New regulations, increasingly stringent compliance requirements, and increased stakeholder expectations are taking a heavy toll on companies across a wide array of industries, particularly finance and healthcare. In order to help ensure compliance and avoid fines that could significantly impact the bottom line, Self Regional Healthcare (SRH), an acute care hospital in Greenwood, South Carolina, USA, has worked hard to stay ahead of the curve. Deadlines to implement new systems and processes under the Patient Protection and Affordable Care Act loom large; Anna Cuson, Senior Internal Auditor, and the internal audit team have been facing the challenges head on.
Strategic Risk-Based Auditing
Risk management, regulatory compliance, and transparency are always critical areas for auditors and business executives, but during times of regulatory change these areas must be closely and continuously monitored. Otherwise, minor issues can quickly grow into massive problems. Self Regional’s internal audit department proactively took steps to provide management with
straightforward answers about which risks are top priority based on likelihood and impact. It was clear early on, however, that the department would be required to do more without additional staff or resources.
Data-Driven Audit Management
As part of their risk-based audit strategy, Cuson planned a comprehensive risk assessment at all levels of the organization including function level, the C-Suite, and the Board of Trustees (Board). Management was also looking for ways to automate the process. Cuson needed to roll out the risk assessment, collect and analyze results, and present the audit plan to the Board within six weeks.
To ensure that nothing fell through the cracks, the internal audit team considered risks at all levels. In this case it was crucial to view the full population of risks related to key activities including patients, records, common practices, management concerns, staffing levels, and other risks present within a healthcare entity. Given the tight deadline to turn around a clear and concise report for stakeholders, it was necessary to implement a flexible solution that would allow Internal Audit to store historical data and accommodate adjustments to the audit plan based on SRH’s needs. To effectively tackle the multitude of challenges, SRH’s Internal Audit deployed ACL™ GRC, an audit management software solution that manages the process of assessing risk, planning and organizing projects, analyzing data, communicating issues, and visually sharing findings.
Seamless Audit Process & Executive Reporting
Historically, the audit process involved disparate solutions, including data analytics tools, Microsoft Excel, Word, and PowerPoint. In addition, audit reports had to be separated into different versions to address the needs of specific stakeholders: one for the business owner, another for the audit committee, and a high-level report for the Board. Producing multiple levels of reporting — and managing edits across all versions — requires a significant time commitment. Cuson and her team needed every hour spent on this task to be focused on value-add activities. With ACL GRC’s ability to collect and visualize findings, internal audit is able to focus on presenting data that explains issues rather than spending time on redundant clerical tasks that add no value. For example, instead of adjusting the report for each stakeholder by overhauling entire spreadsheets and then transferring information to the preferred version of document, the auditors were able to simply adjust a setting in the ACL GRC system and immediately deliver the desired information. The entire audit history was saved automatically in one place and everything could be accessed by any professional across different departments through the user-friendly interface of the cloud-based platform
Reducing Time Spent on Administrative Tasks by 75%
“Not only did we meet our deadline, but time spent on administrative tasks was reduced by 75 percent,
allowing us to expand our scope of audits and allocate more time toward one-on-one time with
management,” said Cuson.
The visual, easy-to-decipher reports have been a hit throughout the organization. Executives and Board
members can identify specific risks and the impact each risk would have, allowing them to prioritize
issues quickly and to develop a remediation plan for potential damage.
“ACL GRC was instrumental in meeting our deadline and delivering comprehensive reporting that exceeded the initial goal,” said Cuson. “While the software took care of the time consuming administrative tasks, my team was able to focus on audits for the risk assessment and delivering the highest quality information to executives and the board of trustees — valuable insight into risks and opportunities for which our internal audit team is now sought after.”