. A process to r
Page 37 and 38: With the implementation of the EMR
Page 39 and 40: showed that the company viewed its
Page 41 and 42: Healthcare facilities that are seri
Page 43 and 44: CCB The Compliance Professional’s
Page 45 and 46: Legislators viewed the Medicare RAC
Page 47 and 48: Confidence and precision in claims
Page 49 and 50: universe is no less than $9,650. No
Page 51 and 52: Accountability is the key to compli
Page 53 and 54: Accountability is the key to compli
Page 55 and 56: Regulatory compliance for research
Page 57 and 58: Occupational Fraud and Abuse, it is
Page 59: offenses, including modification of
Page 63 and 64: organization is complying with regu
Page 65 and 66: Publisher: Health Care Compliance A
Page 67 and 68: esearch Compliance Conference June
Page 69 and 70: eimbursement and the growing separa
Page 71 and 72: even a decrease in physician paymen
Page 73 and 74: New HCCA Members Alabama n Patricia
Page 75 and 76: What could you do with The Power of
show all

Quality of the estimate. December, p. 47 - Health Care Compliance ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?