Add to collection(s) Add to saved
  1. Business
  2. Management

Auditing

advertisement 
CORPORATE COMPLIANCE POLICY
CC-04 _AUDITING_________________________________________________________
I.
Policy: The Restore Compliance Department performs audits in accordance with
Internal Audit Standards and best practice.
II.
Purpose: To establish Department guidelines for performing an audit and formatting
audit documents.
III.
Procedure:
A.
Working Papers - General
Working papers documenting the audit should be prepared by the auditor and
reviewed by the Compliance Officer. These papers should record the
information obtained and the analysis made and should support the findings
and recommendations reported. Information should be sufficient, competent,
relevant, and useful in providing a sound basis for audit findings and
recommendations.1 Working papers document planning; the examination and
evaluation of the adequacy and effectiveness of internal controls; the procedure
performed, information obtained, and conclusions reached; review; reporting;
and follow-up.2
Working papers must contain the following elements:
1. Heading - consists of a purpose statement, department audited, audit date
(month/year)
2. Reference - Working papers will be filed so that references are located in
the bottom right corner of the working paper throughout the file.
a.
appropriate index
b.
date completed
c.
preparer’s initials
Example:
A-1
01/01/01
kb
3. Audit verification symbols (tick marks) - necessary on most working
papers and should be explained on the front of the working paper in a
footnote.3 Different symbols should be used for each explanation.
4. Working papers should be sequenced in the audit file in order of
significance and relevance.
1
Internal Audit Standard 420
SIAS 6
3
SIAS 6
2
Page 1 of 7
Written: March 2010
CORPORATE COMPLIANCE POLICY
5. Electronic working papers may only be edited by the auditor who prepared
them.
6. Working papers are the property of the Compliance Department and
contain confidential data.
7. Working papers should not be made accessible to other members of the
organization without prior approval of the Compliance Officer.4 When
access is approved, the review should be conducted in the Compliance
offices.
8. During fieldwork, working papers should be properly protected and in the
auditor’s possession. In the Compliance Department, working papers
should be kept in a lockable file cabinet.
9. Working papers are destroyed in accordance with Record Retention
policies.5
a.
4
5
Working papers stored in the warehouse are to be listed on disk titled
“Files in Warehouse Storage” and stored in sealed boxes labeled
consistently with other Compliance boxes.
SIAS 6
SIAS 6
Page 2 of 7
Written: March 2010
CORPORATE COMPLIANCE POLICY
B.
Working Papers - Referencing
A complete audit file contains the following working papers (if applicable)-referenced and signed:
1.
Audit Checklist (inside cover of file, no reference)
2.
Administrative Working Papers (A-papers)
 Audit Report (Final)
 Correspondence Related to Report
 Notes for Report/Summary of Findings
 Memo on Patient Account Adjustments
A-1
A-1.1, 1.2, 1.3, etc.
A-2
A-3
Planning Working Papers
 Audit Planning Memo
 Prior Audit Report*
 Requests for Audit
B-1
B-2
B-3
3.
*In a follow-up/evaluation audit file, a copy of the initial audit report serves
as the Audit Planning Memo and is referenced B-2. B-1 is not required.
4.
Performing the Audit
 Audit Program
C-1
 Evaluation of Internal Controls
C-2
 Surveys, Interviews, Questionnaires, Criteria C-3
 used to select sample
5.
Testing and Fieldwork (D, E, F, etc. through end of working papers)
 Testing Working Paper (primary work paper) D-1
 Other documents supporting work paper D-1
D-2, -3, -4, etc.
 Subsequent sets of work papers
E-1

"
"
"
F-1
Page 3 of 7
Written: March 2010
CORPORATE COMPLIANCE POLICY
AUDIT FILE CHECK LIST













Notify Management of audit and provide Announcement Letter
Review Audit Planning Memo and Audit Program with Director
Document in Audit Log the Audit Title and Start Date
Complete Audit Program steps
Number and reference working papers
Draft audit report and submit for peer review
Submit working papers and draft report to Director to review
Clear review notes
Schedule Management Conference
Director to sign off on the following:
 Audit Planning Memo
 Audit Program
 Notes for Report
 Evaluation of Internal Control
 Working papers
 Audit Report (Final)
Date final report issued _____________________
Document in Audit Log Audit “End” Date
List of Auditees to Receive Survey to Coordinator
Page 4 of 7
Written: March 2010
CORPORATE COMPLIANCE POLICY
C.
Working Papers - Standardized Forms
1.
Correspondence Related to Report
This is defined as any correspondence from the auditee subsequent to the
audit or final report and may include correspondence relating to the draft
report, i.e., audit acknowledgement or audit draft approval. Also
included, is documentation of the exit conference between auditor and
auditee, if applicable.
2.
Notes for Report/Summary of Findings
This form lists each finding, with whom in the audited department the
finding was discussed, working paper reference, and inclusion/
exclusion from report.
3.
Audit Planning Memo
The Audit Planning Memo is completed during the planning phase of the
audit. During the planning or preliminary survey, the auditor documents
basic background information about the area being audited. The auditor
will take this opportunity to learn about the auditee’s objectives,
operations, personnel, and control structure. The auditor should request
reports and audit materials from the department. The correspondence
notifying the department manager of the audit and requesting records
will be referenced as a working paper. The auditor should solicit
comments and participation from the auditee. In addition, the auditor
should note any special concerns or problems from previous audits and
indicate that the Permanent File for the Department or area being audited
has been reviewed and updated. The auditor should note that applicable
policies and procedures were reviewed with the department manager and
updated prior to the audit.
4.
Requests for Audit
Special requests for audits not included on the audit schedule will be
documented. This may include correspondence or an auditor note. The
auditor note should be dated and clearly documented as to the party
requesting the audit, audit concerns stated, and areas of focus.
5.
Audit Program
The audit program is a document listing the audit procedures to be
followed. The audit program repeats the audit objectives and outlines a
step-by-step process from initiation to completion of the audit.
Page 5 of 7
Written: March 2010
CORPORATE COMPLIANCE POLICY
6.
Evaluation of Internal Control
a.
b.
7.
Sampling Criteria, Interviews, Surveys
a.
b.
D.
The department’s compliance with hospital policies and procedures
is documented during the audit.
The auditor should comment that the department policies and
procedures were verified with the department manager and any
changes were noted. Significant changes in the department policies
and procedures will be submitted for inclusion in the appropriate
organizational manual.
Sampling criteria or methodology should be stated either on a
separate form or within the applicable working paper.
Surveys or interviews with department staff about operations are
optional audit tools that may benefit the auditor. Results should be
documented.
Review Process
The Compliance Officer must sign off on all work in the file. Audit planning
and program steps should be reviewed with the Compliance Officer before
fieldwork begins.
Review notes will be made by the Compliance Officer after reviewing the
auditor’s fieldwork. Review notes simply identify additional questions or
concerns noted by the Compliance Officer and may address the adequacy of
supporting documents for Findings and clarify audit steps.
The Compliance Officer must approve the final report before it is issued. Any
draft of the report released without approval of the Compliance Officer must
be visibly stamped or identified as a draft.
E.
Format of an Audit Report
The report should be headed by the title of the audit and the audit date (month,
year). The first paragraph should provide a brief introduction describing the
purpose (objectives) of the audit and audit scope. Audit objectives are broad
statements developed by the compliance auditors and define intended audit
accomplishments.
The Audit Scope refers to the activities audited and, when appropriate,
includes supportive information such as the time period audited. Related
activities may be identified if necessary to describe the scope.
The audit report will list the audit results including Findings,
Recommendations, and Actions Taken. A Finding is an exception or area of
Page 6 of 7
Written: March 2010
CORPORATE COMPLIANCE POLICY
non-compliance, a pertinent statement of fact. Findings are based on a
comparison of what should exist with what does exist. If there is a difference,
the Findings should state the reason or cause and the resulting effects. 6 A
Recommendation is a potential improvement advised by the auditor during the
audit. Each Finding/Recommendation should be followed by a summary of
the related Action Taken.
The Action Taken should indicate the auditee’s agreement with the audit
results and the plan of action to improve operations, as needed.
Disagreements between auditor and auditee must be documented in the
working papers and may be included in the audit report if the Compliance
Officer believes both conclusions are equally appropriate and that reporting
them will enhance management’s understanding of the issues.7
The CEO, COO, and VP of Clinical Services will receive a copy of audit
reports. In addition, copies should go to the appropriate Vice President and/or
Manager/Director. The draft report should be saved on the shared network.
Final audit reports are reported to the Board of Directors.
F.
Audit Closing (“EXIT”) Conference
1. The auditor should discuss Findings and Recommendations with
appropriate levels of management before issuing final reports.
Discussions with the auditee throughout the audit process help avoid
misunderstandings or misinterpretations of fact.
a.
b.
c.
6
7
Another acceptable closing technique is the review of draft reports
by the manager of the audited department.
A closing conference or exit interview provides the opportunity for
the auditee to clarify items and express views about Findings and
Recommendations. It is also a courtesy that enhances the auditeeauditor relationship.
In addition, the participative approach
encourages management’s commitment to an appropriate plan of
action.
Documenting these discussions and reviews can be valuable in
preventing or resolving disputes.
SIAS 2
SIAS 2
Page 7 of 7
Written: March 2010
Related documents
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Title: Audit
Title: Audit
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Download
advertisement