Documenting Revenue Cycle Processes for Optimization and Section 404 Compliance
Business Risk
Technology Risk
Internal Audit
Agenda Pa
• Year One – Overview • Our Approach to 404 • Provider Revenue Cycle – What are the Risks? • Provider Revenue Cycle – What are the Controls?
Copyright Protiviti, Inc. 2005
2
Pa
Year 1 – Overview
Copyright Protiviti, Inc. 2005
3
Recent SOX Discussions Pa
On May 6, 2005, the Dow Jones Newswire reported that during a speech, Congressman Michael Oxley conceded the following: 9 "Pendulum had probably swung too far, and that it probably would have been reasonable to limit Sarbox requirements to companies with assets above a $5 billion threshold.“ 9 Oxley further stated that "any changes will be up to the SEC and PCAOB, and that trying to reopen the legislation now is ‘not realistic.’"
Copyright Protiviti, Inc. 2005
4
Recent SOX Discussions Pa
On April 21, 2005, the U.S. House Committee on Financial Services held a hearing on the impact of SOX.
Testifying at the hearing were SEC Chairman William Donaldson and Public Company Accounting Oversight Board (PCAOB) Chairman William McDonough.
Highlights included: 9 "Short-term costs" will improve internal control over financial reporting, and the long-term benefits would be "structurally sounder corporate practices and more reliable financial reporting.“ 9 The SEC expressed a sensitivity to the need to recalibrate and adjust its rules and guidance to avoid unnecessary costs or unintended consequences, and will remain committed to SOX.
Copyright Protiviti, Inc. 2005
5
Recent SOX Discussions Pa
Additional highlights included: 9 Some participants in the initial implementation phase may have taken an approach that resulted in excessive or duplicative efforts. 9 Some companies have charged that auditors are implementing the PCAOB Auditing Standard No. 2 (AS2) with a "check-the-box" mentality, an approach that focuses on minutiae that are unlikely to affect the financial statements. 9 The focus of auditor should be on what is "material to the financial statements, not on the trivial." 9 Auditors should not allow an emphasis on computer systems, for example, to distract them from the more qualitative risks of misconduct by top management.
Copyright Protiviti, Inc. 2005
6
SOX Year 1 Compliance - Overview Pa
SOX is the most sweeping U.S. securities legislation since the Securities Act of 1933 and the Securities Exchange Act of 1934.
Estimates of the total cost to U.S. companies for SOX compliance in 2004 are in excess of $35 billion.
The legislation is "here to stay" even if modified in the future as a result of current SEC roundtable meetings and other discussions.
As of March 16, 2005, 11% of filers had reported material weaknesses under provisions of the Sarbanes-Oxley Act.
Overall, stocks on filers reporting material weaknesses did decrease slightly, however, only around 2% to 4% (small cap companies were more affected than larger cap).
The following slides are highlights from a study by the Corporate Executive Board, entitled "SOX 404 Triggering Delayed Filings And CFO Turnover," which include some interesting results from Year 1.
Copyright Protiviti, Inc. 2005
7
SOX Year 1 Compliance - Overview Pa
The study at left highlights the average Year 1 resources spent on SOX compliance (Section 404).
Copyright Protiviti, Inc. 2005
8
Compliance Week - Overview Pa
Based on a large sample of 2005 disclosures, "financial systems and procedures" and "personnel issues" continue as the most commonly cited internal control deficiencies. The following weaknesses were cited: 9 Lease Accounting 9 Accounting Policies and Practices 9 Inexperienced Staff or Lack Thereof 9 Taxes 9 GAAP Calculations and Policies 9 Revenue Recognition 9 Monitoring 9 Third-Party Relationship (e.g., strategic supplier relationship, etc.) 9 International and Merger and Acquisitions 9 Control Environment (e.g., integrity, ethical values, etc.)
Copyright Protiviti, Inc. 2005
9
SEC Roundtable Discussion Pa
On Wednesday, April 13, 2005, the SEC hosted a roundtable discussion on the implementation of the internal control reporting requirements for public companies as outlined under Section 404 of SOX.
The Commission invited representatives of public companies, auditors, investors, members of the legal community, and others to participate in the roundtable and discuss "lessons learned" from Year 1 compliance.
Several themes emerged, including: 9 Overall consensus was that the Section 404 "concept" is valid 9 Year 1 compliance and auditing costs were too high and must be reduced going forward ("cost / benefit equation is out of balance") Lack of documentation Inadequate attention to and emphasis on improving internal control over financial reporting
Copyright Protiviti, Inc. 2005
10
SEC Roundtable Discussion Pa
Several themes emerged, including (continued): 9 Year 1 was a learning experience impacted by the timing of the release of PCAOB AS2 and other guidance materials 9 Year 2 cost reductions should be realized due to the carry-forward of Year 1 documentation and implementation of a risk-based approach 9 The Year 1 approach gave equal weighting and emphasis to high risk and low risk areas 9 A risk-based approach is needed 9 Best practice examples are needed 9 Not all material weaknesses are created equal Companies need clarification around the assessment, aggregation, and classification of control deficiencies
Copyright Protiviti, Inc. 2005
11
Other Lessons Learned Pa
Answer key scoping questions early 9 Which financial reporting elements? 9 Which units and locations? 9 Which processes? 9 Which systems?
Focus on priority financial reporting elements, assertions and risks 9 Use process maps and / or other supporting documentation to provide the most effective "walkthrough" 9 Link priority elements, processes, key assertions, risks and controls 9 Integrate IT risks and controls with the assessment
Engage the unit managers and process owners 9 Both in-house and outsourced 9 Establish accountability 9 Make sure they are ready for the walkthroughs
Copyright Protiviti, Inc. 2005
12
Other Lessons Learned Pa
As early as possible in the process 9 Assess your entity-level controls 9 Evaluate your general IT and application controls 9 Plan on making fraud explicit in the assessment
Pay attention to details 9 Read the standard and document your roadmap for complying with the standard 9 Expect Year 1 compliance to be a learning experience
Work with the external auditors throughout the process 9 Understand expectations and timing requirements 9 Conduct periodic checkpoints 9 Plan to give the auditors sufficient time
Copyright Protiviti, Inc. 2005
13
Other Lessons Learned Pa
Define the testing plan / "rules of engagement" up-front 9 Filter the controls to test 9 Define the "failure conditions" 9 Articulate testing documentation protocols 9 Decide what to do when failure conditions are encountered 9 Vary testing scopes according to frequency of the control 9 Test at least to the same degree that the auditor would 9 Automated controls need be tested only once 9 Use competent and objective evaluators 9 Don’t forget year-end updates
Copyright Protiviti, Inc. 2005
14
Other Lessons Learned Pa
Consider nature and extent of remediation timely 9 Begin evaluation process ASAP - classifying borderline deficiencies will be difficult 9 Tackle significant design deficiencies ASAP 9 Thoughtfully remediate operating deficiencies 9 Be sure to retest remediated controls
Copyright Protiviti, Inc. 2005
15
Management Best Practices Pa
Top management support is vital; the project can’t succeed without it
Budget for it and commit – be serious and set the tone: 9 Don’t ignore the clock – this is a BIG effort 9 FEI studies report an under-estimation of overall effort 9 Start as early as you can
Take charge – some common pitfalls to avoid: 9 Project is managed at too low a level within the organization 9 Project team gets lost in irrelevant details 9 Key scoping decisions remain unaddressed too long
Walk through the major processes yourself
Copyright Protiviti, Inc. 2005
16
Management Best Practices Pa
Insist on status reports
Obtain sub-certification by others
Communicate up, down and across the organization
Establish a Steering Committee to maintain senior management sponsorship
Top management support is vital; the project can’t succeed without it
Budget for it and commit – be serious and set the tone: 9 Don’t ignore the clock – this is a BIG effort 9 FEI studies report an under-estimation of overall effort 9 Start as early as you can
Copyright Protiviti, Inc. 2005
17
Management Best Practices Pa
Walk through the major processes yourself
Insist on status reports
Obtain sub-certification by others
Communicate up, down and across the organization
Establish a Steering Committee to maintain senior management sponsorship
Copyright Protiviti, Inc. 2005
18
Potential Obstacles / “Nightmares” Pa
Company or external auditor testing of remediated controls prove they are not working
"New scope" items created by external auditor
No time left to remediate issues
Fraud occurs, not contemplated by existing controls
Key fourth quarter or annual controls do not work
Large financial statement adjustment NOT detected by management
Large financial statement adjustment detected by management but affecting prior quarters
Audit Committee is deemed ineffective
Fraud programs and controls not thoroughly documented
Issues in general IT control environment
Sample sizes not large enough
Deficiency / material weaknesses definition disagreements
SAS 70 issues
Copyright Protiviti, Inc. 2005
19
Pa
Protiviti Approach
Copyright Protiviti, Inc. 2005
20
Our Recommended 404 Methodology Pa
Financial Financial Reporting Reporting Requirements Requirements Entity-Level Entity-Level Controls Controls
Components of Internal Control Reporting
Protiviti’s Approach
Set Set Foundation Foundation
IT IT Controls Controls
Sarbanes Sarbanes Diagnostics Diagnostics Tools & Technology
Control Control Improvements Improvements
Control Control Design Design
Relevant Relevant Processes Processes
Control Control Operation Operation
PHASE I
PHASE II
PHASE III
PHASE IV
Assess Assess Current Current State State and and Identify Identify Relevant Relevant Processes Processes
Document Document Design Design and and Evaluate Evaluate Critical Critical Processes Processes and and Controls Controls
Design Design Solutions Solutions for for Control Control Gaps Gaps
Implement Implement Solutions Solutions for for Control Control Gaps Gaps
Knowledge Sharing
Project Management
IT IT Organization Organization and and Structure Structure
Process Process Risks Risks
IT IT Entity-Level Entity-Level Control Control Evaluations Evaluations
Communication
Internal Internal Control Control Report Report
Report Report
Continuous Improvement
IT Control Considerations
IT IT Process Process Level Level Control Control Evaluations Evaluations
TM)) Process Process Management Management (SarbOx (SarbOx Portal PortalTM
TM)) Assessment Assessment Management Management (The (The Self Self Assessor AssessorTM
Knowledge Knowledge Management Management
Copyright Protiviti, Inc. 2005
21
Selecting Significant Financial Reporting Elements Pa
Financial Statement Elements
Prioritization elements
Factors to consider in determining key financial reporting elements: (1) Materiality of financial statement items; (2) Degree of volatility of the recorded amount over time; (3) Degree of subjectivity used in determining account balance; (4) Susceptibility to error or omission as well as loss or fraud; and (5) Complexity of calculation
Individual risk rankings Copyright Protiviti, Inc. 2005
Overall element risk ranking 22
Overall Financial Element Ranking Pa
In order to prioritize processes that affect financial reporting controls, the most recent fiscal year ending financial statements will be reviewed to determine the critical reporting elements. Each key financial statement element will be rated (on a scale of high-medium-low) by management on the following factors: – Materiality of the balances – Degree of volatility in balances from quarter to quarter – Velocity (the number of transactions in the account) – Subjectiveness in determining significant estimates – Susceptibility to error or omission as well as manipulation or loss – Complexity of calculation % of the respective category of IHC LOW MEDIUM HIGH Materiality will be determined based on Total Assets Liabilities & Net Assets Operating Revenue Operating Expenses
0% - 5%
5% - 10%
>10%
In establishing the overall score, materiality will be counted twice. The overall score will be established by assigning weights of 3, 2 and 1 to factors that were rated high, medium and low, respectively. An overall rating will be assigned to each financial statement element, based on this overall score. A high level analysis will be performed to ensure the results are in line with expectations (ie. Expected A/R to be assessed as high, is it?) (Does it pass the “sniff” test?). Copyright Protiviti, Inc. 2005
23
Process Classification Scheme Pa
Process Classification Scheme is a tool to categorize key business processes within a business, and to develop an enterprise’s “process universe” The universal model shown here can be customized to include the key processes for any organization The objective, however, is to identify the major transaction flows
Copyright Protiviti, Inc. 2005
24
Process Prioritization Pa
Financial Elements / Business Process Matrix Financial statement notes and disclosures
Income tax
Net interest
Operating and administrative expenses
Cost of sales
Sales
Shareholders' equity
Deferred income taxes and other long-term liabilities
Long-term debt
Other current liabilities
Current portion of long-term debt
Taxes payable
Employee compensation and benefits
Accounts payable
Other long-term assets
Intangible assets
Goodwill
Property
Other current assets (prepaid expenses, etc)
Deferred income taxes
Receivables
Merchandise inventories
Key Business Processes / Key Sub-Processes
Cash and cash equivalents
Priority Financial Statement Elements
(a) Importance to financial reporting
(b) Likelihood of control issues
1. Cash Management 1.1 Manage Line of Credit and Other L/T Debt 1.2 Cash Handling 1.2.1 Stores 1.2.2 Corporate Offices 1.3 Bank Reconciliations 1.4 Investments 2. Accounts Payable 2. Accounts Payable 3. Payroll 3.1 Payroll Processing 3.2 Benefits Processing 3.3 Workers' Compensation 3.4 Bonuses 4. Revenue 4.1 Revenue Recognition
Framework Interpretation:
HIGH
MEDIUM
LOW
• The business processes listed represent sample processes that affect significant transaction flows. • The matrix links priority financial reporting elements to business processes Copyright Protiviti, Inc. 2005
25
Process Prioritization High
Pa
Contractual Allowances
Significance
A/P & Cash Disbursements
Payroll Employee Master
Medical Records
Receivables Management
Employee Managed Benefit Plan
Debt
3rd Party Payor Settlements
Management
Fundraising
Income Tax Provision and Compliance
Amortization of
Incentive Compensation
Prepaid and Intangibles
Low
IT Controls
Inventory Management
Processing
Manage Travel & Entertainment Expenses
Low
Copyright Protiviti, Inc. 2005
Revenue Cycle: • Registration/Admissions • Medical Records • Charge Capture/Charge Posting • Charge Master Maintenance • Billing • Receivables Management • Allowances
CDM Maintenance
Purchasing
Close the Books
Treasury: • Cash Management & Marketable Securities • Debt Management • Fundraising
Billing
Charge Capture/Posting
Asset Management
Cash Mgt. & Mrktble Securities
Processes
Registration / Scheduling
Payroll & Benefit Changes
HR and Payroll: • Payroll/Benefit Changes • Employee Managed Benefit Plan • Payroll Management • Incentive Compensation Risk Management • Risk Management
Risk Management
Taxes • Income Tax Provisions and Compliance
Capitation Management
Risk
Procurement: • Purchasing • AP & Cash Disbursement • Asset Management • Inventory Management • Amortization of Prepaid/Intangibles • Manage Travel and Entertainment Expense
Financial Reporting: • Close the Books • Third Party Payor Settlements • Budgeting, Forecasting and Management Reporting • Financial Statement Disclosures
High
Information Technology • IT General Controls
26
Materiality – Define Control Units Pa
One of the key processes in developing a project plan is to determine how many business units / locations are part of the SOX scope. The process used to reach the decision is the Accounting Standards Board (and Public Company Accounting Oversight Board’s) "decision tree" shown below. IsIs location location or or business business unit unit individually important? individually important?
Yes
No
Are Are there there specific specific significant significant risks? risks?
Evaluate Evaluate documentation documentation and and test test significant significant controls controls at at each each location location or or business business unit? unit?
Yes
Evaluate Evaluate documentation documentation and and test controls over specific risks? test controls over specific risks?
Yes
No No further further action action required required for for such such units. units.
No
Are Are there there business business units units or or locations locations that that are are not not important important even even when when aggregated aggregated with with others? others? No
Are Are there there business business units units or or locations locations documented documented entityentitywide wide controls controls over over this this group? group?
Yes No
Unit Unit 11
Unit Unit 22 Unit Unit 33
Evaluate Evaluate documentation documentation and and test controls over group. test controls over group. Some Some testing testing of of controls controls at at individual individual locations locations or or business business units units required. required.
Recommended best practices would include formalizing this process, including management’s assessment over which business units / locations are in scope, and why management determined that some business units are not part of scope. In order to determine overall "importance," companies are using total revenues, total assets, and / or pre-tax income, as the basis for the materiality decisions. Copyright Protiviti, Inc. 2005
27
Pa
Phase II - Documentation
Copyright Protiviti, Inc. 2005
28
Risk and Control Matrix Pa
The Risk and Control Matrix is utilized to link our risks to assertions and ultimately to the risk controls. The Risk and Control Matrix should answer these questions: 1) What are the risks? 2) What are the controls? 3) Who owns the process/controls? 4) How are the controls performing? The Risk Control Matrix is one of the key documents developed for each process!
Copyright Protiviti, Inc. 2005
29
Risk and Control Matrix Pa
This is an example of a Risk and Control Matrix template. Population of the risk and control matrix is the end objective of the documentation efforts. Risk and Control Matrix Org Process Process Owner COSO Objective Fin. Reporting Element
ID
Risk
Copyright Protiviti, Inc. 2005
Financial Statement Assertion
Control Activity
Control Type
Design Assessment
Operating Assessment
30
Process Maps Pa
• Provides a high level overview of the key components that comprise each cycle • Process maps provide the blue prints and actually facilitate the development of the process narratives to be completed. • Serve as an effective tool to source risks and corresponding control points within a given process • Depicts the interfaces that may exist within the process between key functions.
Copyright Protiviti, Inc. 2005
31
Pa
WD 1
Workday:
IT Department generates Stock Ledger report for input into the General Ledger (GL) System
Sales and Inventory systems are closed (usually on a Saturday - last day of period)
Information Technology General Ledger Group AP Department
Level 3 – Process Map
WD 2 through WD 5 IT Department generates sales spreadsheet (in POS) for upload into the GL system
END
GL Personnel are responsible for entries such as fixed assets, prepaid amort., Payroll, etc.
Summary page of Stock Ledger report is printed which lists all transactions into the system for the month
GL Group receives Stock Ledger report for manual entry of cost entries GL system
Reverse accrual entries from prior month
START 1
1
2
2
3
Personnel within GL Group close specific financial statement captions
GL Group receives sales spreadsheet from IT and uploads to GL
3 5a
5
8
4
4
Accounts Payable close - all AP related accruals booked by AP Department
1
1
2
2
8
9
Page 2
11 6
Reversing entries are completed right after the previous month’s close
6
7
8
9
10
Flowchart Legend END Risk
Control in place, operating effectively
Control in place, not operating effectively
Report
System
Predefined Process
The AP close process is a separate process performed by AP Dept. (see narrative on AP close process for further details)
Copyright Protiviti, Inc. 2005
Recurring entries are made (2 types: (1) same amount each month (2) different amount but recurring entry each month)
No control in place
Notes
Flow Terminator
Off-page Connector
Process
Decision Point
32
Process Narrative Pa
• Process narratives are used in conjunction with the process flows to provide detailed descriptions of each process point. • The process narrative allows the documenter the capacity to qualify processes beyond what graphical documentation can provide. • The premise for the narrative is to describe why, when and how the process occurs, as well as what is created during the process and who is involved in the process. • The ultimate objective for creating each process narrative is to extract control detail and determine assertions and related risks applicable to each process.
Copyright Protiviti, Inc. 2005
33
Pa
Provide Revenue Cycle – What are the Risks?
Copyright Protiviti, Inc. 2005
34
Provider Revenue Cycle Pa
Delinquent Accounts/ Collection Agency
Scheduling/Verification/ Pre-Certification/Pre-Admissions Registration/ Admission
Account Follow-up
Charge Capture/ Utilization Review/ Care Coordination
CDM/Health Information Management/ Coding
Collections/ Payment Posting
Billing
Copyright Protiviti, Inc. 2005
35
What are Risks? Pa
Risk represents “what can go wrong” in a process. By identifying the risks in a process, the evaluator can focus on whether the controls mitigate the risk. Risk is the threat that an event, action, or non-action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies successfully. Risk is measured in terms of consequences and likelihood.
Copyright Protiviti, Inc. 2005
36
Provider Revenue Cycle Risks Pa
Registration/Admissions 9 Patient is invalid or unauthorized
Delinquent Accounts/ Collection Agency
9 Changes to the ADT system are not complete and accurate
Charge Capture
Registration/ Admission
Account Follow-up
9 Eligibility and verification checks are not performed on a timely basis
Scheduling/Verification/ Pre-Certification/Pre-Admissions
Charge Capture/ Utilization Review/ Care Coordination
CDM/Health Information Management/ Coding
Collections/ Payment Posting
Billing
CDM
9 Charges for services are not captured completely and accurately
9 Additions/deletions/change s are not processed completely and accurately
9 Charges for services are not posted completely and accurately
9 Additions/deletions/change s are not appropriately authorized
Copyright Protiviti, Inc. 2005
37
Provider Revenue Cycle Risks (cont.) Pa
Billing 9 Billing occurs for services that have not been rendered
9 New bills or changes to existing bills are not appropriately captured in the BAR system and GL
Registration/ Admission
Account Follow-up
9 Billing does not occur for all services provided 9 Bills are not processed completely, accurately and timely
Scheduling/Verification/ Pre-Certification/Pre-Admissions
Delinquent Accounts/ Collection Agency
Charge Capture/ Utilization Review/ Care Coordination
CDM/Health Information Management/ Coding
Collections/ Payment Posting
Billing
Collections/Payment Posting/Account Follow up 9 Payments are not posted completely and accurately 9 Refunds or credits are processed without the appropriate authorizations 9 A/R aging is not reviewed on a timely basis
Copyright Protiviti, Inc. 2005
38
Provider Revenue Cycle Risks (cont.) Pa
Allowances 9 Follow-up on outstanding bad debt is not performed completely, accurately and timely 9 Bad debt write-offs are not appropriately authorized 9 Appropriate bad debt reserve is not established on uncollectible accounts 9 Bad debt reserves are not recorded completely and accurately
Copyright Protiviti, Inc. 2005
Delinquent Accounts/ Collection Agency
Scheduling/Verification/ Pre-Certification/Pre-Admissions Registration/ Admission
Account Follow-up
Charge Capture/ Utilization Review/ Care Coordination
CDM/Health Information Management/ Coding
Collections/ Payment Posting
Billing
9 Charity care write-offs are not appropriately authorized 9 Appropriate contractual allowance reserve is not established
39
Pa
Provide Revenue Cycle – What are the Controls?
Copyright Protiviti, Inc. 2005
40
Internal Control Pa
Control is about setting and achieving defined objectives. It’s also about effective procedures. Control activities that help manage risks while encouraging flexibility and innovation.
Clear Objectives Effective Procedures Flexibility & Innovation
The CEFI model.
Copyright Protiviti, Inc. 2005
41
Standard Control Model Pa
The standard control model is setting standards, measuring performance, and correcting variances using feedback loops. Objectives Effectiveness and efficiency of operations Reliability of financial reporting Compliance with laws and regulations
Objectives Performance Standard Design Reporting System
Controls at their best: Agreed roles and responsibilities Documentation that is verified Record of income and accountability Segregation of duties Review and monitoring committee Frequent checks
Actual Performance Actual versus Standard Take Action to Adjust Review and Monitor
Source: Pickett, K.H. (2001). Internal Control: A Manager’s Journey. New York: John Wiley & Sons, Inc.
Copyright Protiviti, Inc. 2005
42
Control Techniques Pa
Controls can be viewed as a series of concentric circles. There are myriad processes within a health system, and the necessary controls to achieve the objectives zero in to ever-tightening focus. Target the revenue cycle controls that mitigate the identified risks. Prevention techniques are designed to provide reasonable assurance that only valid transactions are recognized, approved and submitted for processing. Many of the preventive techniques are applied before the processing activity occurs. Segregation of Duties (Preventive – Manual) Configuration/Account Mapping Controls (Preventive – System) Detection techniques are designed to provide reasonable assurance that errors and irregularities are discovered and corrected on a timely basis. Detection techniques normally are performed after processing has been completed. Reconciliations (Detective – Manual) Key Performance Indicators (Detective – Manual) Copyright Protiviti, Inc. 2005
43
“Front-End” Controls Pa
Delinquent Accounts/ Collection Agency
Scheduling/Verification/ Pre-Certification/Pre-Admi ssions Registration/ Admi ssion
Account Follow-up
Patient Care/ Utilization Review/ Care Coordination
“Front-end” information is crucial to meeting Revenue Cycle control objectives. If information is not captured correctly, the entire billing process is compromised from the start.
Health Information Management/Medical Coding
Collections/ Payment Posting
Billing
“Front-End” Internal Controls • Pre-Admissions for Scheduled Procedures/Admits • Follow-up on Missed Appointments • Validate ID and Insurance Card • Required Data Fields • Verify Insurance Eligibility • MPI Maintenance & Cleanup
Copyright Protiviti, Inc. 2005
•
Meet Regulatory Requirements – MSP Questionnaire – ABN – EMTALA
44
“Middle” Controls Pa
Delinquent Accounts/ Collection Agency
Scheduling/Verification/ Pre-Certification/Pre-Admi ssions Registration/ Admi ssion
Account Follow-up
Patient Care/ Utilization Review/ Care Coordination
Collections/ Payment Posting
The “middle” of the Revenue Cycle is where the tests, procedures, supplies, pharmaceuticals, and treatment administered to the patient are documented and codified for billing, regulatory reporting, and risk management purposes.
Health Information Management/Medical Coding
Billing
“Middle” Internal Controls • Charge Master Review Committee • Routine Code Updates • Charge Review Nurse Audit • Up-to-Date Charge Tickets • Chart to Bill Audits
Copyright Protiviti, Inc. 2005
45
“Back-End Controls Pa
Delinquent Accounts/ Collection Agency
Scheduling/Verification/ Pre-Certification/Pre-Admi ssions Registration/ Admi ssion
Account Follow-up
Patient Care/ Utilization Review/ Care Coordination
Collections/ Payment Posting
Health Information Management/Medical Coding
Billing
The “back-end” processes of Billing, Collections and Cash Posting are the final steps to turning patient encounters into net revenue. In theory, if everything is performed correctly up to this point these processes should be automatic. However, that is rarely the case and internal controls are needed to Ensure the final steps of the Revenue Cycle are carried out effectively and efficiently.
“Back-End” Internal Controls • Daily Billing Control Points Reconciliation • Feedback loops to Clinical Departments, HIM • Denial Management Reports • Electronic Posting • Lockbox • Segregation of Duties • Performance Metrics & QA • Management approval through delegation of authority guidelines Copyright Protiviti, Inc. 2005
46
Effects of Entropy Pa
Effective Revenue Cycle internal controls ensure that the processes that make up the systems are current, relevant, effective, and efficient. If the controls are not properly maintained, over time the Revenue Cycle will break down.
Effects of Revenue Cycle entropy are: Inaccurate financial statements Loss of Revenue Financial Loss Regulatory Compliance Violations Staff Turnover / Lack of Motivation Patient Dissatisfaction Facility Closure
Copyright Protiviti, Inc. 2005
47
Effects of Internal Control Pa
Establishing objectives and strengthening the controls to meet those objectives means positive returns for the health care provider. Risks are mitigated, staff are focused in the same direction, roles and responsibilities are defined, and there is accountability for results.
Returns can be seen in the form of: Accurate financial statements Improved Cash Flow Lower A/R Days Reduced Bad Debt Regulatory Compliance Patient Satisfaction Employee Satisfaction Healthy Work Environment
Copyright Protiviti, Inc. 2005
48
Internal Controls Summary Pa
•
The starting place for controls is to decide what you really want to do. Everything else flows from this.
•
Control is about having an aim, making sure you have the means to achieve it, and managing those risks that can impair your ability to get there. It’s a driving force that moves you in the right direction, but it sets your energies within a framework of policies, guidelines, ethical rules, and accountability.
•
It seeks to promote achievement but also depends on compliance with these policies.
•
Also, it should provide safeguards against fraud and corruption and make sure value for money is secured.
Source: Pickett, K.H. (2001). Internal Control: A Manager’s Journey. New York: John Wiley & Sons, Inc.
Copyright Protiviti, Inc. 2005
49
Pa
Questions?
Copyright Protiviti, Inc. 2005
50