The U.S. healthcare industry is facing a number of critical and transformational questions: How do we maintain and increase profit margins in the face of declining reimbursements?; How do we keep pace with new regulatory compliance requirements and new risks? The answers inevitably create new questions, and big challenges, for internal audit functions in healthcare organizations, which must ensure that new structures, processes, partners, data and IT systems are harmonious with organizational risk appetites. Not surprisingly, a 2014 survey conducted by North Carolina State University’s Enterprise Risk Management (ERM) Initiative and Protiviti concludes that healthcare organizations perceive themselves to be facing the greatest amount of risk relative to all other industries.
Protiviti and Internal Healthcare Auditing Professionals (AHIA) conduct their Internal Audit Capabilities and Needs Survey annually to assess current skill levels of internal audit executives and professionals, identify areas in need of improvement and help stimulate the sharing of leading practices throughout the profession. This year, survey respondents answered close to 150 questions in the study’s three standard categories: General Technical Knowledge, Audit Process Knowledge, and Personal Skills and Capabilities.
In this report, we will detail the results of the 2014 Internal Audit Capabilities and Needs Survey to present a portrait of a healthcare internal audit function that is intent on delivering assurance across multiple risk realms while simultaneously enhancing the efficiency and quality of heavy workloads. The survey findings indicate that healthcare internal audit functions are concentrating their attention and resources in four key areas of priority, which are discussed further in this report: Mastering regulatory risk and cost containment; Strengthening information security and risk management; Introducing more auditing automation and greater effectiveness; Partnering and persuading.