A Case for the Value and Importance of Independent Internal Auditors in Contracting for Fee-For-Service, Alternative, and Value-Based Mental and Behavioral Health Services
A State of Oregon Healthy Contracts Discussion Outline
Oregon Healthplans currently operate without a specific state law mandating the use of independent certified internal auditors or requiring these internal auditors to report directly to their board or independent audit committee. However, state audit practices align with principles of auditor independence to ensure effective oversight, particularly in the administration of Medicare, Medicaid or taxpayer funds. Best practices in internal auditing, recommended by bodies like the Institute of Internal Auditors (IIA), and the U.S. Office of Inspector General (OIG), emphasize the importance of transparency, accountability, and compliance. Legislating or voluntarily adopting these best practices can significantly enhance the integrity and effectiveness of Healthplan contracting operation, ensuring they meet regulatory standards, and achieve shared values and objectives using controls that a reliable, valid, useful and and provide high-quality care. This article considers the current landscape of internal auditing in Oregon's Healthplans providing guidance outlines for discussion of the advantages and challenges of retaining independent certified internal auditors.
For more information see:
Definitions for Healthy Contracts.
https://www.mentorresearch.org/healthy-contracts-bill-definitionsImportance of Transparent Shared Values, Objectives, Controls, Key Indicators of Success, Tests of Design, and Tests of Effectiveness in Value-Based Payment Contracts for Mental and Behavioral Health Services.
https://www.mentorresearch.org/importance-of-shared-values-objectives-indicators-of-successWhat is a Control Library?
https://www.mentorresearch.org/control-library
Internal Audit Overview:
1. Internal Audit Function:
The internal audit function in Oregon state agencies is designed to be an independent, objective assurance and consulting activity aimed at adding value and improving operations. This function focuses on fiscal accountability and performance, providing management with appraisals, analyses, and recommendations concerning the activities reviewed.
2. Statewide Internal Audit Coordination:
The Oregon Department of Administrative Services (DAS) oversees the coordination of internal audit activities across state government to promote effectiveness. This includes the Chief Audit Executive Council (CAEC), which helps coordinate and share information to enhance the effectiveness of internal audits among state agencies.
3. Reporting Structure:
Best practices recommended by the Institute of Internal Auditors (IIA) suggest that internal auditors should report functionally to an independent audit committee or a board of directors, ensuring their independence from operational management. This practice is crucial for maintaining objectivity and providing unbiased evaluations of the organization’s activities.
4. Compliance and Oversight:
The Oregon Secretary of State's Audits Division conducts audits to ensure compliance with state and federal regulations, including those related to the administration of Medicare and Medicaid funds. These audits help ensure that health plans and other state agencies are using public funds appropriately and effectively.
U.S. Office of Inspector General (OIG) provides guidance on the appropriate and inappropriate reporting structures
The U.S. Office of Inspector General (OIG) provides guidance on the appropriate and inappropriate reporting structures for internal auditors, particularly in the context of healthcare organizations. The OIG emphasizes the importance of independence and objectivity for internal auditors to ensure effective oversight and compliance.
Key Points on Reporting Structure for Internal Auditors:
1. Independence and Objectivity:
Internal auditors must maintain independence from the areas they audit to ensure unbiased evaluations.
The reporting structure should support the independence of the internal audit function, avoiding conflicts of interest and undue influence from management.
2. Direct Reporting to the Board or Audit Committee:
The OIG recommends that internal auditors report directly to the board of directors, the audit committee, or another governing body rather than to senior management.
This structure helps ensure that internal auditors have the authority and support needed to perform their duties effectively and without interference.
3. Access to Senior Management and the Board:
Internal auditors should have unrestricted access to senior management and the board of directors to discuss audit findings, risks, and recommendations.
Regular and open communication with the board and audit committee is essential for addressing significant issues and ensuring that management implements corrective actions.
4. Dual Reporting Relationships:
The OIG supports a dual reporting relationship where internal auditors report functionally to the audit committee or board of directors and administratively to the organization's CEO or another senior executive.
This dual structure balances the need for independence with the practical requirements of day-to-day operations, such as budgeting and human resources.
5. Inappropriate Reporting Structures:
Reporting structures where internal auditors are subordinate to the areas they audit, such as reporting to the CFO while auditing financial controls, are deemed inappropriate.
Such structures can compromise the auditors' independence and lead to biased or incomplete audit findings.
OIG Compliance Program Guidance:
The OIG has issued compliance program guidance for various healthcare sectors, including hospitals, nursing facilities, and other healthcare providers. These documents often highlight the role of internal auditors and the importance of their independence in maintaining an effective compliance program.
Example from OIG Guidance:
In the "OIG Compliance Program Guidance for Hospitals," the OIG states:
"To maintain independence, the compliance officer should report directly to the hospital's CEO and the governing body. However, the compliance officer may also report to the hospital's General Counsel or another designated officer, as long as the compliance officer has direct access to the governing body."
This guidance underscores the importance of an independent reporting structure that allows internal auditors and compliance officers to perform their roles effectively without undue influence.
The U.S. Office of Inspector General provides clear guidance on the appropriate reporting structures for internal auditors in healthcare organizations to ensure their independence and effectiveness. Adhering to these guidelines helps organizations maintain robust compliance programs and effectively manage risks. For detailed information, organizations should refer to the specific OIG compliance program guidance relevant to their sector.
Examples and Guidance for Healthplans which are Integrated Delivery Networks
There are examples and guidance available for Healthplans that are also healthcare systems using internal auditors. These dual-role organizations, often referred to as integrated delivery networks (IDNs), benefit from internal auditing to ensure compliance, operational efficiency, and the effectiveness of both Healthplan operations and healthcare services. Examples of IDNs include Providence Healthplan and Kaiser Permanente.
Guidance and Use Cases
1. Institute of Internal Auditors (IIA) Guidance:
The IIA provides comprehensive guidance on internal auditing in healthcare organizations. The IIA’s Practice Guide: Internal Auditing in the Healthcare Industry offers specific advice on risk management, compliance, and operational audits tailored for healthcare systems and Healthplans.
The guide emphasizes the importance of internal auditors maintaining independence, having direct access to the board of directors or audit committee, and possessing expertise in healthcare regulations and standards.
2. American Health Lawyers Association (AHLA):
The AHLA provides resources and guidance on compliance and internal audits in healthcare. Their publications often discuss best practices for Healthplans and healthcare systems to use internal auditors effectively.
They highlight the need for internal auditors to focus on areas such as billing and coding compliance, adherence to value-based payment models, and the integration of clinical and financial data.
3. Centers for Medicare & Medicaid Services (CMS) Compliance Programs:
CMS requires Healthplans, particularly those offering Medicare Advantage and Part D plans, to have effective compliance programs. These programs often include internal auditing functions to monitor compliance with CMS regulations.
CMS provides guidance through its Medicare Managed Care Manual and Medicare Prescription Drug Benefit Manual, which outline expectations for internal audits and compliance activities.
Use Case Examples
1. Kaiser Permanente:
As one of the largest integrated healthcare systems in the U.S., Kaiser Permanente utilizes a robust internal auditing function to ensure compliance and operational efficiency. Their internal auditors review both Healthplan operations and healthcare delivery processes.
Kaiser’s internal audit department focuses on risk management, regulatory compliance, fraud prevention, and the effectiveness of internal controls. They also assess the implementation of value-based care initiatives.
2. Geisinger Health System:
Geisinger is another example of an integrated healthcare system that uses internal auditors to oversee both Healthplan and healthcare service operations. Their internal audit team plays a crucial role in monitoring compliance with federal and state regulations, particularly regarding their innovative payment models and care delivery strategies.
Geisinger’s auditors also evaluate the performance of their value-based payment models, ensuring that these initiatives achieve their intended outcomes of improved care quality and cost efficiency.
3. Intermountain Healthcare:
Intermountain Healthcare employs internal auditors to maintain oversight of their Healthplan and healthcare services. Their audit functions include evaluating financial reporting accuracy, compliance with healthcare regulations, and the effectiveness of their integrated care delivery systems.
Intermountain’s internal audit team is involved in assessing the performance of their value-based care contracts, ensuring that these models align with their goals of enhancing patient care and reducing costs.
Key Focus Areas for Internal Auditors in Integrated Healthcare Systems:
1. Compliance Monitoring:
Ensuring adherence to federal and state healthcare regulations.
Monitoring compliance with value-based payment model requirements.
2. Operational Efficiency:
Assessing the efficiency and effectiveness of healthcare delivery processes.
Evaluating the integration of clinical and administrative functions.
3. Risk Management:
Identifying and mitigating financial, operational, and compliance risks.
Implementing and monitoring internal controls to prevent fraud and abuse.
4. Performance Evaluation:
Reviewing the outcomes of value-based care initiatives.
Assessing patient satisfaction and quality of care metrics.
5. Financial Audits:
Ensuring accurate financial reporting and billing practices.
Monitoring the financial performance of Healthplan operations and healthcare services.
Guidance from organizations like the IIA, AHLA, and CMS, as well as use case examples from integrated healthcare systems like Kaiser Permanente, Geisinger, and Intermountain Healthcare, demonstrate the critical role internal auditors play in ensuring compliance, efficiency, and effectiveness. These examples highlight best practices and provide valuable insights for other Healthplans and healthcare systems looking to implement or enhance their internal audit functions.
Examples And Guidance for Healthplans Which Are NOT Part Of Integrated Delivery Networks
Health plans that are not part of an integrated delivery system can effectively use internal auditors to create, implement, and manage alternative and value-based contracts for mental and behavioral health services by focusing on several key areas. Here’s a detailed approach:
Role of Internal Auditors in Alternative and Value-Based Contracts
1. Contract Development and Review
Compliance and Risk Assessment: Internal auditors should assess proposed contracts for compliance with relevant laws and regulations, identifying any potential risks. This includes ensuring that contracts adhere to federal and state healthcare regulations, such as those from CMS.
Stakeholder Input: Gather input from various stakeholders, including legal, compliance, finance, and clinical departments, to ensure contracts are comprehensive and address all necessary aspects of mental and behavioral health services.
2. Implementation Oversight
Training and Education: Ensure that all involved parties, including providers and internal staff, are properly trained on the terms of the contracts and the expectations for value-based care.
Process Integration: Work with operational teams to integrate new contract terms into existing workflows, ensuring that the necessary systems and processes are in place to support alternative payment models.
3. Ongoing Monitoring and Evaluation
Performance Metrics: Establish clear metrics to evaluate the performance of value-based contracts. This includes quality of care, patient outcomes, provider performance, and cost-effectiveness.
Regular Audits: Conduct regular audits to ensure that contracts are being followed correctly and that expected outcomes are being achieved. This includes verifying that providers are meeting quality and performance standards and that payments are being processed correctly.
4. Compliance and Fraud Prevention
Compliance Monitoring: Continuously monitor for compliance with contract terms and regulatory requirements. Use data analytics to detect any anomalies or patterns that may indicate non-compliance or fraud.
Fraud Prevention: Implement robust fraud prevention measures, such as thorough vetting of providers, regular audits, and real-time monitoring of claims and billing practices.
5. Feedback and Improvement
Provider Feedback: Gather regular feedback from providers on the effectiveness of the contracts and any challenges they face in meeting the terms.
Continuous Improvement: Use audit findings and provider feedback to continuously refine and improve the contracts and the processes supporting them. This includes adjusting performance metrics, payment structures, and support systems as needed.
Detailed Steps for Implementation
1. Pre-Contract Phase
Market Analysis: Assess the market to understand the needs and capabilities of mental and behavioral health providers.
Risk Assessment: Identify potential risks associated with value-based contracts and develop mitigation strategies.
Contract Drafting: Work with legal and compliance teams to draft contracts that are clear, fair, and aligned with the goals of value-based care.
2. Contract Implementation Phase
System Integration: Ensure that internal IT systems and processes can support the new contract terms, including data collection, reporting, and payment processing.
Provider Engagement: Engage with providers to explain the new contracts, address any concerns, and provide training on new processes and expectations.
3. Post-Implementation Phase
Ongoing Monitoring: Use data analytics and regular audits to monitor compliance and performance. Track key metrics such as patient outcomes, quality of care, and cost savings.
Issue Resolution: Develop a process for addressing any issues or disputes that arise, ensuring timely and effective resolution.
4. Review and Adjustment Phase
Performance Review: Conduct periodic reviews of contract performance, using data and feedback to assess the effectiveness of the contracts.
Contract Adjustment: Make necessary adjustments to the contracts based on audit findings, performance data, and provider feedback. This ensures that the contracts remain relevant and effective in achieving the goals of value-based care.
By leveraging the expertise of internal auditors, Healthplans that are not part of an integrated delivery system can effectively manage alternative and value-based contracts for mental and behavioral health services. This approach ensures compliance, enhances performance, and mitigates risks, ultimately leading to improved patient outcomes and cost-effectiveness.
How Can Healthplans Ensure Independent Certified Internal Auditors (CIAs) Can Be Truly Independent?
Ensuring that Independent Certified Internal Auditors (CIAs) are truly independent is crucial for maintaining the integrity and credibility of their audits, particularly in the context of health plans. Here are key strategies and example requirements based on Federal or State law to ensure their independence:
Strategies to Ensure Independence
1. Clear Reporting Structure
Direct Reporting to Audit Committee: Internal auditors should report directly to the audit committee of the board of directors, rather than to the management of the health plan. This minimizes potential conflicts of interest.
Separate from Management: Internal auditors should not have operational responsibilities or report to any executive with operational responsibilities.
2. Conflict of Interest Policies
Disclosure Requirements: Auditors must disclose any potential conflicts of interest before starting an engagement. This includes financial interests, relationships, or any other situation that could compromise their independence.
Recusal Policies: Implement policies requiring auditors to recuse themselves from auditing any area where a conflict of interest is identified.
3. Regular Rotation of Auditors
Term Limits: Set term limits for internal auditors to prevent long-term relationships that could impair objectivity. For example, auditors could be rotated every 3-5 years.
4. Third-Party Audits
External Validation: Periodically engage third-party auditors to review the work and independence of internal auditors.
5. Training and Certification Requirements
Certified Internal Auditor (CIA) Certification: Require auditors to hold CIA certification from the Institute of Internal Auditors (IIA), ensuring they adhere to professional standards and ethics.
Example Requirements For Independent Internal Auditors Based on Federal or State Law
1. Sarbanes-Oxley Act (SOX) – Federal Law
Section 301: Requires that internal auditors report directly to the audit committee. This ensures independence by placing auditors under the supervision of a group responsible for overseeing financial reporting and auditing.
Section 404: Mandates management and external auditors to report on the adequacy of the company's internal control on financial reporting. While primarily focused on external auditors, it underscores the importance of auditor independence.
Relevance to Oregon Health Plans
While SOX primarily applies to publicly traded companies, its principles of transparency, accountability, and the use of independent auditors can be relevant for Oregon health plans, particularly those that are publicly traded or operate within a corporate structure that requires adherence to stringent governance standards. The key principles of SOX can serve as a model for ensuring the independence of internal audit functions within health plans, even if these organizations are not legally required to comply with SOX.
Supporting the Mandatory Use of Independent Auditors:
Corporate Governance Best Practices: The principles embedded in SOX, such as independent auditing and the role of audit committees, are considered best practices in corporate governance. These can be adopted by Oregon health plans to enhance trust and accountability.
Risk Management: Independent audits help identify and mitigate risks, which is crucial for health plans to maintain financial stability and regulatory compliance.
Stakeholder Confidence: Adopting SOX-like practices can improve stakeholder confidence, as these measures demonstrate a commitment to transparency and integrity.
Application in Oregon
Oregon health plans can adopt SOX principles voluntarily or be required by state legislation to implement similar measures to ensure that their financial reporting and internal controls are independently reviewed, thereby enhancing overall governance and operational effectiveness. This could be formalized through state regulations or guidelines issued by the Oregon Health Authority (OHA).
By emphasizing the importance of independent auditors, these practices could align health plans with broader industry standards, ultimately benefiting policyholders and other stakeholders.
2. New York State Department of Financial Services (DFS) – State Regulation
Part 89 of the New York Codes, Rules and Regulations (NYCRR): Requires that internal auditors of regulated entities must not have any financial or personal ties to the organization they audit.
N.Y. Comp. Codes R. & Regs. tit. 11 § 89.16
Annual Certifications: Internal auditors must submit annual certifications confirming their independence and disclosing any potential conflicts of interest.
Relevance to Oregon Health Plans
N.Y. Comp. Codes R. & Regs. tit. 11 § 89.16, which governs the independence of internal auditors within insurance companies in New York, emphasizes the importance of organizational independence and direct reporting to the board of directors. While this regulation is specific to New York, its principles are highly relevant to Oregon health plans. These principles can be adopted in Oregon to enhance health plan governance, ensure transparency, and mitigate risks within health plans.
Key Aspects Relevant to Oregon Health Plans:
Organizational Independence: The requirement that internal auditors be independent from operational management and report directly to the board ensures that audits are unbiased and effective. This principle could improve the oversight and governance of health plans in Oregon.
Regular Reporting: Mandating that internal auditors regularly report to the audit committee or board of directors can help ensure ongoing compliance and prompt corrective actions, improving the financial health and operational integrity of Oregon health plans.
Supporting the Mandatory Use of Independent Auditors:
Best Practices in Corporate Governance: The adoption of similar regulations in Oregon could align health plans with national best practices, enhancing their credibility and trustworthiness.
Risk Management and Compliance: Independent auditors can play a crucial role in identifying risks and ensuring compliance with state and federal regulations, which is particularly important in the complex environment of health care.
Stakeholder Confidence: Adopting these practices can improve confidence among stakeholders, including policyholders, regulators, and investors, by demonstrating a commitment to transparency and accountability.
Implementing such standards in Oregon would not only align the state’s health plans with proven governance frameworks but also potentially improve the overall quality and reliability of healthcare services in the state.
Example Clauses to Include in Health Plan Policies
1. Independence Clause
“The internal audit function shall operate independently from management, reporting directly to the audit committee of the board of directors. Internal auditors shall not participate in any operational duties or decision-making processes.”
2. Conflict of Interest Disclosure
“All internal auditors are required to disclose any potential conflicts of interest prior to commencing an audit engagement. This includes any financial interests, relationships, or situations that could impair their objectivity.”
3. Rotation Policy
“To maintain objectivity, internal auditors will be rotated out of their audit assignments every three years. This rotation policy helps ensure fresh perspectives and mitigates the risk of long-term biases.”
4. External Review Clause
“The internal audit function will undergo an independent third-party review every five years to assess its compliance with independence requirements and the quality of its audit practices.”
By implementing these strategies and adhering to federal and state regulations, health plans can ensure that their internal auditors maintain true independence. This is essential for providing credible and unbiased assessments, ultimately leading to better governance and more effective management of alternative and value-based contracts for mental and behavioral health services.
An Independent Certified Internal Auditor (CIA) plays a crucial role in supporting fee-for-service (FFS), alternative, and value-based contracts. They can ensure compliance, enhance transparency, and safeguard the interests of various stakeholders, including health plans, purchasers, taxpayers, employers, providers, public health, and individual patients. Here’s a detailed overview of how they can achieve these goals:
Supporting Different Contract Models
Fee-for-Service (FFS) Contracts
Compliance Verification: Ensure that billing practices adhere to contract terms and regulatory requirements.
Fraud Detection: Identify and prevent fraudulent billing practices.
Performance Audits: Regularly review service delivery to ensure that providers are delivering the promised services.
Alternative and Value-Based Contracts
Performance Metrics: Establish and monitor key performance indicators (KPIs) to ensure that providers meet quality and efficiency standards.
Risk Assessment: Identify and mitigate risks associated with shared savings and risk-sharing arrangements.
Cost-Benefit Analysis: Evaluate the financial performance of contracts to ensure cost-effectiveness while maintaining high-quality care.
Protecting Stakeholders
1. Health Plans
Regulatory Compliance: Ensure that contracts comply with federal and state laws, reducing the risk of legal penalties.
Financial Integrity: Monitor financial transactions to prevent waste, fraud, and abuse.
2. Purchasers, Taxpayers, and Employers
Cost Efficiency: Ensure that health plans are cost-effective and provide value for money.
Transparency: Provide clear reporting on how funds are used and the outcomes achieved.
3. Providers
Fair Contracting: Ensure that contracts are fair and that providers are adequately compensated for their services.
Support and Guidance: Provide guidance on compliance and performance improvement.
4. Public Health and Individual Patients
Quality of Care: Ensure that contracts promote high-quality care and improve patient outcomes.
Access to Services: Monitor access to ensure that patients receive timely and appropriate care.
Using an Ethics Point Portal
An ethics point portal is a confidential platform that allows stakeholders to report unethical behavior, compliance issues, and other concerns. Here’s how it can support the objectives:
1. Reporting Mechanism
Anonymous Reporting: Allow stakeholders to report issues anonymously, encouraging more people to come forward without fear of retaliation.
Wide Access: Make the portal accessible to all stakeholders, including patients, providers, employees, and the public.
2. Issue Tracking
Documentation: Maintain records of all reported issues, including the actions taken to resolve them.
Follow-Up: Ensure timely follow-up and resolution of reported issues.
3. Compliance Monitoring
Regular Audits: Use the information from the portal to inform regular audits and compliance checks.
Risk Management: Identify patterns of non-compliance or areas of concern and take proactive measures to address them.
4. Transparency and Accountability
Public Reporting: Regularly publish summaries of reported issues and the actions taken, maintaining transparency and building trust.
Stakeholder Feedback: Use feedback from the portal to improve policies, procedures, and contract terms.
Implementation Steps
1. Establish Clear Policies
Define the role and responsibilities of internal auditors.
Develop comprehensive policies for FFS, alternative, and value-based contracts.
2. Training and Education
Train internal auditors on the specific requirements and objectives of each contract type.
Educate stakeholders on how to use the ethics point portal.
3. Regular Reviews and Audits
Schedule regular audits to assess compliance, performance, and financial integrity.
Use data analytics to identify trends and areas for improvement.
4. Continuous Improvement
Use feedback from audits and the ethics point portal to continuously improve contract terms and operational practices.
Implement best practices and lessons learned to enhance the effectiveness of contracts.
Independent Certified Internal Auditors play a vital role in supporting and protecting the interests of all stakeholders involved in healthcare contracting. By ensuring compliance, promoting transparency, and using tools like the ethics point portal, they can help create a fair, efficient, and effective healthcare system that benefits health plans, purchasers, taxpayers, employers, providers, public health, and individual patients.
Oregon state law does not specifically require that internal auditors employed by Healthplans must be independent of operational management and must report directly to the board or a committee thereof. However, best practices in corporate governance and internal auditing standards, such as those recommended by the Institute of Internal Auditors (IIA), emphasize the importance of independence and direct reporting lines to ensure objectivity and effectiveness in the internal audit function.
Example Requirements Based on Federal or State Law
1. New York State Department of Financial Services (DFS) – State Regulation
Part 89 of the New York Codes, Rules and Regulations (NYCRR): Requires that internal auditors of regulated entities must not have any financial or personal ties to the organization they audit.
Annual Certifications: Internal auditors must submit annual certifications confirming their independence and disclosing any potential conflicts of interest.
est Practices and Recommendations:
1. Institute of Internal Auditors (IIA) Standards
The IIA recommends that internal auditors should be independent of the operations they audit and should report functionally to the board or audit committee to maintain objectivity and independence.
This reporting structure helps prevent conflicts of interest and ensures that the internal audit function can effectively oversee and evaluate the organization’s activities.
2. Corporate Governance
Effective corporate governance practices suggest that internal auditors should have a dual reporting relationship. They should report administratively to the CEO or a senior executive for day-to-day operations but functionally to the audit committee for audit-related matters.
This structure ensures that internal auditors have the necessary support and resources while maintaining the independence required to perform their duties objectively.
3. Oregon Health Authority (OHA) and Compliance Programs
While not specific to internal auditor independence, the OHA oversees compliance with state and federal regulations for health plans, including those administering Medicare and Medicaid funds. Health plans are expected to implement robust compliance programs, which often include an independent internal audit function as a key component.
Implementation in HealthPlans:
Healthplans in Oregon, including those administering Medicare and Medicaid funds, should consider adopting these best practices to enhance their internal audit functions:
Establish Clear Reporting Lines: Internal auditors should report directly to the audit committee or board of directors, ensuring their independence from operational management.
Conflict of Interest Policies: Implement policies to identify and mitigate any potential conflicts of interest that may affect the internal auditors' objectivity.
Regular Reviews and Audits: Conduct regular reviews and audits of the internal audit function to ensure it remains independent and effective.
Training and Certification: Ensure that internal auditors are properly trained and certified, such as holding the Certified Internal Auditor (CIA) designation from the IIA.
While Oregon state law does not explicitly mandate the independence of internal auditors in health plans, adopting best practices in corporate governance and internal auditing can help ensure the effectiveness and objectivity of the internal audit function. Health plans should implement these practices to enhance oversight, compliance, and overall organizational integrity.
Retaining the Services of Independent Certified Internal Auditor: Advantages and Disadvantages
Retaining the services of independent internal auditors can offer several advantages and disadvantages for Healthplans, particularly in the context of transitioning from traditional fee-for-service contracts to alternative and value-based contracts. Here’s an analysis of the pros and cons:
Advantages:
1. Enhanced Independence and Objectivity
Unbiased Assessments: Independent internal auditors are more likely to provide objective evaluations of the Healthplan’s operations, financial reporting, and compliance with regulatory requirements.
Conflict of Interest Mitigation: External auditors are not part of the Healthplan’s management structure, reducing the risk of conflicts of interest that could bias the audit findings.
2. Expertise and Specialization
Specialized Knowledge: Independent auditors often bring specialized knowledge and expertise in healthcare regulations, accounting standards, and best practices for internal controls.
Up-to-Date Practices: They are more likely to be current with industry trends, regulatory changes, and emerging risks, providing valuable insights for Healthplans adopting new contracting models.
3. Credibility and Trust
Increased Credibility: Reports and findings from independent auditors can enhance the credibility of the Healthplan’s financial statements and internal controls with stakeholders, including regulators, investors, and the public.
Stakeholder Confidence: Independent audits can increase confidence among healthcare providers and purchasers that the Healthplan is committed to transparency and accountability.
4. Regulatory Compliance
Enhanced Compliance: Independent auditors can help ensure that the Healthplan adheres to applicable laws, regulations, and contractual obligations, reducing the risk of legal issues and penalties.
Identification of Weaknesses: They can identify weaknesses in the Healthplan’s internal controls and recommend improvements, promoting better regulatory compliance.
5. Support for Transition to Value-Based Models
Objective Evaluation of New Models: Independent auditors can provide an unbiased evaluation of the effectiveness and efficiency of alternative and value-based contracts, helping to refine these models and achieve shared values and objectives.
Risk Management: They can identify and assess risks associated with the new contracting models, providing recommendations for mitigating those risks.
Disadvantages:
1. Cost
Higher Expenses: Hiring independent certified internal auditors can be costly, particularly for smaller Healthplans with limited budgets.
Ongoing Fees: There are ongoing fees associated with periodic audits, which can add up over time.
2. External Dependence
Reliance on External Parties: Health plans may become reliant on external auditors for assessments and recommendations, potentially reducing the development of internal audit capabilities.
Variable Quality: The quality of the audit can vary depending on the expertise and diligence of the external audit firm.
3. Limited Internal Knowledge
Learning Curve: Independent auditors may need time to understand the specific operations, culture, and challenges of the Healthplan, which could delay the audit process.
Contextual Understanding: External auditors might lack the nuanced understanding of the Healthplan’s internal processes and historical context compared to internal auditors.
4. Potential for Adversarial Relationships
Tensions with Management: Independent auditors’ findings and recommendations may sometimes lead to tensions or adversarial relationships with the Healthplan’s management.
Resistance to Change: Management may resist implementing recommendations from external auditors, especially if they perceive them as disruptive or misaligned with the organization’s goals.
5. Regulatory and Contractual Challenges
Complex Regulations: Independent auditors must navigate complex healthcare regulations, which can be challenging and time-consuming.
Integration with Existing Controls: Ensuring that recommendations from independent auditors align with existing controls and practices may require significant effort and coordination.
Retaining independent internal auditors can provide significant benefits for Healthplans, particularly in ensuring objectivity, enhancing regulatory compliance, and supporting the transition to value-based contracting models. However, it also comes with challenges, including higher costs, potential tensions with management, and the need for auditors to develop a thorough understanding of the Healthplan’s unique operations. Health plans must weigh these advantages and disadvantages carefully to determine the best approach for their specific circumstances and goals.
Health Plan Internal Audit Independence Act
the regulatory framework outlined in N.Y. Comp. Codes R. & Regs. tit. 11 § 89.16 could potentially be adopted for use in Oregon to govern health plans. This framework establishes rigorous standards for internal audit functions, emphasizing organizational independence, direct access to the board of directors, and regular reporting to the audit committee. Adopting similar regulations in Oregon could enhance the accountability and transparency of health plans operating within the state.
Steps for Adoption in Oregon:
Legislative Action: The Oregon Legislature could pass a bill that incorporates the key provisions of NYCRR tit. 11 § 89.16. This would require coordination between state lawmakers, the Oregon Health Authority (OHA), and the Oregon Department of Consumer and Business Services (DCBS).
Rulemaking by the Oregon Health Authority (OHA): The OHA could propose regulations mirroring the New York requirements, particularly focusing on ensuring the independence of internal auditors for health plans. Public hearings and stakeholder feedback would be critical in this process.
Adoption by Health Plans Voluntarily: Oregon-based health plans might also adopt these standards voluntarily as part of their corporate governance practices, even without state-mandated regulations, to enhance their credibility and operational integrity.
Potential Benefits:
Improved Governance: Ensures that internal audits are conducted without undue influence from management, leading to more objective evaluations of compliance and risk management.
Enhanced Accountability: Regular reporting to the board and audit committee can help address issues more promptly, safeguarding the interests of policyholders and other stakeholders.
Alignment with Best Practices: Aligning with a regulatory framework that is already in use in another state can help Oregon health plans benchmark against national standards.
Considerations:
Legal Adjustments: The regulatory language may need to be adjusted to fit the specific legal and operational context of Oregon.
Stakeholder Involvement: Engaging health plans, auditors, and the public in the rulemaking process will be essential to ensure the adopted standards are practical and effective.
Next Steps:
Engage with Oregon's legal and regulatory authorities to explore the feasibility and implications of adopting similar regulations. This may involve drafting model legislation, conducting impact assessments, and holding consultations with relevant stakeholders.
For more information on the current requirements for health plans in Oregon, you can refer to the Oregon Administrative Rules (OARs) and the Oregon Health Authority (OHA) guidelines.
Oregon Revised Statutes – Health Plan Internal Audit Independence Act
Section 1. Short Title. This Act shall be known and may be cited as the "Health Plan Internal Audit Independence Act."
Section 2. Definitions. For the purposes of this Act:
(a) "Health Plan" refers to any organization operating within the state of Oregon that provides health insurance coverage, including but not limited to Health Maintenance Organizations (HMOs), Preferred Provider Organizations (PPOs), and other managed care organizations.
(b) "Internal Audit Function" refers to the process of evaluating and improving the effectiveness of risk management, control, and governance processes within a health plan.
(c) "Board of Directors" refers to the governing body of the health plan responsible for oversight of its operations.
Section 3. Establishment of Internal Audit Function.
(a) Every health plan operating in the state of Oregon shall establish an internal audit function. This function shall be responsible for performing general and specific audits, reviews, tests, and employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and ensure compliance with policies and regulations.
(b) The internal audit function shall be organizationally independent to ensure objectivity. Internal auditors shall not defer ultimate judgment on audit matters to other persons and shall report to an individual appointed as the head of the internal audit function.
Section 4. Reporting and Independence Requirements.
(a) The head of the internal audit function shall have direct and unrestricted access to the Board of Directors or a designated committee thereof.
(b) The internal audit function must be structurally independent from the operational management of the health plan. This independence must include a dual-reporting relationship:
(i) Administratively to the Chief Executive Officer (CEO) or equivalent senior executive for day-to-day operations.
(ii) Functionally to the audit committee of the Board of Directors or an equivalent governing body for strategic direction and accountability.
(c) The head of the internal audit function shall report to the audit committee or Board of Directors at least annually on:
(i) The internal audit plan and any factors adversely impacting the independence or effectiveness of the audit function.
(ii) Significant findings from completed internal audits.
(iii) The appropriateness of corrective actions taken by management based on internal audit findings.
Section 5. Exemptions.
(a) Health plans with annual direct written and unaffiliated assumed premiums of less than $500 million may be exempt from the requirements of this Act.
(b) If a health plan qualifies for an exemption but later exceeds the threshold, it must comply with the requirements of this Act within one year of exceeding the threshold.
Section 6. Implementation and Compliance.
(a) The Oregon Health Authority (OHA) shall be responsible for overseeing the implementation of this Act.
(b) The OHA shall issue guidelines to assist health plans in complying with the requirements set forth in this Act.
Section 7. Effective Date.
This Act shall take effect on January 1, 2025.
Commentary: This model legislation closely mirrors the structure and key provisions found in New York's regulations while adapting them to Oregon's context. It addresses the need for organizational independence of the internal audit function within health plans, establishing clear reporting lines to ensure that auditors can perform their duties objectively.
Adopting such legislation in Oregon would enhance corporate governance within health plans, leading to greater accountability and transparency, ultimately benefiting policyholders and stakeholders.
This draft serves as a starting point and may require further refinement to fit Oregon's specific legal and regulatory environment. Consultation with legal experts and stakeholders in Oregon is recommended to finalize the legislation.
DISCLAIMER and PURPOSE: This discussion document is intended for training, educational, and or research purposes only. The information contained herein is based on the data and perspectives available at the time of writing. It is subject to revision as new information and viewpoints emerge.
For more information see: https://www.mentorresearch.org/disclaimer-and-purpose