Continuing pressures on costs in the healthcare industry are posing challenges for many healthcare internal audit departments as they try to enhance their internal audit plans with limited resources.
As healthcare organizations continue to cope with mounting cost pressures combined with increasing and ever-changing regulatory and business requirements, Internal Audit Departments are also being challenged to do more with less. Leveraging proactive data analytics to help manage key areas of risk and control has become a practical necessity to enable Internal Audit to improve its efficiency and effectiveness. Example of data analytics include:

- data analysis and extractions based on targeted queries: In a Payroll audit, extract per diem employees that received overtime without meeting standard regular hours to determine whether they followed corporate policy and were paid accurately.
- data stratification on dollars or record count: assess the number of Accounts Payable checks printed for values less than $250.
- random or judgmental sample selection: either create a random sample of data, or select a sample based on stratifications above (i.e., provide three samples from dollar range a and three from dollar range b, etc.)
- missing sequence or duplicate record identification: identify duplicate vendor names to assess the condition of the Vendor Master file in an Accounts Payable audit or identify duplicate claims and payments.
- matching records within files to either merge or highlight variance between multiple files: Match addresses in a Payroll file to the vendor addresses in the Vendor Master File to identify employees on the Vendor Master File and potential fraud or match current healthcare employees or vendors to a download from the Health and Human Services Office of Inspector General (OIG) List of Excluded Individuals and/or the U.S. General Services Administration (GSA) Intermediate Sanctions List.
- identifying inappropriate location of services (e.g., surgical procedures done on an inpatient basis versus an outpatient basis).

Incorporating industry leading practices and using CAATs expands the coverage of audit areas, allowing internal audit departments to include fraud detection, investigative and compliance internal audits in their internal audit plan.

The proper identification of the data analytical software that are available and the staff skills and training necessary to use the software are challenges; as well as the resource constraints in purchasing the software. In addition, identifying the types of analyses that would provide value to the organization is critical; as well as ensuring that the data available is useable. For more complex functionality like merging and comparing multiple files, file layout and unique identifying data would need to be created to perform these steps.

Case Study Presented by the Director, Internal Audit Department, The Memorial Sloan Kettering Cancer Center (MSKCC):
MSKCC Internal Audit department is comprised of 7 professionals; a Director, two IT Auditors and Three Financial/Operational Auditors. MSKCC has approximately $2.2 billion in revenue, 10,000 employees and more than 300 applications. To cover an institution the size of MSKCC, technology plays an integral part in reviews performed. Using ACL as the data mining software saves time on each audit and generally allows for wider sampling coverage as well. One example of this is in the review of front end revenue cycle or departmental charge capture. Clinical service to charge to bill conversion may involve up to 7 different applications and various interface platforms and mechanics. Additionally, the number of transactions is huge. As such, ACL is used to connect the various service and charge files into one data set and ultimately one complete reconciliation. There are various hurdles in making this happen. These are:

- Application owner fear (of corruption or interruption)
- System access
- Data Symmetry, alignment and format
- File size
- Skill sets