The Role of Internal Audit in a Compliance Program

1
The Role of Internal Audit in a Compliance
Program

• Presented by
• David B. Crawford, CIA, CPA
• Audit Manager
• U.T. System Audit Office

2
U. T. System Components
6 Health Institutions
U. T. Southwestern Medical Center - Dallas
U. T. Health Center - Tyler
U. T. Health Science Center - Houston
U. T. Health Science Center - San Antonio
U. T. M.D. Anderson Cancer Center - Houston
U. T. Medical Branch - Galveston
5
3
U. T. System Health Component Facts

• Operating Budget - Health Components
• 3.8 Billion
• Health Component Facilities
• 3 Hospitals
• 4 Medical Schools
• 2 Dental Schools
• 7 Nursing Schools

6
4
U. T. System Health Component Facts (Continued)

• The U. T. System operates the second largest
  academic health care system in the nation.
• 824 million annually in indigent care
• 95,000 hospital admissions annually
• 3.8 million outpatient visits annually
• Health Component Research exceeds 500 million
  per year
• Two-Thirds Students in Texas public health
  institutions

7
5
Topics

• Background
• Roles of the Internal Audit Department
• Relationship Between Internal Audit Department
  and Institutional Compliance Function
• Role as Auditor
• Wrap-up and QA

6
Background

• The University of Texas System
• Why an Institutional Compliance Program
• Internal Audits Initial Involvement
• The Action Plan

7
Roles of the Internal Audit Department

• Facilitator
• Trainer
• Consultant
• Auditor

8
Relationship Between Internal Audit Department
and Institutional Compliance Function

• Who Does What
• Avoid Duplications and Ambiguous Accountability
• Levels of Internal Control

9
Levels of Control

• The slides on this concept have been removed from
  this presentation. To see a discussion of this
  new concept return to the Resources page of our
  website and click on
• Internal Audit Assurance Role

10
Role as Auditor

• Risk-Based Compliance Plan Design Audit
• High-Risk Area Audits
• Departmental Audits
• Peer Review Team Leader

11
Risk-Based Compliance Plan Design Audit

• Criteria established by Action Plan
• Audit is a Gap analysis
• Key criteria
• Infrastructure in Place
• Risk Assessment Acceptable
• High Risk Areas Identified
• General Compliance Training Identified
• Confidential Reporting Mechanism Available
• Self Assessment Defined

12
High-Risk Area Audits

• Single Responsible Party
• Monitoring Plan
• Specialized Training Plan

13
Departmental Audits

• Identify key compliance controls for high-risk
  areas
• Identify the high-risk areas that affect each
  department
• Ensure the key compliance controls are operating
  for all high-risk areas that affect the department

14
Peer Review Team Leader

• Perform Annually
• Review Risk Assessment Process
• Review Activity v. Plan
• Compare Results to Activity Reported to
  System-wide Compliance Committee
• Review the Self Assessment
• Prepare Report on the Institutional Compliance
  Program results v. plan

15
Wrap-up

• Internal Audits Roles
• Division of Responsibilities between I/A and
  Compliance
• What kinds of Audit Work is Performed

16
Contact Information

• Web site www.utsystem.edu/aud/resources
• E-mail dcraw.utsystem.edu
• Phone 512-499-4767
• Fax 512-499-4550
• Address 201 W. 7th ASH5, Austin, Texas
  78701