Healthcare Risk Assessment and Internal Audit Considerations


Groundbreaking changes in the healthcare industry have increased the scope and complexity of a healthcare organization’s risks. Healthcare risk areas appear to be around every corner, from legislation and regulatory developments to operational and financial concerns. It is becoming more imperative that an organization go through a robust comprehensive enterprise-wide internal audit and risk assessment that goes beyond traditional boundaries and reaches more clinical, operational and strategic areas. The results of the risk assessment will be the basis of internal audit plan areas reflecting the priority of risks for a healthcare organization.

2017 Top Healthcare Risk Areas

Chief Audit Executives and Internal Audit Leaders performed by Protiviti partnering with the Association of Healthcare Internal Auditors (AHIA), the following were the top healthcare audit plan areas for 2017:

  • Information System Controls
  • Billing and Collections
  • Accounting/Finance
  • Information Security/Cybersecurity Program Effectiveness
  • Charge Capture
  • Electronic Health Records
  • Compliance and Regulatory Monitoring
  • Ancillary Services
  • Accounts Payable
  • Data Information Governance
  • HIPAA Compliance
  • Fraud, Waste and Abuse
  • Clinical Systems
  • Supply Chain
  • Denials Management

Healthcare Internal Audit Focus

Internal audit’s traditional focus on transactions and related financial business cycles has been sufficient for healthcare organizations in the volume-driven system in the past. That approach needs to be modified now that healthcare organizations are continuing to move from a reimbursement structure based on claims and production to a system of rewards based on value, including quality, safety, efficiency and appropriateness of care. Under value-based care, a provider can be financially penalized for failing to meet quality standards. Internal audit needs to evolve and consider expanding the use of data analytics as a tool in evaluating risks associated with a value-based healthcare environment.


A healthcare internal audit infrastructure based on the use of data analytics will support more efficient and effective coverage of traditional audit areas while allowing more time and resources to assess and address the new and emerging healthcare risk areas under value-based reimbursement. This approach will enable internal audit to generate and protect value within a healthcare organization.

For questions or more information, contact a member of our Healthcare Services team by filling out the form below.

How Can We Help?

Previous Post

Next Post