Q&A: Determining criteria for risk-based auditing and monitoring

Q: How can we decide what risk areas should be the focus of auditing and monitoring?

A: A risk-based auditing and monitoring plan is an effective strategy for identifying and preventing revenue cycle risks. The criteria can be planned on an annual basis and may be based on the activities and focus of external entities. For example, the Office of Inspector General's Work Plan describes key audit areas for the federal government. You may also look at other areas such as code updates or audits conducted by thirdparty payers. By creating a risk-based auditing and monitoring plan, you can effectively create an annual program strictly based upon identifying and preventing issues.

In addition, the compliance department should establish event-reporting thresholds so that appropriate investigations can occur and corrective action plans can be developed within specific time frames.

For more information, see The Compliance Officer’s Handbook, Fourth Edition.