Healthcare organizations continually face difficult decisions about how they focus time, energy, and dollars to avoid undue risk exposure. To manage this environment of increasing risks and limited resources, healthcare internal audit departments must align their risk assessments and resulting internal audit plans to the areas most critical to achieving organizations’ strategic goals and business objectives and maintaining compliance with critical regulatory and other requirements. This risk-based approach focuses on the most critical risk areas and suggests less effort, if any, be applied to low-risk areas. The better the alignment between the internal audit plan and the most critical organization risks, the greater return on risk achieved for an organization’s internal audit investment.
As we entered 2020, healthcare organizations’ internal audit resources already were limited even as the industry has become more complex and the number of significant risks has grown over the past decade. The delicate balance between an increasing number of risks and the level of internal audit resources became even more challenging in early 2020 when the U.S. was hit by the COVID-19 pandemic. Although the industry has been preparing for natural disasters, terror attacks, and other events that could cause a large influx of patients, the COVID-19 pandemic has rapidly caused big shifts in the healthcare industry and has resulted in new and significant risks that previously had not been considered.
Lack of preparation for new risks can cost a healthcare organization money and its reputation at a time when it can least afford to lose either. Thoroughly understanding the organization’s operations and strategic direction and identifying current and emerging risks is the best approach to achieve a return on risk. To help with this, Crowe has identified the top risks facing healthcare organizations in 2020. The list was created using input from executive management and board members from some of the largest health systems in the U.S. as well as data assembled from risk assessments conducted at more than 250 hospital clients in 2019. In addition to risks that were identified as part of the 2019 assessment process, the Crowe article “5 COVID-19 Emerging Risks for Healthcare Organizations” identifies significant risk areas that have emerged due to the COVID-19 pandemic.
With the rapidly increasing use of technology and the formation of complex partnerships and vendor relationships across the healthcare industry, what might be a top risk at one healthcare organization might not be a top risk or even relevant at another; therefore, the risks have not been ranked.