Internal Audit and Compliance Reporting Summary November 13, 2019 - - PowerPoint PPT Presentation

Internal Audit and Compliance Reporting Summary

November 13, 2019

1

Annual Audit Services

Soliciting Bids For 3 Year Contract to Cover:

• AHS Financial Statements
• AHS Single Audit
• AHP Financial Statements
• AHSF Financial Statements

2

Annual Audit Services

Proposals Received From:

• Moss Adams
• Armanino
• Vavrinek, Trine, Day & Co. (Eide Bailly)
• BDO

Bids Also Solicited From:

• Grant Thornton
• Crowe Horwath
• Deloitte
• MGO
• Marcum
• Vasin, Heyn & Co.
• RSM

3

Annual Audit Services

Proposals Reviewed By:

• Audit Committee Members
• CFO
• VP Finance
• VP Compliance and Internal Audit

4

Annual Audit Services

Recommendation: After a comprehensive review by the evaluation team, the recommendation is to award a 3-year contract to Moss Adams. Based on their proposal and experience over the last 4 years, Moss Adams capabilities, services, company strengths and viability also offer the best value in support of AHS, AHP and AHSF needs.

5

Compliance Assessment

AHS contracted with Compliance Resource Group (CRG) to perform an independent assessment of the Compliance Program. CRG assessed program documents and conducted on-site interviews during March and April 2017 and documented the results

• f their assessment in a report dated 5/12/17.

The 36 recommendations from CRG were reviewed and action plans developed to address each recommendation.

To date, we have completed 30 of the 36 recommendations. Outstanding issues at this time relate to departmental staffing (4) and an external assessment of the Compliance Program (2). Both of these items require additional funding.

6

Compliance Assessment

7 # Recommendation Action Plan Target Date 10 Compliance Office: Compliance staffing is

• thin. Staffing resources should be evaluated on

an ongoing basis to ensure that all potential risk areas have received appropriate attention, necessary audits are being conducted and that program effectiveness is measured. Compliance resources will be addressed in conjunction with the FY19 budget process. NOTE: This item on hold due to budget constraints. TBD Start date based on strategic plan 11 Delegated Compliance Responsibilities: The Compliance Program should develop a strategy for reaching out to the system components. Right now, the Compliance Program is in a reactive mode due to its staffing limitations. If resources are added to the Compliance Program, some of these resources should be charged with Compliance Program out reach. Compliance does not plan to delegate compliance responsibilities outside of the Compliance Department at this time. Consideration of this recommendation will be evaluated as part of a future external assessment. TBD Start date based on strategic plan 15 Compliance Related Policies: Management of compliance policies for an organization of the size and complexity of AHS is a significant undertaking that probably needs to be somebody’s job. Given the complexity of today’s compliance environment and the rapid pace of regulatory change, keeping policies current is a challenge that requires regular attention. This concept will be included in the Compliance Program strategic plan. Currently, this function is assigned to the entire compliance staff. 12/31/19

Compliance Assessment

8 # Recommendation Action Plan Target Date 27 Audit System Adequacy: Consideration should be given to staffing the Internal Audit function at a level that would allow it to conduct a reasonable number of audits, while leaving time to support Compliance. While the IA functions gets good bang for the buck, it is simply too small to address a reasonable number of risk areas in a system the size of AHS. Internal Audit staffing levels will be addressed in the Compliance Program strategic plan. NOTE: This item on hold due to budget constraints. 6/30/20 2/28/19 9/13/18 6/14/2018 12/31/17 34 Implementation of Corrective Actions/Discipline Related to Compliance: Normally, we recommend that areas in which there have been significant corrective actions be audited on a one and three year basis. It does not appear that Internal Audit or Compliance have the resources to conduct such follow up audits. Follow‐up activities and staffing will be addressed in the Compliance Program strategic plan. NOTE: This item on hold due to budget constraints. 6/30/20 2/28/19 9/13/2018 6/14/2018 2/28/2018 35 Periodic Risk and Program Assessment: Although the CCO regularly reports on the status of Compliance Program implementation, the effectiveness of the Program should be assessed annually so that executive management and the Board can determine if the program is working as intended, making progress or languishing. These assessments can be self-assessments in most years with periodic (every three or five years) supplementation by an external assessment. Compliance will perform self‐assessments annually beginning FY2020. External assessments every 3 to 5 years will be included as part of the Compliance Program strategic plan. NOTE: This item on hold due to budget constraints. 6/30/2018 6/30/2019 6/30/2020

Other Reports

 FY2020 Annual Plan – On Time  Compliance Issues – Slightly lower volume of Reported Issues, Some Progress closing issues, but still a large inventory of Pending Issues. Continuing to address Backlog.  Follow-up on outstanding findings continues. There are 21 open issues currently, compared with 25 open issues from the last report. Eleven (11) of these items are associated with computer privacy screens and installing badge readers on printers.

9