1 / 52

Auditing Your Program and Developing Initiatives

Auditing Your Program and Developing Initiatives. Helen Streck President/CEO. Workshop Agenda. Introductions Understanding Audits Lifecycle and Elements of an Audit Planning and Scoping Your Audit Findings and Developing Initiatives. Introduction. 3. Introduction.

kyle
Télécharger la présentation

Auditing Your Program and Developing Initiatives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing Your Program andDeveloping Initiatives Helen Streck President/CEO

  2. Workshop Agenda • Introductions • Understanding Audits • Lifecycle and Elements of an Audit • Planning and Scoping Your Audit • Findings and Developing Initiatives

  3. Introduction 3

  4. Introduction • Importance of Good Recordkeeping • Values for a RIM Program • Knowing Your Requirements • Strategic Review of Risks • Drivers for Continuous Improvement • Auditing’s Input

  5. Value of RIM IF - Information is a key asset to an organization then RIM • Establishes the controls for compliance • Improves efficiency • Element of reasonableness • Removes costs when value no longer exits • Facilitates effective/efficient decision making • Improves system performance

  6. Elements of a RIM Program

  7. Knowing Your Requirements SEC 17-A, sections 3 & 4 HIPAA Government PaperworkElimination Act FACTA USA Patriot Act NASD 3110 Check 21 NASD 3010 NYSE 342 Gramm-Leach-Bliley Act Sarbanes-Oxley Act

  8. Drivers for Continuous Improvement • Industry Competition • Data Storage Costs • Excessive Costs of eDiscovery – Obsolete Data • Rising Costs of Human Labor • “Personalization” of Information • Increased Regulations and Inspections • Over-Regulating

  9. Using Audits for Improvement This session will focus on how to plan and use an Audit to aid a RIM Program in building the improved services that meet the needs for continuous improvement

  10. Understanding Audits 10

  11. Defining an Audit A RIM audit is an independent, objective activity designed to “add value and improve” an organization’s operations for creating and managing information.

  12. Natural Order

  13. Understanding Audits • Independent Objective Evaluation • Provide Assurances • Compliance • Efficiencies • Effectiveness • Evaluates • Governance • Controls • Risk Management

  14. Auditing Characteristics • Holistic Approach • Consistent with Org’s Mission and Goals • Prioritized on a Risk-Based Approach • Conducted Routinely • Outside-Looking-In View

  15. Audit’s Value Statement • Proves controls via documentation and evaluation • Checks for controls that reduce or eliminate unabated information growth • Ensures the application of rules that eliminate obsolete information that may be discoverable • Determines the effectiveness of procedures • Identifies isolated instances of duplication

  16. Evaluating Risk Exposure • Audits must evaluate risk exposure • Reliability and Integrity of Information • Effectiveness of Programs and Services • Efficiency of Operations • Safeguards of the Information Assets • Compliance with Laws, Regulations, Policies

  17. Risks with Poor RIM Programs • Loss of Intellectual Property • Delayed Decision-making/Filings • Increased Technology Costs • Increased eDiscovery Costs/Penalties • Poor System/Operational Responsiveness • Decreased Competitiveness • Unmanaged Liability

  18. Using Industry Standards • Use industry standards and best practices to benchmark • GARP • ISO and ANSI standards • Best Practices • Sedona Principles

  19. Elements of Compliant Programs • Accountability • Integrity • Information protection • Compliance • Information is available • Retention • Disposition • Transparency Generally Accepted Recordkeeping Practices www.arma.org

  20. Audit Lifecycle 20

  21. Audit Cycle 5 4 2 3 1 4 Reporting Planning Performance Reporting Follow-up Preparation Planning Follow-up Preparation Follow-up Preparation Performance Performance Reporting Performance Performance 21

  22. Steps in an Audit • Planning • Define purpose, scope, criteria and objectives • Prioritize based on risk

  23. The Purpose • Start with defining the purpose of the audit – sets the tone • Looking for mistakes • Complying with requirements • Seeking opportunities to improve • Define the expected outcomes • What are the actions to follow

  24. The Purpose • Why • To meet regulatory requirements • To verify the controls established to protect PHI • To check the processes that document the use of public funds • Outcomes • Report of evaluation and findings • Findings are prioritized as high, medium or low the high being the most severe • Actions • Develop corrective plan (initiatives) with timelines

  25. Exercise One Based on the previous discussion of the benefits and purpose of an audit – In Groups of 2-3 Define the purpose of an audit for your RIM Program

  26. Audit Objectives • Relate the elements of your program to the Corporate goal • Examples of objects include • To determine the level of protection taken and routinely followed to protect paper records • To assess management’s commitment by assignments and participation on the Steering Committee • To measure the rate of the department’s completion of the RIM learning course

  27. Set Criteria Ratings Next determine what you must have: • What program elements are critical • What program elements are important to have • What program elements are preferred but you could live without

  28. Set Criteria Ratings Important Critical Preferred • Program has mission and vision statement • Program mission and vision statement endorsed by executives • Mission and vision statement are published for employees to access and see • Program mission statement is included in business unit’s goals and mission 28

  29. Decide on Ratings Based on risk factors and known requirements how does the current documentation and practices measure up to the criteria? • Satisfactory • Needs Improvement • Unsatisfactory • N/A

  30. Ratings Exercise 31

  31. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk

  32. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited

  33. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited • Performance • Collect and review of physical and electronic recordkeeping documentation • Conduct interview(s) with department(s) personnel as necessary

  34. Steps in Performing an Audit • Ask the Department to identify your contact – Records Coordinator, Management – someone who can answer questions • Send checklist (what is being covered) in advance to contact • Obtain the list of names of employees to interview in advance • Schedule meetings with interviewees • Prepare a list of documents you want the department to provide you for review

  35. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited • Performance • Collect and review of physical and electronic recordkeeping documentation • Conduct interview(s) with department(s) personnel as necessary • Reporting • Draft Findings Report • Discuss steps for improvement • Recommend Timelines – be realistic

  36. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited • Performance • Collect and review of physical and electronic recordkeeping documentation • Conduct interview(s) with department(s) personnel as necessary • Reporting • Draft Findings Report • Discuss steps for improvement • Recommend Timelines – be realistic • Follow-up**

  37. Using Audits for Improvement • Reviewing the risk, compliance requirements • Learning to rank initiatives • Understanding the resource requirements needed • Using a “Triage” approach

  38. Using a Triage Approach to Develop Process Improvements 39

  39. Triage Approach:General Description • Develops a plan that prioritizes the most pressing matters so that they receive immediate attention. • Places longer term goals on a drawing board to be reviewed with more analysis without pressure. • Postpone tasks that are of low risk and not urgent for the last phase of the project. Triage approach prioritizes the needs and risks of the project into manageable groups.

  40. Triage Approach:General Description • Provides a means for “building onto” a Program by ensuring the correct components are done first. • Allows the Program owner to measure success and “see” definable improvements and not wait on project completion to be successful. • Separates project components based on risk and need so that items which are most critical get the immediate attention to reduce existing or potential risks.

  41. Prioritize Like Emergency Room • Stop The Bleeding • RIM initiatives that address the immediate findings to achieve compliance

  42. Levels of Process Improvements • Stop the Bleeding • RIM initiatives that address the immediate findings to achieve compliance • Treat The Underlying Cause(s) • Address the root symptoms

  43. Levels of Process Improvements • Stop the Bleeding • RIM initiatives that address the immediate findings to achieve compliance • Treat The Underlying Cause(s) • Address the root symptoms • Establish Preventive Measures • Long-term initiatives and projects involving multiple stakeholders, resources and automation to prevent future problems

  44. Levels of Process Improvements • Stop the Bleeding • RIM initiatives that address the immediate findings to achieve compliance • Treat The Underlying Cause(s) • Address the root symptoms • Establish Preventive Measures • Long-term initiatives and projects involving multiple stakeholders, resources and automation to prevent future problems • Create Ongoing Efficiencies • As systems are operating smoothly and consistently, opportunities for streamlining arise

  45. Triage

  46. Immediate Project (<6 months)

  47. Scheduled Projects (6-15 months)

  48. Scheduled Projects (15-24 months)

More Related