Fundamentals of a Healthcare Internal Business System Audit
Written by Joanne Byron, BS, LPN, CCA, CHA, CHCO, CHBS, CHCM, CIFHA, CMDP, OHCC, ICDCT-CM/PCS
Because healthcare organizations are heavily regulated and periodically audited or investigated, conducting internal audits is important to mitigate risk. Internal audits can be an integral part of your corporate compliance program and used as an effective management system, whether it is focused on quality, safety or any other business element. An internal audit, also known as a Management Audit, compares the implementation and effectiveness of the system against a standard as well as against its own internal criteria, as defined in policies, procedures and work instructions.
It’s October - Celebrating Healthcare Auditors!
New Article for those Interested in Auditing for Compliance
An internal audit, also known as a Management Audit, compares the implementation and effectiveness of the system against a standard as well as against its own internal criteria, as defined in policies, procedures and work instructions.
Because healthcare organizations are heavily regulated and periodically audited or investigated, conducting internal audits is important to mitigate risk. Internal audits can be an integral part of your corporate compliance program and used as an effective management system, whether it is focused on quality, safety or any other business element.
What is a Business System Audit?
An audit is a process of comparing actions and/or results against defined criteria.? Simply stated, an internal audit evaluates a health care organization’s management capability to determine answers to the following questions:
·???????? Does a system exist?
·???????? Is it implemented?
·???????? Is it compliant to industry standards?
·???????? Is it effective?
What is “defined criteria”?
Criteria is defined as the plural form of criterion, the standard by which something is judged or assessed.
????????? “Defined Criteria” are standards identified in advance and approved for use in a specific audit, generally set by government rules, regulations or government agencies, such as CMS or pre-approved by the governing board of your organization.
Are You Performing a First, Second or Third-Party Audit?
A first-party audit is performed within an organization to measure its strengths and weaknesses against its own procedures or methods and/or against external standards adopted by (voluntary) or imposed on (mandatory) the organization. A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited.
A second-party audit is performed by a legal or consulting firm or an individual retained to perform the audit for your organization for process improvement and risk management purposes.
领英推荐
A third-party audit is performed by an audit organization independent of the health care organization and is free of any conflict of interest. Independence of the audit organization is a key component of a third-party audit. Examples of these types of audits would be a Joint Commission, or CMS (Centers for Medicare and Medicaid Services) contractor audit.? Third-party audits may result in certification, registration, recognition, an award, license approval, a citation, a fine, or a penalty issued by the third-party organization or an interested party.
Compliance is the Focus of All Audit Efforts
You are auditing for compliance. Compliance must be the focus of all your efforts. The auditor must first completely understand compliance standards for the purpose of auditing competently. Compliance standards must be written, staff trained, procedures implemented and followed, and monitoring performed to ensure the standards are being understood.
Fundamental Phases of an Internal Audit
Internal audits should not be limited to a business system or elements thereof, but should also incorporate Processes and Services where applicable. Whether there is one auditor or many, someone must lead the audit project.? So, even if you are audit “team” of one, you must lead the audit process.?
An auditor may specialize in different types of audits based on the audit purpose, such as to verify compliance, conformance, or performance. An auditor’s skills need to encompass the ability to provide advice and corrective actions when non-conformances are detected.
An internal business system audit has four fundamental phases – P E R C
1.?????? PLAN
2.?????? EXECUTE
3.?????? REPORT
4.?????? CORRECTIVE ACTION
Conducting business system audits is complex.? The information provided in this article is not comprehensive and not intended as consulting or legal advice.? The American Institute of Healthcare Compliance (AIHC) provides comprehensive training to certify healthcare auditors.? You may consider enrolling in the online Auditing for Compliance course.?
Undecided about becoming an auditor?? Watch these recorded webinars posted to the AIHC YouTube channel, then decide.
?
?