Auditors: Do your tools and processes accelerate the work you deliver?

Sarah A. Cole, CPA; Louise J. Garrett, CIA, CFE; and Michael B. Witek, CIA, CFE
| 9/7/2021
Healthcare Connection Article Image

Healthcare internal auditors today are being called on to do more with fewer resources amid increasing risks. To thrive in this environment, auditors should consider moving from manual and potentially time-consuming methodologies, like risk assessment interviews and sample testing, to more advanced tactics, such as using data and continuous monitoring to identify risks during risk assessment, audit planning fieldwork, and follow-up.

Following are four steps internal auditors can take to find the right tools to fit their organization’s unique needs and to help their team evolve with the industry and their organization.

Step 1: Evaluate the organization’s current audit program

Internal auditors spend time evaluating other departments’ policies and procedures, but how often do they look at their own? Auditors should evaluate their current audit processes, workflow management, and any tools they are using. They should consider all areas of the internal audit function, from performing risk assessment, planning audits, and completing and reviewing audits to issuing audit reports and following up on action plans. If the department uses any tools, such as audit software or analytics packages, auditors should consider whether the team is taking advantage of their fullest capabilities. Does the audit team truly have the knowledge and expertise to get the most out of its analytics tools, or is it only scratching the surface?

After getting a good idea of where they stand currently, auditors should ask themselves where they want their department to be in a year, two years, and five years. They should consider questions such as:

  • What value does internal audit bring to the organization, and how can that value be increased?
  • Is the internal audit team a trusted business partner and adviser?
  • Does the audit team feel comfortable that it’s assessing risk adequately within the organization, or is the team relying solely on interviews and past results, which can limit audit scope?

Step 2: Consider what’s missing

After evaluating the organization’s current internal audit function, auditors should consider what is missing that is preventing the audit team from getting to its ideal state. They should conduct research to assess where the team might have deficiencies and to better understand the capabilities of current tools.

When auditors assess what their audit function is missing, questions might include:

  • Does the audit team have something that provides structure to its work, such as a workflow management tool?
  • If so, what does the team hope to get out of its workflow management tool?
  • Does the audit team have the right tools and information to help senior management and the audit committee feel comfortable that auditors are addressing critical risks?

During this step, it’s important to acknowledge that some team members might have blind spots; it can be easy for individuals to feel as though the way they do something is the best way. Adopting a mindset of “What else should we or could we be doing?” can help an audit team overcome any existing resistance to change. In addition, organizations could consider seeking out a third-party consultant to conduct a quality assessment of its internal audit function and any audit tools it is using.

Step 3: Investigate available tools

Once internal auditors identify deficiencies in their workflows and tools, they can begin researching technologies that can help close gaps and provide what they need to begin improving their department’s functionality and bring more value to the organization.

To start, the auditors should develop criteria that fit the organization and then use these criteria as a guide when searching for tools. It can be helpful to make a list that denotes “needs” versus “wants.” Some questions to consider when vetting a potential internal audit tool include:

  • What kind of information does the tool contain? (For example, is it healthcare specific?)
  • Does the tool offer automated reporting functionalities and automated follow-up? (For example, can it generate automated follow-up emails and customizable, on-demand reporting?)
  • Does the tool provide a knowledge management function that can specify risks and outline audit steps?
  • If so, how recent is the information included in the knowledge management function? (For example, is it built off the up-to-date research of subject-matter specialists and the experience of a community of internal audit peers?)
  • Does the tool offer training information and documents for staff?
  • Can the tool provide data that helps the organization benchmark itself against others in the field?
  • Are analytics built into the tool, or can the tool link to analytics the organization is currently running? (For example, can the tool monitor claims data for potential reimbursement issues?)
  • Does the tool allow for continuous monitoring of organizational risks?
  • Can the tool identify patterns, trends, and outliers in the data and potentially detect fraudulent activity?
  • Can the tool be used for risk assessment, audits, compliance projects, special projects, and investigations?
  • Does the tool help internal auditors fully leverage their unique judgment and expertise in concert with data and analytics?
  • Can employees who work remotely access and use the tool to its full capabilities?

After identifying available options and which tools might best help the organization achieve its internal audit objectives, auditors should arrange to participate in product demonstrations of those tools to help narrow down their selection. These demos provide the opportunity for auditors to see how a tool functions and ask specific questions about how the tool can benefit their organization.

Step 4: Gain management buy-in

Having leadership’s buy-in on any new tools or processes is crucial. Internal auditors can gain management’s approval by demonstrating how a tool can increase risk coverage, improve efficiency, reduce the time needed from auditees, and help internal audit become a better business partner and deliver increased value. Auditors need to demonstrate a return on the spend the organization incurs to mitigate risk. They might consider inviting members of the leadership team to attend product demos to see firsthand how new technologies can positively affect their organization.
Sign up to receive updates on the latest healthcare industry trends, developments, and business needs.

Opportunities ahead

Today’s challenging and frequently changing healthcare industry requires an internal audit function that is faster, better, and smarter – one that can serve organizations in the most efficient way possible and better prepare them for current and future challenges. This presents a great opportunity for internal auditors to think about the kind of future they desire for their department and the tools, technologies, and resources it will take to get there. Embracing leading-edge technology and analytics can help auditors proactively address risks and make them better, more valued business partners within their organizations.

Contact us

Learn more about how Crowe can provide industry-specific financial, regulatory, and technology expertise for your healthcare organization.
Sarah Cole
Sarah Cole
Office Managing Partner, St. Louis, Healthcare Risk Consulting Leader
people
Louise Garrett
people
Mike Witek