of 23 /23
1 External Audit & the Audit Committee Audit & Compliance Committee Conference Health Care Compliance Association February 8 th , 2011 A D V I S O R Y

External Audit and the Audit Committee- Audit and Compliance Committee Conference 2011

Embed Size (px)

DESCRIPTION

This presentation covers the following topics: gaining the confidence and trust of the audit committee, ensuring the Audit Committee is appropriately educated to understand the current risk environment,making sure the compliance program and compliance issues receive appropriate attention.

Text of External Audit and the Audit Committee- Audit and Compliance Committee Conference 2011

  • 1. 1 External Audit & the Audit Committee Audit & Compliance Committee Conference Health Care Compliance Association February 8th, 2011 A D V I S O R Y

2. 2 Agenda Overview of the Risk Environment The Role of the Audit Committee The Role of the External Auditor The Current Regulatory Environment Ensuring Support of the Compliance Function Overview of Healthcare Fraud & Abuse Overview of the Compliance Function The Role of the Audit Committee 2 3. 3 An Overview of the Risk Environment Top Ten Cited Risks KPMG Enterprise Risk Survey - 2010 Insufficient Reimbursement Aligning Hospital & Physician Incentives Readiness for Clinical Automation Continued Economic Downturn Continuing Operational Performance Improvements Increased Regulatory Enforcement Unfunded Mandates Rebuilding the Organizational Balance Sheet Increased Cost of Capital Significant Reduction in Employer Provided Insurance 3 4. 4 The Role of the Audit / Compliance Committee Ensure Appropriate Oversight of Risk Risk Identification Sufficient Understanding of Risk Risk Ranking & Prioritization Risk Mitigation Corrective Action Planning 4 5. 5 The Role of the External Auditor Forming and expressing an opinion about whether the financial statements that have been prepared by management with the oversight of the Audit Committee are presented fairly, in all material respects, in conformity with generally accepted accounting principles Communicating to the Audit Committee in writing all significant deficiencies and material weaknesses in internal control identified in the audit and reporting to management all deficiencies noted during the audit Conducting the audit in accordance with professional standards Complying with the rules and regulations of the Code of Professional Conduct of the American Institute of Certified Public Accountants, and the ethical standards of relevant CPA societies, relevant state boards of accountancy, the SEC (or other regulators), and the PCAOB Planning and performing the audit with an attitude of professional skepticism Communicating all required information, including significant matters, to management and the Audit Committee 5 6. 6 The Current Regulatory Environment Regulatory environment highest scrutiny ever Mandatory Compliance Programs in NY State Organization must certify in writing that an effective compliance program exists Changes to the Federal Sentencing Guidelines PPACA contained 32 new fraud and abuse provisions Enforcement efforts strengthened and coordinated 6 7. 7 New York State OMIGs Mandatory Compliance Program Requirement Providers required by law to have mandatory compliance program Required by law to certify in writing that program is effective OMIG recommends that executive other than Compliance Officer sign certification Scope of programs defined broader than typical to include: - Billing and Payments - Medical Necessity and Quality of Care - Governance - Mandatory Reporting - Credentialing - All other risks that are known or should have been known OMIG will be auditing programs to assess effectiveness OMIG and NY Commissioner of Health have authority to determine the adequacy of programs Exclusion from Medicaid is possible if program is deemed ineffective 7 8. 8 Overview of Compliance Program A compliance officer and compliance committee Written Standards Compliance Policies, etc. Training & Education Auditing & Monitoring Lines of Communication for Reporting Disclosure Program to Report Misconduct Enforcement of Disciplinary Standards Risk Assessment 8 9. Fraud & Abuse Provisions associated with Healthcare Reform Patient Protection and Affordable Care Act as amended by the Healthcare and Education and Reconciliation Act ( Healthcare Reform Law ) 32 sections related to HC fraud and abuse and program integrity Provisions establish fundamental expectations for regulatory compliance, transparency and quality of care New enforcement provisions that could greatly increase potential legal exposure Overpayments and FCA liability Section 6402 of the HCRL identified overpayments must be identified and repaid within 60 Days retention beyond 60 days constitutes an obligation under the FCA. Will require robust auditing and refund processing structures RACs Expanded to Medicare Part D and Medicare Advantage Plans 9 10. Recent Amendments to the Federal Sentencing Guidelines The Guidelines are the basis used to determine monetary penalties Under the Federal Sentencing Guidelines, an effective compliance and ethics program enables the company to qualify for a reduction in its culpability score. Depending on other factors, this often results in a significantly lower penalty to be imposed on the corporation. For a company to qualify as having an effective program, the person with operational responsibility for the compliance program must have direct reporting obligations to the board (or a committee of the board) The requirement of having direct reporting obligations means that the responsible person has express authority to communicate personally to the board or an appropriate committee (a) promptly on any matter involving criminal conduct or potential criminal conduct and (b) no less than annually on the implementation and effectiveness of the compliance and ethics program. HC reform directed the Sentencing Commission to increase the federal sentencing guidelines for healthcare fraud offenses by 20-50% for crimes in excess of $1M 10 11. KPMG Healthcares Point-of-View There has never been more scrutiny from federal or state government agencies on healthcare spending in order to identify and mitigate fraud, waste and abuse There has never been more scrutiny from consumers on how their healthcare dollars are being spent Attorney General Eric Holder and Health and Human Services Secretary Kathleen Sebelius call on all state attorneys general to create outreach programs this summer to educate seniors on Medicare fraud prevention and protection. HHS & DOJ Regional Fraud Prevention Summits All U.S. Attorney offices have been asked to plan regular health care fraud task force meetings to better inform the public There has never been a more important time for CEOs and Boards of Directors to take steps to ensure they have effective compliance programs in place 11 12. Board Involvement in Compliance On April 1, 2010 the Health Care Compliance Association (HCCA) released an interview it conducted with New York State Medicaid Inspector General James G. Sheehan. In it Sheehan underscores the importance of health care board members' knowledge of and involvement in the oversight of compliance and ethics programs. -Inspector General Sheehan warns that, "The members of the board in a non-profit organization have a fiduciary and legal duty to determine that systems and procedures are in place to provide reasonable assurance of compliance with governing law. The exposure for the organization without such systems and procedures can be substantial, including both economic recoveries and exclusion from Medicare and Medicaid - even where the problem was an imprudent acquisition or a failure of oversight rather than intentional conduct." 12 13. 13 Ensuring Support of the Compliance Function Ensuring Support of the Compliance Function Overview of Healthcare Fraud & Abuse Overview of the Compliance Function The Role of the Audit Committee 13 14. 14 Overview of Healthcare Fraud & Abuse Key vulnerability regarding Medicare / Medicaid reimbursement and the potential for fraud / waste or abuse in the form of claims that should not have been submitted for reimbursement or do not have the proper documentation to support the claim. Other types of fraud, waste or abuse can impact the overall integrity of the healthcare entity cost report, which could again impact state or Federal reimbursements Healthcare vulnerable to non Medicare / Medicaid fraud or abuse Theft, embezzlement of cash, procurement fraud Key anti-fraud control elements that should be in place in healthcare entities are inherent in a well designed compliance program. 14 15. 15 Specific Examples Excluded Providers A Massachusetts-based behavioral health care provider entered into a civil settlement agreement with the Government. The organization caused claims to be submitted to federal health care programs for services performed by two individuals who had been excluded from Medicare and Medicaid. Department of Health and Human Services, Office of the Inspector General (HHS-OIG) excludes an individual or entity from federal health care programs, no program payments may be made for items or services furnished by that excluded individual or entity. The organization failed to check the HHS-OIG online exclusion database before hiring the two individuals. The individuals are no longer employed by the organization. 15 16. 16 Specific Examples False Claims Act Medically Unnecessary Services An organization providing physical therapy services, has entered into a settlement with the United States and the State of Tennessee to pay over $1.8 million resolving allegations that it improperly billed the Medicare and TennCare/Medicaid programs for physical therapy services in violation of federal and state laws and regulations, U.S. Attorney Russ Dedrick announced today. The organization provides physical therapy services to Medicare and TennCare/Medicaid patients in East Tennessee. The organization violated the federal False Claims Act and the Tennessee Medicaid False Claims Act by submitting claims to the TennCare program for physical therapy that were not reimbursable. Specifically, the governments' claim was that between 2001 and 2006, the organization submitted claims representing that it had provided therapeutic exercise for TennCare patients when medical records indicated that the patients had instead received aquatic therapy, a service subject to reimbursement restrictions. The United States also alleged that the organization submitted claims through the Medicare program for physical therapy services which did not qualify for payment or were not medically necessary. 16 17. 17 Overview of Compliance Program A compliance officer and compliance committee Written Standards Compliance Policies, etc. Training & Education Auditing & Monitoring Lines of Communication for Reporting Disclosure Program to Report Misconduct Enforcement of Disciplinary Standards Risk Assessment 17 18. 18 Compliance Program Effectiveness Brief Overview of the Seven Element Structure The Role of the Compliance Officer The Role of Leadership and the Audit Committee The Role of Accountable Managers Program Indicators of Effectiveness by Element Organizational Indicators of Effectiveness Tone at the Top Evidencing Effectiveness The Role of Dash Boards The Role of Metrics 18 19. Evidencing Program Effectiveness Compliance Program Assessment Process System & Department Level Gap Analysis to Identify Strengths & Opportunities for Improvement & Actionable Recommendations Document Review Interviews Observations Culture Select Testing 19 By Key Program Elements: Infrastructure Written Standards Education & Training Lines of Communication Enforcement of Standards Auditing & Monitoring Response to Detected Offenses Risk Assessment Providing an Assessment: Against Industry Standards Against Observed Leading Practices Identify Key Departmental Outcomes and Metrics That are or Should be Utilized to Evidence Effectiveness For example, the extent to which: HIM has a department specific compliance plan that addresses coding reviews (coding reviews) Physician arrangements are actively monitored Exit interviews effectively identify compliance concerns that are followed up on resulting in improved compliance outcomes The Conflict of Interest Process goes beyond the identification of potential issues and provides beneficial guidance to improve compliance outcomes. The Cost Reporting Processes Anticipate and Mitigate Compliance Issues (bad debt, credit balances, unrestricted grants, etc.) Setting the Foundation for Establishing Compliance Program Work Plan Priorities Allowing for the progression of : Department specific compliance program objectives and infrastructure in order to align system goals Pro-activate self assessment at the department and system level A consistent process and format for the identification and mitigation of risks, in order to understand the system risk profile Reporting the status of departmental or system monitoring plans Reporting the status of departmental or system corrective action plans Identification of opportunities to incorporate data analytics into departmental and system monitoring activities The development and utilization of compliance dashboards to track, trend and benchmark key compliance indicators 20. 20 Increasing Awareness by the Audit Team Maintain Professional Skepticism Ask the second and third level questions around controls Understand Nature of Compliance Program Controls around billing and reimbursement Controls around fraud and abuse Controls related to Hotline policies and procedures Understand the depth of Departmental Auditing and Monitoring requirements Department specific controls to mitigate compliance risks Department specific controls to mitigate fraud and abuse Department specific training needs and plans 20 21. 21 Typical Management Interviewees Chief Compliance Officer Chief Operating Officer General Counsel Chair of the Board Audit Committee Head of Internal Audit Head of Human Resources Head of Investigations Chief Executive Officer 21 22. 22 Questions or Comments? 22 23. 23 Presenter Information James Martell, CPA Partner, KPMG 345 Park Avenue New York, NY 10054 212-872-2108 [email protected] 23