Health Care Industry
Industry: Email Alert RSS FeedEvaluating internal financial reporting controls
Healthcare Financial Management, August, 2005 by Norman H. Godwin, Jennifer M. Mueller
INTERNAL CONTROL EVALUATION TEMPLATE
(A)
Business unit Outpatient Surgery
Business unit manager [Name]
Process Admission of patients to outpatient
surgery
Process objective(s) related To efficiently and effectively
to financial reporting collect appropriate patient
information to facilitate billing
and manage the hospital's liability
with respect to the patient
Responsible for process [Name and title]
(B)
Risk Assessment
Risk Identified in the Process Damage ($) Likelihood (%)
(what could go wrong) H/M/L H/M/L
Receipt of invalid insurance M M
policy number from patient
(requiring reconciliation and
collection, if possible)
(C)
Control Evaluation
Controls Identified Type Employee Responsible Information Output
(policies, proce- P/D (if different from Related to Control
dures, standards) process owner noted (reports, documenta-
above) tion, data files,
etc.)
Obtain valid P Admissions clerk --
identification from
patient
Verify coverage with P Admissions clerk --
insurance provider
(either by phone or
network)
Perform timely D Accounts receivable Edit report of
analysis of rejected clerk (billing rejected claims
claims (insurance department)
collections process)
(D)
Effectiveness Notes Regarding Effec-
E/NI/I tiveness of Control
E --
NI Often fail to perform due
to time constraints
NI Analysis often delayed
due to backlog
(E)
Gap Analysis
Gap Notes Regarding the Gap
NG/MG/G
MG Failure to properly verify coverage and
promptly respond to rejected claims creates
a financial exposure and ineffective
collection of receivables.
(F)
Action Plan
Action Plan
Reference
Abbreviation Key:
Risk Assessment
H = high; M = medium; L = low
Control Type
P = preventive; D = detective
Control Effectiveness
E = effective; NI = needs improvement;
I = ineffective
Gap Analysis
NG = no gap; MG = marginal gap; G =gap
Section 404 of the Sarbanes-Oxley Act of 2002, known as the "internal controls section." requires publicly traded companies to have inter nal financial reporting controls in place and to be able to state that those controls are effective. Although Section 404 does not apply to not-for-profits, similar requirements may be on the horizon, and many healthcare organizations are evaluating their financial reporting controls as if they are subject to Section 404.
Most RecentHealth Care Articles
Does your organization understand its internal financial reporting controls? Periodic reviews of such controls are critical to the integrity of your financial reporting. The accompanying tool, an evaluation template for financial reporting practices, can be used to document this review.
Identify Business Processes
When evaluating internal financial reporting controls, first determine the key business processes within the organization that affect its financial statements. Then identify the objective(s) of each process, as well as the individual responsible for that process (see Part A of the evaluation template).
Identify What Can Go Wrong
In the next step, consider what could go wrong within those processes. Each risk should be evaluated along two dimensions: potential financial damages and likelihood of occurrence. Documenting the seriousness of each risk will help you prioritize any plans of action generated from the evaluation (see Part B).
Identify the Controls
Following the risk assessment, identify the controls in place that reduce the possibility of those risks, as well as the employee responsible for completing that control procedure. The controls should then be classified as either preventive (they attempt to keep a problem from occurring) or detective (they alert someone that a problem has occurred). Although organizations need both types of controls, a high ratio of detective to preventive controls may indicate a weaker control environment (see Part C).
Evaluate the Controls
In this essential step, evaluate the effectiveness of each control. Several ways to determine effective ness are to observe employees performing their job functions; examine evidence of completed controls on documents; and review complaints from clients, customers, or other business units within the organization. When conducting the evaluation, use standard responses (e.g., effective, needs improvement, ineffective) so that problematic controls can quickly be identified and actions can easily be prioritized (see Part D).
Analyze the Gaps
Once your evaluation is complete, identify the gaps through which the organization is exposed. To identify gaps, look for risks for which no controls (or only detective controls) exist, and for existing controls that are not functioning properly (see Part E).
Brought to you by CBS MoneyWatch.com
- Best- and Worst-Paid College Degrees
- 6 Things You Should Never Do on Twitter or Facebook
- How Much Sleep Do You Really Need?
- 6 Big Myths about Gas Mileage
Most Recent Health Articles
Most Recent Health Publications
Most Popular Health Articles
- Make running easier: with this unique 'pose running' technique, you'll learn to actually enjoy your fat-burning sessions
- 50 home remedies that work: these safe, fast, and effective fixes will relieve what ails you - Cover Story
- Detox in 7 days: a detoux diet can help you shed up to 10 pounds and leave you feeling terrific. Our weeklong plan shows you how to lose the weight and keep it off - Cover story
- Treat sinusitis naturally: breath easy and relieve sinus pressure with these remedies - Quick Fixes and Long-Term Solutions
- All about nightshades: explore the hidden hazards of your favorite food with macrobiotic nutritionist Lino Stanchich
Most Popular Health Publications
Content provided in partnership with
Presented by American Express