Group items tagged

Electronic medical recordkeeping may not cut the overall cost of care, but by eliminating redundant procedures and reducing errors, quality may be improved. When physician Andrew Wiesenthal needs to work out a problem, he runs around Lake Merritt, across the street from his Oakland (Calif.) office at Kaiser Permanente. As one of the main drivers behind Kaiser's decades-long, multibillion-dollar effort to overhaul the way patient health records are kept, Wiesenthal has had a lot of laps to run. Doctors and other medical professionals across the country will be working through similar challenges in the coming years. President Barack Obama plans to spend $17.2 billion to induce care providers to maintain patient records electronically, scrapping the current paper-based system. The Obama Administration wants electronic health records for every American by 2014. Obama's predecessor also made a big push for electronic recordkeeping, and many doctors and hospital administrators see upgrading recordkeeping as a good way to improve care. Yet, fewer than 2% of acute care hospitals have a comprehensive electronic health record system in place, with another 8% to 12% using a basic system, according to a study published by The New England Journal of Medicine in March. Adoption isn't much better among physicians. Only 4% have a comprehensive system in place, with another 13% using basic systems, according to a study published in the journal in July. Kaiser Permanente is one of the few exceptions. Today, all of its medical clinics and two-thirds of its hospitals operate in a paperless environment and the rest are scheduled to be completely digitized by next year. Across the system, about 14,000 physicians access electronic medical records for 8.7 million patients in nine states and the District of Columbia.

There are four "high risk" areas that aren't getting the attention they deserve as financial institutions work toward complying with the ID Theft Red Flags Rule, says a leading industry compliance expert. Many institutions have already complied with the regulation and have done their risk assessment to identify covered accounts and determined what red flags they need to be monitoring. But there are areas that should be considered "high risk" and aren't getting the attention they deserve from institutions, says Sai Huda, CEO of Compliance Coach. The Red Flags Rule is a risk-based regulation. As such, Huda says, compliance should be approached from a risk management and not a purely technical perspective, and institutions should ask these questions: * Which accounts are more at risk to identity theft? * Which red flags represent higher risk? * Which detection and response procedures are commensurate with the risks? * Which service providers pose greater risk? * What controls exist to mitigate the risks? The big question that most institutions have at top of mind is "What about enforcement?" Huda says the federal banking regulators are taking a risk-based, top-down approach when assessing institutions. "They are first assessing whether the [institution] has implemented a risk-based program and how it is overseeing compliance," he says. "If the program is risk-based and sound, they will limit their scope. If not, then they will dig deeper."

Has your management team asked the following four questions about your organization's internal controls? 1) Have we identified the meaningful risks to our objectives? 2) Which controls are "key controls" that will best support a conclusion regarding the effectiveness of internal control in a particular process? 3) What information will be persuasive in assessing whether the controls are continuing to operate effectively? 4) Are we presently performing effective monitoring that is not unnecessary and costly testing? These questions appear in a white paper, "Effective Internal Control Systems for Rapidly Changing Markets: A New Opportunity," packed with answers for GRC professionals wondering if there is a better way to operate. The paper, authored by the GRC experts at advisory firm SMART Group, clearly lays out how controls monitoring processes can and should align with the "Guidance on Monitoring" COSO published earlier this year to help organizations strengthen the effectiveness and efficiency of their internal controls frameworks. Among other useful how-to information, the 12-page paper includes a five-step "Implementation Guide" for creating a better controls-monitoring program.

The offshoring of business processes has become increasingly popular. Fueled by advancements in technology, the benefits of offshoring are primarily attributable to the savings from lower personnel costs at foreign locations. According to the Global Financial Services Offshoring Report 2007 by Deloitte & Touche U.SA LLP, over 75% of major financial institutions report offshoring a portion of their operations. Some economists estimate that up to one-third of total U.S. employment in services may ultimately be offshored (Steve Lohr, "At IBM, a Smarter Way to Outsource," The New York Times, July 5, 2007). Offshore entities often operate in developing countries such as India, China, Pakistan, the Philippines, and Vietnam. The offshoring of business processes generally takes two forms: outsourcing to an unaffiliated offshore entity (offshore outsourcing), or ownership and operation of an affiliated offshore entity (AOE). Many multinational companies have AOEs. For example, Accenture has more employees in India than in the United States; IBM is projected to have more than one-quarter of its workforce in India by 2010; and companies like General Electric, Eli Lilly, Google, and Microsoft are expanding their R&D centers in India and China (House Committee on Science and Technology, June 12, 2002). Offshoring and the Auditing Profession The potential benefits of offshoring have not been ignored by the accounting profession. In past years, several large public accounting firms began using AOEs to perform certain nonaudit procedures for their U.S.-based clients. For example, Ernst & Young uses AOE employees to prepare client tax returns (Vanessa Houlder, "E &Y Sends Compliance Work Offshore," Financial Times, July 11, 2007), and a number of accounting firms use AOEs to print documents for delivery to clients. The largest international public accounting firms have recendy begun testing the offshoring of certain auditing procedures on very large U.S. audit engagements to thei