Monitoring and Auditing of Compliance Standards

Richard P. Kusserow | December 2018


The Department of Health and Human Services Office of Inspector General’s compliance guidance documents[1] call for ongoing monitoring and auditing of organizations’ operations, including those of the Compliance Department. Implementing proper monitoring and auditing efforts can help health care organizations remain compliant with federal and state rules and regulations while strengthening internal operations and procedures. However, some organizations may find it difficult to differentiate between these two practices, leading to confusion about how to apply them in the organization.

Difference Between Monitoring and Auditing

Ongoing monitoring is conducted by the organization’s program manager, which means that they are responsible for overseeing their own operations. Responsibilities of ongoing monitoring can include:

  • Keeping current with changes in rules, regulations, and applicable laws.
  • Developing internal controls, policies, and procedures to comply with all applicable laws.
  • Training staff on correctly following and enforcing relevant rules and regulations.
  • Monitoring or verifying compliance with new guidelines.

Monitoring can best be described as a continuous process to check on and detect compliance and risk issues associated with the operational environment. It also includes addressing any identified risks quickly and efficiently to mitigate additional problems. Program managers should conduct ongoing monitoring to test for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data, dollar or volume limit errors or other possible breakdowns in internal controls. Managers can do this by employing standard monitoring techniques such as sampling protocols that permit them to identify and review variations from an established baseline.

Auditing, on the other hand, is conducted externally to the program area that needs to be reviewed. These reviews are performed to gauge whether internal management has correctly conducted ongoing monitoring processes. As such, audits typically focus on confirming that proper controls are in place and functioning as they were intended, or identifying weaknesses in the program that need to be addressed. Although auditing should be performed by parties outside of the program being audited, the auditing team can still involve the Compliance Department or other program managers.

Monitoring Challenges

Since auditing is mainly conducted externally, organizations do not have to worry as much about implementing auditing processes and procedures. And while the concept of ongoing monitoring may seem straightforward, keeping up with changes in reimbursement policies, regulations, and laws can be difficult. Additionally, program managers have to translate these laws into updated internal processes (e.g. billing), policy guidance, and staff training. Ongoing monitoring also covers a wide range of high risk areas including billing operations, cost report development, the Emergency Medical Treatment and Active Labor Act, and the number one legal risk area, physician arrangements. This requires the organization to have expertise in each risk area and the capability to accurately monitor all aspects surrounding these areas.

In Review

Ongoing monitoring and auditing are imperative for operational success in any health care organization. Monitoring is conducted by an internal program manager and consists of continual checks on the operational environment and high-risk areas that may be present. For auditing, an individual or party outside of the program must conduct the review of how well the organization is carrying out their monitoring procedures. Both practices have challenges but organizations should mainly focus on overcoming those associated with monitoring to ensure they are remaining compliant with all relevant rules and regulations and to prevent auditors from discovering weaknesses in their operations.

About the Author

Richard P. Kusserow is currently the President and CEO of Compliance Resource Center. He served as the Inspector General of HHS for 11 years and brings decades of valuable experience from the government sector to Compliance Resource Center. Mr. Kusserow’s expertise on compliance policy and regulation as well as his extensive knowledge of compliance solutions enables Compliance Resource Center to effectively help health care organizations best manage their compliance programs.

About Compliance Resource Center

Compliance Resource Center has been leading the compliance industry since 2010 with our complete suite of solutions that are geared towards improving compliance program operations. Our solutions ensure that organizations regularly meet federal and state laws and supply the necessary resources to sustain long-term compliance.

[1] Compliance Program Guidance for Hospitals, Vol. 63 No. 35, Fed. Reg,  8987, 8998 (Feb. 23, 1998).

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.