Internal Audit and Compliance Reporting Summary November 13, 2019 1
Annual Audit Services Soliciting Bids For 3 Year Contract to Cover: • AHS Financial Statements • AHS Single Audit • AHP Financial Statements • AHSF Financial Statements 2
Annual Audit Services Proposals Received From: • Moss Adams • Armanino • Vavrinek, Trine, Day & Co. (Eide Bailly) • BDO Bids Also Solicited From: • Grant Thornton • Crowe Horwath • Deloitte • MGO • Marcum • Vasin, Heyn & Co. • RSM 3
Annual Audit Services Proposals Reviewed By: • Audit Committee Members • CFO • VP Finance • VP Compliance and Internal Audit 4
Annual Audit Services Recommendation: After a comprehensive review by the evaluation team, the recommendation is to award a 3-year contract to Moss Adams. Based on their proposal and experience over the last 4 years, Moss Adams capabilities, services, company strengths and viability also offer the best value in support of AHS, AHP and AHSF needs. 5
Compliance Assessment AHS contracted with Compliance Resource Group (CRG) to perform an independent assessment of the Compliance Program. CRG assessed program documents and conducted on-site interviews during March and April 2017 and documented the results of their assessment in a report dated 5/12/17. The 36 recommendations from CRG were reviewed and action plans developed to address each recommendation. To date, we have completed 30 of the 36 recommendations. Outstanding issues at this time relate to departmental staffing (4) and an external assessment of the Compliance Program (2). Both of these items require additional funding. 6
Compliance Assessment # Recommendation Action Plan Target Date 10 Compliance Office: Compliance staffing is Compliance resources will be TBD thin. Staffing resources should be evaluated on addressed in conjunction with Start date based on an ongoing basis to ensure that all potential risk the FY19 budget process. strategic plan areas have received appropriate attention, NOTE: This item on hold due necessary audits are being conducted and that to budget constraints. program effectiveness is measured. 11 Delegated Compliance Responsibilities: The Compliance does not plan to TBD Compliance Program should develop a strategy delegate compliance Start date based on for reaching out to the system components. responsibilities outside of the strategic plan Right now, the Compliance Program is in a Compliance Department at reactive mode due to its staffing limitations. If this time. Consideration of resources are added to the Compliance this recommendation will be Program, some of these resources should be evaluated as part of a future charged with Compliance Program out reach. external assessment. 15 This concept will be included 12/31/19 Compliance Related Policies: Management of compliance policies for an organization of the in the Compliance Program size and complexity of AHS is a significant strategic plan. Currently, this undertaking that probably needs to be function is assigned to the somebody’s job. Given the complexity of entire compliance staff. today’s compliance environment and the rapid pace of regulatory change, keeping policies current is a challenge that requires regular attention. 7
Compliance Assessment # Recommendation Action Plan Target Date 27 Audit System Adequacy: Consideration should be given Internal Audit staffing levels 6/30/20 to staffing the Internal Audit function at a level that will be addressed in the 2/28/19 would allow it to conduct a reasonable number of audits, Compliance Program 9/13/18 while leaving time to support Compliance. While the IA strategic plan. 6/14/2018 functions gets good bang for the buck, it is simply too small to address a reasonable number of risk areas in a 12/31/17 NOTE: This item on hold system the size of AHS. due to budget constraints. 34 Implementation of Corrective Actions/Discipline Follow‐up activities and 6/30/20 Related to Compliance: Normally, we recommend that staffing will be addressed in 2/28/19 areas in which there have been significant corrective the Compliance Program 9/13/2018 actions be audited on a one and three year basis. It does strategic plan. 6/14/2018 not appear that Internal Audit or Compliance have the NOTE: This item on hold resources to conduct such follow up audits. 2/28/2018 due to budget constraints. 35 Periodic Risk and Program Assessment: Although the Compliance will perform CCO regularly reports on the status of Compliance self‐assessments annually 6/30/2018 Program implementation, the effectiveness of the beginning FY2020. 6/30/2019 Program should be assessed annually so that executive External assessments every 6/30/2020 management and the Board can determine if the program 3 to 5 years will be included is working as intended, making progress or languishing. as part of the Compliance These assessments can be self-assessments in most years Program strategic plan. with periodic (every three or five years) supplementation by an external assessment. NOTE: This item on hold due to budget constraints. 8
Other Reports FY2020 Annual Plan – On Time Compliance Issues – Slightly lower volume of Reported Issues, Some Progress closing issues, but still a large inventory of Pending Issues. Continuing to address Backlog. Follow-up on outstanding findings continues. There are 21 open issues currently, compared with 25 open issues from the last report. Eleven (11) of these items are associated with computer privacy screens and installing badge readers on printers. 9
Recommend
More recommend