Routine audits are one of the most important parts of an effective compliance program. They help organizations confirm they’re following the rules, identify issues before they become significant problems, and strengthen the overall culture of compliance. But a frequent question among compliance professionals, especially in smaller organizations: What should I audit next?
If you feel stuck or like you’ve already covered all your audit topics, our podcast this week shares three places to find new ideas for proactive audits.
Start with a Risk Assessment
If you’re not sure what to audit, the best place to begin is with your organization’s periodic risk assessment. This assessment should identify areas of potential compliance risk – such as billing practices, documentation gaps, or new service lines – and guide your audit and monitoring plan.
If you don’t currently perform a formal risk assessment, or if your existing one hasn’t been updated in years, it’s time to revisit it. Risks evolve, and so should your audit topics.
Audit Something “New”
If you’ve already tackled the risks on your list, start by looking at what’s new in your organization over the past few years. That might include:
- A new provider who recently joined your organization
- A new service line or procedure code
- A department with high staff turnover
These are great places to focus your proactive auditing efforts. Just be sure to communicate clearly with staff that these reviews are routine and not because of any specific concern.
Check the OIG’s Radar
The Office of Inspector General for Health & Human Services (OIG) publishes regular reports highlighting areas of potential fraud, waste, or abuse within government health care programs which often guide the federal government’s enforcement efforts. If the OIG has issued a report in the past 12-18 months on an issue that relates to your organization, consider adding it to your audit plan. This helps ensure your organization has an opportunity to self-report any identified non-compliance prior to becoming the target of an enforcement action or payer audit which is likely to be more disruptive and more costly to the organization.
Look for Internal Outliers
Finally, look within your own organization for outliers. These might include:
- Providers whose RVUs are significantly higher or lower than peers
- Departments with unexpected revenue growth or decline
- Service lines with an unusual billing or utilization pattern
These anomalies don’t automatically indicate a problem, but they may warrant a closer look. Collaborate with leadership to identify anything that looks out of the ordinary and without explanation and add those to your monitoring plan.
Make Auditing Routine
If proactive monitoring isn’t already part of your compliance routine, now is the perfect time to start. Aim to select two or three audit topics for the coming year. Once you choose your topics:
- Review applicable billing and regulatory requirements.
- Validate your understanding – don’t rely solely on internal interpretations.
- Create a clear audit plan, including your sampling method and timeline.
- Put it on your calendar so it actually gets done.
A strong, consistent auditing and monitoring process is one of the best ways to protect your organization and demonstrate an effective compliance program.
