Blog Post

Melding Compliance and Internal Audit

Richard P. Kusserow | October 2023

Key Points:

  • Similar but different functions
  • Advisable to have a policy document that defines each role

In many organizations, the Compliance Office and Internal Audit occupy similar spaces and share many common characteristics in their work. Both departments work independently and objectively in analyzing, reviewing, and evaluating existing procedures to ensure organizational compliance with all applicable laws, regulations, standards, policies/procedures, and the Code of Conduct, as well as addressing high-risk areas. The result in many organizations is serious tension and conflict between them. However, it is important to note that with all their similarities, there are significant differences as well. The OIG compliance guidance states the Compliance Officer’s primary responsibilities should include establishing methods to improve efficiency and quality of service and reduce the vulnerability to fraud, abuse, and waste by ensuring ongoing compliance monitoring. On the other hand, Internal Audit operations generally adhere to the Institute of Internal Audit Standards that call for employing systematic, consistent, standard-based, and disciplined reviews of internal controls for systems and operations that protect against the impact of non-compliance. It generally involves the objective and independent verification of the adequacy and effectiveness of internal control measures through reviewing numbers.

The growth of the Compliance Office function in healthcare organizations over the last few years has further blurred the lines and, in many cases, resulted in a merger of the two functions. The annual Compliance Benchmark Survey by SAI Global and Strategic Management has tracked the trend of many healthcare organizations having Internal Audit being subsumed under the Compliance Office. For organizations with two distinct functions, as regulatory pressures surge and compliance issues grow more complex, they need to work together to address risks effectively and efficiently. It is important to establish roles and responsibilities for each function in a policy document that also defines how the coordination of effort should occur, such as the annual audit plan that addresses areas including compliance with applicable rules, regulations, and laws.  

Keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog