Add to collection(s) Add to saved
  1. Business
  2. Accounting

Documenting Revenue Cycle Processes for Optimization and

advertisement 
Documenting
Revenue Cycle
Processes for
Optimization and
Section 404
Compliance
Business Risk
Technology Risk
Internal Audit
Agenda
Pa
• Year One – Overview
• Our Approach to 404
• Provider Revenue Cycle – What are the Risks?
• Provider Revenue Cycle – What are the Controls?
Copyright Protiviti, Inc. 2005
2
Pa
Year 1 – Overview
Copyright Protiviti, Inc. 2005
3
Recent SOX Discussions
Pa
ƒ
On May 6, 2005, the Dow Jones Newswire reported that during a speech,
Congressman Michael Oxley conceded the following:
9 "Pendulum had probably swung too far, and that it probably would have been
reasonable to limit Sarbox requirements to companies with assets above a $5
billion threshold.“
9 Oxley further stated that "any changes will be up to the SEC and PCAOB, and
that trying to reopen the legislation now is ‘not realistic.’"
Copyright Protiviti, Inc. 2005
4
Recent SOX Discussions
Pa
ƒ
On April 21, 2005, the U.S. House Committee on Financial Services held a hearing
on the impact of SOX.
ƒ
Testifying at the hearing were SEC Chairman William Donaldson and Public
Company Accounting Oversight Board (PCAOB) Chairman William McDonough.
ƒ
Highlights included:
9 "Short-term costs" will improve internal control over financial reporting, and the
long-term benefits would be "structurally sounder corporate practices and more
reliable financial reporting.“
9 The SEC expressed a sensitivity to the need to recalibrate and adjust its rules
and guidance to avoid unnecessary costs or unintended consequences, and will
remain committed to SOX.
Copyright Protiviti, Inc. 2005
5
Recent SOX Discussions
Pa
ƒ
Additional highlights included:
9 Some participants in the initial implementation phase may have taken an
approach that resulted in excessive or duplicative efforts.
9 Some companies have charged that auditors are implementing the PCAOB
Auditing Standard No. 2 (AS2) with a "check-the-box" mentality, an approach
that focuses on minutiae that are unlikely to affect the financial statements.
9 The focus of auditor should be on what is "material to the financial
statements, not on the trivial."
9 Auditors should not allow an emphasis on computer systems, for example, to
distract them from the more qualitative risks of misconduct by top management.
Copyright Protiviti, Inc. 2005
6
SOX Year 1 Compliance - Overview
Pa
ƒ
SOX is the most sweeping U.S. securities legislation since the Securities Act of
1933 and the Securities Exchange Act of 1934.
ƒ
Estimates of the total cost to U.S. companies for SOX compliance in 2004 are in
excess of $35 billion.
ƒ
The legislation is "here to stay" even if modified in the future as a result of current
SEC roundtable meetings and other discussions.
ƒ
As of March 16, 2005, 11% of filers had reported material weaknesses under
provisions of the Sarbanes-Oxley Act.
ƒ
Overall, stocks on filers reporting material weaknesses did decrease slightly,
however, only around 2% to 4% (small cap companies were more affected than larger
cap).
ƒ
The following slides are highlights from a study by the Corporate Executive Board,
entitled "SOX 404 Triggering Delayed Filings And CFO Turnover," which include
some interesting results from Year 1.
Copyright Protiviti, Inc. 2005
7
SOX Year 1 Compliance - Overview
Pa
The study at left highlights
the average Year 1
resources spent on SOX
compliance (Section 404).
Copyright Protiviti, Inc. 2005
8
Compliance Week - Overview
Pa
ƒ
Based on a large sample of 2005 disclosures, "financial systems and procedures"
and "personnel issues" continue as the most commonly cited internal control
deficiencies. The following weaknesses were cited:
9 Lease Accounting
9 Accounting Policies and Practices
9 Inexperienced Staff or Lack Thereof
9 Taxes
9 GAAP Calculations and Policies
9 Revenue Recognition
9 Monitoring
9 Third-Party Relationship (e.g., strategic supplier relationship, etc.)
9 International and Merger and Acquisitions
9 Control Environment (e.g., integrity, ethical values, etc.)
Copyright Protiviti, Inc. 2005
9
SEC Roundtable Discussion
Pa
ƒ
On Wednesday, April 13, 2005, the SEC hosted a roundtable discussion on the
implementation of the internal control reporting requirements for public companies as
outlined under Section 404 of SOX.
ƒ
The Commission invited representatives of public companies, auditors,
investors, members of the legal community, and others to participate in the
roundtable and discuss "lessons learned" from Year 1 compliance.
ƒ
Several themes emerged, including:
9 Overall consensus was that the Section 404 "concept" is valid
9 Year 1 compliance and auditing costs were too high and must be reduced
going forward ("cost / benefit equation is out of balance")
ƒ Lack of documentation
ƒ Inadequate attention to and emphasis on improving internal control over
financial reporting
Copyright Protiviti, Inc. 2005
10
SEC Roundtable Discussion
Pa
ƒ
Several themes emerged, including (continued):
9 Year 1 was a learning experience impacted by the timing of the release of
PCAOB AS2 and other guidance materials
9 Year 2 cost reductions should be realized due to the carry-forward of Year 1
documentation and implementation of a risk-based approach
9 The Year 1 approach gave equal weighting and emphasis to high risk and
low risk areas
9 A risk-based approach is needed
9 Best practice examples are needed
9 Not all material weaknesses are created equal
ƒ Companies need clarification around the assessment, aggregation, and
classification of control deficiencies
Copyright Protiviti, Inc. 2005
11
Other Lessons Learned
Pa
ƒ
Answer key scoping questions early
9 Which financial reporting elements?
9 Which units and locations?
9 Which processes?
9 Which systems?
ƒ
Focus on priority financial reporting elements, assertions and risks
9 Use process maps and / or other supporting documentation to provide the most
effective "walkthrough"
9 Link priority elements, processes, key assertions, risks and controls
9 Integrate IT risks and controls with the assessment
ƒ
Engage the unit managers and process owners
9 Both in-house and outsourced
9 Establish accountability
9 Make sure they are ready for the walkthroughs
Copyright Protiviti, Inc. 2005
12
Other Lessons Learned
Pa
ƒ
As early as possible in the process
9 Assess your entity-level controls
9 Evaluate your general IT and application controls
9 Plan on making fraud explicit in the assessment
ƒ
Pay attention to details
9 Read the standard and document your roadmap for complying with the standard
9 Expect Year 1 compliance to be a learning experience
ƒ
Work with the external auditors throughout the process
9 Understand expectations and timing requirements
9 Conduct periodic checkpoints
9 Plan to give the auditors sufficient time
Copyright Protiviti, Inc. 2005
13
Other Lessons Learned
Pa
ƒ
Define the testing plan / "rules of engagement" up-front
9 Filter the controls to test
9 Define the "failure conditions"
9 Articulate testing documentation protocols
9 Decide what to do when failure conditions are encountered
9 Vary testing scopes according to frequency of the control
9 Test at least to the same degree that the auditor would
9 Automated controls need be tested only once
9 Use competent and objective evaluators
9 Don’t forget year-end updates
Copyright Protiviti, Inc. 2005
14
Other Lessons Learned
Pa
ƒ
Consider nature and extent of remediation timely
9 Begin evaluation process ASAP - classifying borderline deficiencies will be difficult
9 Tackle significant design deficiencies ASAP
9 Thoughtfully remediate operating deficiencies
9 Be sure to retest remediated controls
Copyright Protiviti, Inc. 2005
15
Management Best Practices
Pa
ƒ
Top management support is vital; the project can’t succeed without it
ƒ
Budget for it and commit – be serious and set the tone:
9 Don’t ignore the clock – this is a BIG effort
9 FEI studies report an under-estimation of overall effort
9 Start as early as you can
ƒ
Take charge – some common pitfalls to avoid:
9 Project is managed at too low a level within the organization
9 Project team gets lost in irrelevant details
9 Key scoping decisions remain unaddressed too long
ƒ
Walk through the major processes yourself
Copyright Protiviti, Inc. 2005
16
Management Best Practices
Pa
ƒ
Insist on status reports
ƒ
Obtain sub-certification by others
ƒ
Communicate up, down and across the organization
ƒ
Establish a Steering Committee to maintain senior management sponsorship
ƒ
Top management support is vital; the project can’t succeed without it
ƒ
Budget for it and commit – be serious and set the tone:
9 Don’t ignore the clock – this is a BIG effort
9 FEI studies report an under-estimation of overall effort
9 Start as early as you can
Copyright Protiviti, Inc. 2005
17
Management Best Practices
Pa
ƒ
Walk through the major processes yourself
ƒ
Insist on status reports
ƒ
Obtain sub-certification by others
ƒ
Communicate up, down and across the organization
ƒ
Establish a Steering Committee to maintain senior management sponsorship
Copyright Protiviti, Inc. 2005
18
Potential Obstacles / “Nightmares”
Pa
ƒ
Company or external auditor testing of remediated controls prove they are not
working
ƒ
"New scope" items created by external auditor
ƒ
No time left to remediate issues
ƒ
Fraud occurs, not contemplated by existing controls
ƒ
Key fourth quarter or annual controls do not work
ƒ
Large financial statement adjustment NOT detected by management
ƒ
Large financial statement adjustment detected by management but affecting
prior quarters
ƒ
Audit Committee is deemed ineffective
ƒ
Fraud programs and controls not thoroughly documented
ƒ
Issues in general IT control environment
ƒ
Sample sizes not large enough
ƒ
Deficiency / material weaknesses definition disagreements
ƒ
SAS 70 issues
Copyright Protiviti, Inc. 2005
19
Pa
Protiviti Approach
Copyright Protiviti, Inc. 2005
20
Our Recommended 404 Methodology
Pa
Financial
Financial Reporting
Reporting
Requirements
Requirements
Entity-Level
Entity-Level
Controls
Controls
Components
of Internal
Control
Reporting
Protiviti’s
Approach
Set
Set
Foundation
Foundation
IT
IT
Controls
Controls
Sarbanes
Sarbanes
Diagnostics
Diagnostics
Tools &
Technology
Control
Control Improvements
Improvements
Control
Control Design
Design
Relevant
Relevant Processes
Processes
Control
Control Operation
Operation
PHASE I
PHASE II
PHASE III
PHASE IV
Assess
Assess Current
Current
State
State and
and Identify
Identify
Relevant
Relevant Processes
Processes
Document
Document Design
Design
and
and Evaluate
Evaluate
Critical
Critical Processes
Processes
and
and Controls
Controls
Design
Design
Solutions
Solutions for
for
Control
Control Gaps
Gaps
Implement
Implement
Solutions
Solutions for
for
Control
Control Gaps
Gaps
Knowledge Sharing
Project Management
IT
IT
Organization
Organization
and
and
Structure
Structure
Process
Process Risks
Risks
IT
IT Entity-Level
Entity-Level
Control
Control Evaluations
Evaluations
Communication
Internal
Internal
Control
Control
Report
Report
Report
Report
Continuous Improvement
IT Control Considerations
IT
IT Process
Process Level
Level
Control
Control Evaluations
Evaluations
TM))
Process
Process Management
Management (SarbOx
(SarbOx Portal
PortalTM
TM))
Assessment
Assessment Management
Management (The
(The Self
Self Assessor
AssessorTM
Knowledge
Knowledge Management
Management
Copyright Protiviti, Inc. 2005
21
Selecting Significant Financial Reporting Elements
Pa
Financial Statement Elements
Prioritization elements
Factors to consider in determining key financial reporting elements: (1) Materiality of financial statement
items; (2) Degree of volatility of the recorded amount over time; (3) Degree of subjectivity used in determining
account balance; (4) Susceptibility to error or omission as well as loss or fraud; and (5) Complexity of
calculation
Individual risk rankings
Copyright Protiviti, Inc. 2005
Overall element risk ranking
22
Overall Financial Element Ranking
Pa
In order to prioritize processes that affect financial reporting controls, the most recent fiscal year ending financial
statements will be reviewed to determine the critical reporting elements.
Each key financial statement element will be rated (on a scale of high-medium-low) by management on the following
factors:
– Materiality of the balances
– Degree of volatility in balances from quarter to quarter
– Velocity (the number of transactions in the account)
– Subjectiveness in determining significant estimates
– Susceptibility to error or omission as well as manipulation or loss
– Complexity of calculation
% of the respective category of IHC
LOW
MEDIUM
HIGH
Materiality will be determined based on
Total Assets
Liabilities & Net Assets
Operating Revenue
Operating Expenses
0% - 5%
5% - 10%
>10%
In establishing the overall score, materiality will be counted twice. The overall score will be established by assigning
weights of 3, 2 and 1 to factors that were rated high, medium and low, respectively. An overall rating will be assigned to
each financial statement element, based on this overall score.
A high level analysis will be performed to ensure the results are in line with expectations (ie. Expected A/R to be
assessed as high, is it?) (Does it pass the “sniff” test?).
Copyright Protiviti, Inc. 2005
23
Process Classification Scheme
Pa
Process Classification
Scheme is a tool to
categorize key business
processes within a business,
and to develop an
enterprise’s “process
universe”
The universal model shown
here can be customized to
include the key processes
for any organization
The objective, however, is to
identify the major transaction
flows
Copyright Protiviti, Inc. 2005
24
Process Prioritization
Pa
Financial Elements / Business Process Matrix
Financial statement notes
and disclosures
Income tax
Net interest
Operating and
administrative expenses
Cost of sales
Sales
Shareholders' equity
Deferred income taxes and
other long-term liabilities
Long-term debt
Other current liabilities
Current portion of
long-term debt
Taxes payable
Employee compensation
and benefits
Accounts payable
Other long-term assets
Intangible assets
Goodwill
Property
Other current assets
(prepaid expenses, etc)
Deferred income taxes
Receivables
Merchandise inventories
Key Business Processes /
Key Sub-Processes
Cash and cash equivalents
Priority Financial Statement Elements
(a)
Importance
to financial
reporting
(b)
Likelihood of
control issues
1. Cash Management
1.1 Manage Line of Credit and Other L/T Debt
1.2 Cash Handling
1.2.1 Stores
1.2.2 Corporate Offices
1.3 Bank Reconciliations
1.4 Investments
2. Accounts Payable
2. Accounts Payable
3. Payroll
3.1 Payroll Processing
3.2 Benefits Processing
3.3 Workers' Compensation
3.4 Bonuses
4. Revenue
4.1 Revenue Recognition
Framework Interpretation:
HIGH
MEDIUM
LOW
• The business processes listed represent sample processes that affect significant transaction flows.
• The matrix links priority financial reporting elements to business processes
Copyright Protiviti, Inc. 2005
25
Process Prioritization
High
Pa
Contractual
Allowances
Significance
A/P & Cash
Disbursements
Payroll
Employee
Master
Medical
Records
Receivables
Management
Employee
Managed
Benefit Plan
Debt
3rd Party Payor
Settlements
Management
Fundraising
Income Tax
Provision and
Compliance
Amortization of
Incentive
Compensation
Prepaid and Intangibles
Low
IT Controls
Inventory
Management
Processing
Manage Travel &
Entertainment
Expenses
Low
Copyright Protiviti, Inc. 2005
Revenue Cycle:
• Registration/Admissions
• Medical Records
• Charge Capture/Charge Posting
• Charge Master Maintenance
• Billing
• Receivables Management
• Allowances
CDM
Maintenance
Purchasing
Close the
Books
Treasury:
• Cash Management & Marketable Securities
• Debt Management
• Fundraising
Billing
Charge
Capture/Posting
Asset
Management
Cash Mgt. &
Mrktble Securities
Processes
Registration
/ Scheduling
Payroll & Benefit
Changes
HR and Payroll:
• Payroll/Benefit Changes
• Employee Managed Benefit Plan
• Payroll Management
• Incentive Compensation
Risk Management
• Risk Management
Risk
Management
Taxes
• Income Tax Provisions and Compliance
Capitation
Management
Risk
Procurement:
• Purchasing
• AP & Cash Disbursement
• Asset Management
• Inventory Management
• Amortization of Prepaid/Intangibles
• Manage Travel and Entertainment Expense
Financial Reporting:
• Close the Books
• Third Party Payor Settlements
• Budgeting, Forecasting and Management Reporting
• Financial Statement Disclosures
High
Information Technology
• IT General Controls
26
Materiality – Define Control Units
Pa
One of the key processes in developing a project plan is to determine how many business units /
locations are part of the SOX scope. The process used to reach the decision is the Accounting
Standards Board (and Public Company Accounting Oversight Board’s) "decision tree" shown below.
IsIs location
location or
or business
business unit
unit
individually
important?
individually important?
Yes
No
Are
Are there
there specific
specific
significant
significant risks?
risks?
Evaluate
Evaluate documentation
documentation and
and
test
test significant
significant controls
controls at
at each
each
location
location or
or business
business unit?
unit?
Yes
Evaluate
Evaluate documentation
documentation and
and
test
controls
over
specific
risks?
test controls over specific risks?
Yes
No
No further
further action
action required
required
for
for such
such units.
units.
No
Are
Are there
there business
business units
units or
or
locations
locations that
that are
are not
not important
important
even
even when
when aggregated
aggregated with
with
others?
others?
No
Are
Are there
there business
business units
units or
or
locations
locations documented
documented entityentitywide
wide controls
controls over
over this
this group?
group?
Yes
No
Unit
Unit 11
Unit
Unit 22
Unit
Unit 33
Evaluate
Evaluate documentation
documentation and
and
test
controls
over
group.
test controls over group.
Some
Some testing
testing of
of controls
controls at
at
individual
individual locations
locations or
or
business
business units
units required.
required.
Recommended best practices would include formalizing this process, including management’s
assessment over which business units / locations are in scope, and why management determined that
some business units are not part of scope. In order to determine overall "importance," companies are
using total revenues, total assets, and / or pre-tax income, as the basis for the materiality decisions.
Copyright Protiviti, Inc. 2005
27
Pa
Phase II - Documentation
Copyright Protiviti, Inc. 2005
28
Risk and Control Matrix
Pa
The Risk and Control Matrix is utilized to link our risks to assertions
and ultimately to the risk controls.
The Risk and Control Matrix should answer these questions:
1) What are the risks?
2) What are the controls?
3) Who owns the process/controls?
4) How are the controls performing?
The Risk Control Matrix is one of the key documents developed for
each process!
Copyright Protiviti, Inc. 2005
29
Risk and Control Matrix
Pa
This is an example of a Risk and Control Matrix template. Population
of the risk and control matrix is the end objective of the
documentation efforts.
Risk and Control Matrix
Org
Process
Process Owner
COSO Objective
Fin. Reporting Element
ID
Risk
Copyright Protiviti, Inc. 2005
Financial Statement
Assertion
Control Activity
Control Type
Design
Assessment
Operating
Assessment
30
Process Maps
Pa
• Provides a high level overview of the key components that comprise
each cycle
• Process maps provide the blue prints and actually facilitate the
development of the process narratives to be completed.
• Serve as an effective tool to source risks and corresponding control
points within a given process
• Depicts the interfaces that may exist within the process between key
functions.
Copyright Protiviti, Inc. 2005
31
Pa
WD 1
Workday:
IT Department
generates Stock Ledger
report for input into the
General Ledger (GL)
System
Sales and Inventory
systems are closed
(usually on a Saturday
- last day of period)
Information Technology
General Ledger Group
AP Department
Level 3 – Process Map
WD 2 through WD 5
IT Department
generates sales
spreadsheet (in POS)
for upload into the GL
system
END
GL Personnel are responsible for
entries such as fixed assets, prepaid
amort., Payroll, etc.
Summary page of Stock
Ledger report is printed
which lists all
transactions into the
system for the month
GL Group receives
Stock Ledger report
for manual entry of
cost entries GL
system
Reverse accrual
entries from prior
month
START
1
1
2
2
3
Personnel within GL
Group close specific
financial statement
captions
GL Group receives
sales spreadsheet
from IT and uploads
to GL
3
5a
5
8
4
4
Accounts Payable
close - all AP
related accruals
booked by AP
Department
1
1
2
2
8
9
Page 2
11
6
Reversing entries
are completed
right after the
previous month’s
close
6
7
8
9
10
Flowchart Legend
END
Risk
Control in
place,
operating
effectively
Control in
place, not
operating
effectively
Report
System
Predefined
Process
The AP close process is a separate process
performed by AP Dept. (see narrative on AP close
process for further details)
Copyright Protiviti, Inc. 2005
Recurring entries
are made (2 types:
(1) same amount
each month (2)
different amount but
recurring entry each
month)
No control
in place
Notes
Flow
Terminator
Off-page
Connector
Process
Decision
Point
32
Process Narrative
Pa
• Process narratives are used in conjunction with the process flows to
provide detailed descriptions of each process point.
• The process narrative allows the documenter the capacity to qualify
processes beyond what graphical documentation can provide.
• The premise for the narrative is to describe why, when and how the
process occurs, as well as what is created during the process and who
is involved in the process.
• The ultimate objective for creating each process narrative is to extract
control detail and determine assertions and related risks applicable to
each process.
Copyright Protiviti, Inc. 2005
33
Pa
Provide Revenue Cycle – What are the Risks?
Copyright Protiviti, Inc. 2005
34
Provider Revenue Cycle
Pa
Delinquent
Accounts/
Collection
Agency
Scheduling/Verification/
Pre-Certification/Pre-Admissions
Registration/
Admission
Account
Follow-up
Charge Capture/
Utilization Review/
Care Coordination
CDM/Health
Information
Management/
Coding
Collections/
Payment Posting
Billing
Copyright Protiviti, Inc. 2005
35
What are Risks?
Pa
ƒ Risk represents “what can go
wrong” in a process. By identifying the
risks in a process, the evaluator can
focus on whether the controls mitigate
the risk.
ƒ Risk is the threat that an
event, action, or non-action will
adversely affect an organization’s
ability to achieve its business
objectives and execute its strategies
successfully.
ƒ Risk is measured in
terms of consequences and likelihood.
Copyright Protiviti, Inc. 2005
36
Provider Revenue Cycle Risks
Pa
ƒ
Registration/Admissions
9 Patient is invalid or
unauthorized
Delinquent
Accounts/
Collection
Agency
9 Changes to the ADT
system are not complete
and accurate
Charge Capture
Registration/
Admission
Account
Follow-up
9 Eligibility and verification
checks are not performed
on a timely basis
ƒ
Scheduling/Verification/
Pre-Certification/Pre-Admissions
Charge Capture/
Utilization Review/
Care Coordination
CDM/Health
Information
Management/
Coding
Collections/
Payment Posting
Billing
ƒ
CDM
9 Charges for services are
not captured completely
and accurately
9 Additions/deletions/change
s are not processed
completely and accurately
9 Charges for services are
not posted completely and
accurately
9 Additions/deletions/change
s are not appropriately
authorized
Copyright Protiviti, Inc. 2005
37
Provider Revenue Cycle Risks (cont.)
Pa
ƒ
Billing
9 Billing occurs for services
that have not been
rendered
9 New bills or changes to
existing bills are not
appropriately captured in
the BAR system and GL
Registration/
Admission
Account
Follow-up
9 Billing does not occur for
all services provided
9 Bills are not processed
completely, accurately
and timely
Scheduling/Verification/
Pre-Certification/Pre-Admissions
Delinquent
Accounts/
Collection
Agency
Charge Capture/
Utilization Review/
Care Coordination
CDM/Health
Information
Management/
Coding
Collections/
Payment Posting
Billing
ƒ
Collections/Payment
Posting/Account Follow up
9 Payments are not posted
completely and accurately
9 Refunds or credits are
processed without the
appropriate authorizations
9 A/R aging is not reviewed
on a timely basis
Copyright Protiviti, Inc. 2005
38
Provider Revenue Cycle Risks (cont.)
Pa
ƒ
Allowances
9 Follow-up on outstanding
bad debt is not performed
completely, accurately
and timely
9 Bad debt write-offs are
not appropriately
authorized
9 Appropriate bad debt
reserve is not established
on uncollectible accounts
9 Bad debt reserves are not
recorded completely and
accurately
Copyright Protiviti, Inc. 2005
Delinquent
Accounts/
Collection
Agency
Scheduling/Verification/
Pre-Certification/Pre-Admissions
Registration/
Admission
Account
Follow-up
Charge Capture/
Utilization Review/
Care Coordination
CDM/Health
Information
Management/
Coding
Collections/
Payment Posting
Billing
9 Charity care write-offs are
not appropriately
authorized
9 Appropriate contractual
allowance reserve is not
established
39
Pa
Provide Revenue Cycle – What are the Controls?
Copyright Protiviti, Inc. 2005
40
Internal Control
Pa
Control is about setting and achieving defined objectives. It’s also about effective
procedures. Control activities that help manage risks while encouraging flexibility and
innovation.
Clear Objectives
Effective Procedures
Flexibility & Innovation
The CEFI model.
Copyright Protiviti, Inc. 2005
41
Standard Control Model
Pa
The standard control model is setting standards, measuring performance, and
correcting variances using feedback loops.
Objectives
ƒ Effectiveness and efficiency of operations
ƒ Reliability of financial reporting
ƒ Compliance with laws and regulations
Objectives
Performance Standard
Design Reporting System
Controls at their best:
ƒ Agreed roles and responsibilities
ƒ Documentation that is verified
ƒ Record of income and accountability
ƒ Segregation of duties
ƒ Review and monitoring committee
ƒ Frequent checks
Actual Performance
Actual versus Standard
Take Action to Adjust
Review and Monitor
Source: Pickett, K.H. (2001). Internal Control: A Manager’s Journey. New York: John Wiley & Sons, Inc.
Copyright Protiviti, Inc. 2005
42
Control Techniques
Pa
Controls can be viewed as a series of concentric circles.
There are myriad processes within a health system, and
the necessary controls to achieve the objectives zero in
to ever-tightening focus. Target the revenue cycle
controls that mitigate the identified risks.
Prevention techniques are designed to provide
reasonable assurance that only valid transactions are
recognized, approved and submitted for processing. Many of the preventive techniques are
applied before the processing activity occurs.
ƒ Segregation of Duties (Preventive – Manual)
ƒ Configuration/Account Mapping Controls (Preventive – System)
Detection techniques are designed to provide reasonable assurance that errors and
irregularities are discovered and corrected on a timely basis. Detection techniques normally
are performed after processing has been completed.
ƒ Reconciliations (Detective – Manual)
ƒ Key Performance Indicators (Detective – Manual)
Copyright Protiviti, Inc. 2005
43
“Front-End” Controls
Pa
Delinquent
Accounts/
Collection
Agency
Scheduling/Verification/
Pre-Certification/Pre-Admi ssions
Registration/
Admi ssion
Account
Follow-up
Patient Care/
Utilization Review/
Care Coordination
“Front-end” information is crucial to meeting
Revenue Cycle control objectives. If information
is not captured correctly, the entire billing process
is compromised from the start.
Health Information
Management/Medical
Coding
Collections/
Payment Posting
Billing
“Front-End” Internal Controls
•
Pre-Admissions for Scheduled
Procedures/Admits
•
Follow-up on Missed Appointments
•
Validate ID and Insurance Card
•
Required Data Fields
•
Verify Insurance Eligibility
•
MPI Maintenance & Cleanup
Copyright Protiviti, Inc. 2005
•
Meet Regulatory Requirements
–
MSP Questionnaire
–
ABN
–
EMTALA
44
“Middle” Controls
Pa
Delinquent
Accounts/
Collection
Agency
Scheduling/Verification/
Pre-Certification/Pre-Admi ssions
Registration/
Admi ssion
Account
Follow-up
Patient Care/
Utilization Review/
Care Coordination
Collections/
Payment Posting
The “middle” of the Revenue Cycle is where the
tests, procedures, supplies, pharmaceuticals,
and treatment administered to the patient are
documented and codified for billing, regulatory
reporting, and risk management purposes.
Health Information
Management/Medical
Coding
Billing
“Middle” Internal Controls
•
Charge Master Review Committee
•
Routine Code Updates
•
Charge Review Nurse Audit
•
Up-to-Date Charge Tickets
•
Chart to Bill Audits
Copyright Protiviti, Inc. 2005
45
“Back-End Controls
Pa
Delinquent
Accounts/
Collection
Agency
Scheduling/Verification/
Pre-Certification/Pre-Admi ssions
Registration/
Admi ssion
Account
Follow-up
Patient Care/
Utilization Review/
Care Coordination
Collections/
Payment Posting
Health Information
Management/Medical
Coding
Billing
The “back-end” processes of Billing, Collections and
Cash Posting are the final steps to turning patient
encounters into net revenue. In theory, if everything
is performed correctly up to this point these
processes should be automatic. However, that is
rarely the case and internal controls are needed to
Ensure the final steps of the Revenue Cycle are
carried out effectively and efficiently.
“Back-End” Internal Controls
•
Daily Billing Control Points Reconciliation
•
Feedback loops to Clinical Departments, HIM
•
Denial Management Reports
•
Electronic Posting
•
Lockbox
•
Segregation of Duties
•
Performance Metrics & QA
•
Management approval through delegation of authority
guidelines
Copyright Protiviti, Inc. 2005
46
Effects of Entropy
Pa
Effective Revenue Cycle internal controls ensure that the processes that make up the
systems are current, relevant, effective, and efficient. If the controls are not properly
maintained, over time the Revenue Cycle will break down.
Effects of Revenue Cycle entropy are:
ƒ Inaccurate financial statements
ƒ Loss of Revenue
ƒ Financial Loss
ƒ Regulatory Compliance Violations
ƒ Staff Turnover / Lack of Motivation
ƒ Patient Dissatisfaction
ƒ Facility Closure
Copyright Protiviti, Inc. 2005
47
Effects of Internal Control
Pa
Establishing objectives and strengthening the controls to meet those objectives
means positive returns for the health care provider. Risks are mitigated, staff are focused
in the same direction, roles and responsibilities are defined, and there is accountability
for results.
Returns can be seen in the form of:
ƒ Accurate financial statements
ƒ Improved Cash Flow
ƒ Lower A/R Days
ƒ Reduced Bad Debt
ƒ Regulatory Compliance
ƒ Patient Satisfaction
ƒ Employee Satisfaction
ƒ Healthy Work Environment
Copyright Protiviti, Inc. 2005
48
Internal Controls Summary
Pa
•
The starting place for controls is to decide what you really want to do.
Everything else flows from this.
•
Control is about having an aim, making sure you have the means to achieve
it, and managing those risks that can impair your ability to get there. It’s a
driving force that moves you in the right direction, but it sets your energies
within a framework of policies, guidelines, ethical rules, and accountability.
•
It seeks to promote achievement but also depends on compliance with these
policies.
•
Also, it should provide safeguards against fraud and corruption and make
sure value for money is secured.
Source: Pickett, K.H. (2001). Internal Control: A Manager’s Journey. New York: John Wiley & Sons, Inc.
Copyright Protiviti, Inc. 2005
49
Pa
Questions?
Copyright Protiviti, Inc. 2005
50
Related documents
Protiviti assists client in acquiring a professional sports team and
Protiviti assists client in acquiring a professional sports team and
Protiviti helps client recover US$350 million
Protiviti helps client recover US$350 million
protiviti audit command language (acl) training
protiviti audit command language (acl) training
member Medicaid/Medicare health plan
member Medicaid/Medicare health plan
Government-Contractor-Improve-Financial-Processes
Government-Contractor-Improve-Financial-Processes
protiviti audit command language (acl) training
protiviti audit command language (acl) training
Accelerating Revenue Recognition to the Speed of Business
Accelerating Revenue Recognition to the Speed of Business
Testing the Reporting Process
Testing the Reporting Process
Value Through Scenario Analysis
Value Through Scenario Analysis
Download
advertisement