Article by CSH’s Melissa Meeker
How would you assess the strength of your existing internal controls system? Many people who work in an operational capacity for a healthcare practice would guess that their internal control system is strong. Others would acknowledge that their system needs improvement. And then there are those folks who genuinely have no idea about the integrity of their practice’s internal controls.
Fortunately, there are some straightforward ways to assess the strength of your internal controls system, understand why you need one, and begin implementing the right system for your practice.
Why do you need a strong internal controls system?
According to data on employee theft, over $50 billion is stolen annually from businesses in the U.S. by employees. A strong internal control system can prevent those dollars from being siphoned off the bottom line, and can establish the mechanisms to stop fraud before it starts.
The most effective internal controls are built into the practice’s daily operations, implemented by the people who work in the system, and adaptable to changes in the business. Having the right controls in place can help you avoid the pitfalls of a weakened system, which include such risks as business losses, fraud, poor employee morale, tarnished brand image or financial misstatements.
Building a strong internal controls system requires some research on your part, including due diligence, in order to establish the foundation of your controls program. These key elements include (1) the establishment of a control environment, (2) a comprehensive risk assessment, (3) identified control activities, (4) a robust communication system, and (5) clearly defined monitoring activities. Below are actions to take to build a strong program:
Control Environment
- Demonstrate a commitment to integrity and ethical values
- Exercise oversight responsibility
- Establish structure
- Demonstrate commitment to competence
- Enforce accountability
Risk Assessment
- Specify suitable objectives
- Identify and analyze risk
- Assess fraud risk
- Identify and assess significant changes
Control Activities
- Select and develop control activities
- Select and develop general controls
- Deploy thorough policies and procedures
Information and Communication
- Use relevant information
- Communicate both internally and externally
Monitoring Activities
- Conduct ongoing and separate evaluations
- Evaluate and communicate deficiencies
Everyone in business, including healthcare practices, should have an internal controls system in place that is regularly tested, monitored and updated. CSH can help you no matter where your organization stands in the process. For more information, watch our recent webinar or contact our expert advisors.