COSO offers guidance on internal controls for health providers

The Committee of Sponsoring Organizations of the Treadway Commission, or COSO, is collaborating with Top 10 Firm Crowe LLP and CommonSpirit Health to issue new guidance for health care providers on internal controls amid heightened regulatory scrutiny of the health care sector.

The publication, “2013 COSO Integrated Framework: An Implementation Guide for the Healthcare Provider Industry,” expands on COSO’s widely used internal control framework, but within the context of the health industry. COSO pointed out that health care organizations can have issues with system access and integrity, clinical documentation, coding and billing, and those could lead to potential noncompliance with federal and state regulations, on top of costly mistakes.

The guide introduces health care organizations to COSO’s “Internal Control – Integrated Framework,” and offers a roadmap to help health providers strengthen their governance and internal control structures.

“Effective internal control is vital to successfully weathering the ever-changing health care environment, and it can help mitigate many of the risks associated with the complex pressures health care organizations confront today,” said COSO Chair Paul Sobel in a statement Wednesday. “Formally adopting the Internal Control Framework facilitates an increased understanding of the internal controls in existence and indicates where improvements should be made, resulting in reduced risk for all stakeholders.”

COSO’s Internal Control Framework can be used not only by health care providers, but by organizations from other industries. It focuses on five integrated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring activities. It aims to offer a flexible, reliable, and cost-effective approach.

The implementation guide demonstrates how health care organizations can apply COSO’s updated 2013 internal control framework to evaluate and strengthen their existing internal control structure; implement controls to help mitigate significant risks; optimize the effectiveness of their control environments; and enhance the efficiency of their governance, compliance, operations, management and assurance functions.

COSO recommends every health care organization evaluate its risks and main controls to see if there are potential gaps that could require changes to policies and procedures, governance and management oversight.

“COSO provides a framework to build a fundamental foundation of internal control to ensure that organizational risks are monitored and mitigated through sound business decisions,” said Bill Watts, a risk consulting partner with Crowe, in a statement. “Health care organizations must review their environment to confirm proper controls are in place. By doing this, the organizations ensure effective and efficient operations, proper financial reporting, and compliance that support their mission and strategy. COSO provides guidance to streamline this process.”