Step one: Align internal audit efforts with goals and objectives
The first step in moving to a return on risk approach is for leadership to identify the risks to which the organization is most exposed, rather than focusing on a healthcare industry list of generalized top risks. Organizations should focus on risks that relate to their unique goals and objectives. Some examples include opening a new service line, forming a joint venture relationship with another entity, moving patient populations to new care settings, increasing the use of remote medical monitoring devices, or testing preparedness for unexpected events such as a pandemic.
One goal for every organization should be making data a key tenet of its risk assessment approach. Management should identify data sources that offer quantifiable, meaningful performance indicators to best measure the associated risks of each objective. This approach can help the organization maximize the closure of risk gaps. It also can help the organization avoid expending unnecessary resources or energy on low-risk areas.
Step two: Take advantage of internal expertise to develop an action plan
Once leadership has aligned its risk assessment activities with the organization’s overall goals, the next step is for the organization to bring together a multidisciplinary team composed of staff from internal audit, compliance, and digital security and IT functions to develop an action plan for narrowing the organization’s risk gaps. Leadership should take advantage of the human resources that exist within its healthcare enterprise. This includes providing necessary tools and advancing the skill sets of workers who will be charged with creating a new risk management plan and, ultimately, leading the transformation from conventional internal audit to a modernized approach. The risk-related action plan should focus on the risk areas the organization identified in step one.
Step three: Adopt the most effective technology
In order to execute the action plan, organizations need to systematize necessary efforts and activities by adopting knowledge-based workflow and report generation software that can help support organizationwide best practices for completing risk audits.
The ideal software should:
- Be able to link to tools that detect risks – in real time – so the internal audit process can be accelerated
- Be capable of generating actionable reports that help organizations measure performance improvement or growing gaps
- Feature workflow technology that can assist with increased risk monitoring
- Include cloud-based solutions so risk projects can continue remotely if needed
Step four: Identify data elements
To power the internal audit software, organizations need data-driven analytics. Full data sets can provide organizations with the most comprehensive overview of their risks and help accelerate the automation of manual internal audit business processes.
For example, a typical accounts payable audit might comprise 20 manual steps. Using advanced data analytics, organizations can incorporate automation into the audit process to accelerate the acquisition of the information needed to detect and mitigate risk. This, in turn, contributes to overall transformation of the audit process.
Step five: Connect with a knowledgeable community
The size, scope, and complexity of risk within the healthcare industry have grown substantially in recent years. Most organizations no longer have the team size and internal subject-matter expertise needed to manage risk successfully. Today’s healthcare organizations should seek access to a networked internal audit user community that can function as a knowledge base and information exchange, broadening risk identification across risk, audit, and compliance functions. This knowledge can contribute immensely to improved audits and risk detection and assessment.
An internal audit transformation
Carefully executing these steps can help an organization evolve to a return on risk approach to internal audit by narrowing risk coverage gaps and enhancing overall organizational performance.
But these steps are just the beginning. It will take a dedicated team to accelerate these types of transformational ideas and processes. Working with internal audit specialists can help healthcare organizations set themselves on a path to lasting internal audit transformation – moving to a modernized approach that positions them for future success and the return on risk gained by improving their risk coverage.