Blog Post

Compliance Office and Internal Audit Roles and Responsibilities

Richard P. Kusserow | June 2024
  • Continuing areas of confusion and concern
  • Two halves of the same coin with similar but differing roles
  • Both perform work independently and free of bias

As healthcare compliance standards have evolved over the years in response to the ever-changing regulatory and enforcement landscape, the role and influence of the Compliance Office have expanded. This expansion has had a major impact on organizations with Internal Auditors, often resulting in internal conflicts and competition between the functions. Some organizations have found ways for these functions to coordinate effectively with one another, often leading to a merging of the two operations. Regardless of how the functions co-exist in an organization, it is essential to find ways to work together and align efforts. While there are similarities, common characteristics, and overlapping responsibilities, there are also distinct differences between the two. Therefore, it is important to begin by defining these respective functions.

Internal Auditors assist their organization by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. They monitor and evaluate the internal control structure and environment for adequacy, efficiency, and effectiveness. Assurance services are performed through financial, operational, and information technology audits, along with other specialized projects and tasks. They must be able to provide independent and objective assurance to management regarding the reliability and integrity of financial and operational functions, ensuring that risks are being managed to an acceptable level, particularly those risks that management has elected to address through internal controls, including compliance risks. To ensure independent and unbiased work, the Institute of Internal Auditors calls for direct reporting to the Audit Committee of the Board.

Internal Audit and the Compliance Office need to be close allies in guarding against regulatory breaches, regulatory and legal violations, poor governance, and overall failure to comply with established rules and standards. Proper coordination of work between these two functions is essential to avoid these wasteful pitfalls. Having similar roles, the potential for duplication and conflicting approaches to issue areas is always present. If unchecked, the results can create gaps, duplicated efforts, fragmented controls, and overall management of risk. Without defined boundaries, accountability becomes difficult. The following suggest ways to address the issues:

  • The two functions should meet to work out their relative roles, responsibilities, methods of operation, and reporting obligations. Results should be memorialized in a protocol policy document.
  • Have executive leadership and the board understand and agree to the results of the protocol.
  • Ensure job descriptions of duties and responsibilities are consistent with the protocol policy.

You can keep up-to-date with Strategic Management Services by following us onĀ LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog