CASE STUDY
Auditing a Private Third-Party Claims Processor for Medicare
LEARNING OBJECTIVES
After completing and discussing this case, you should be able to
- Understand IT issues associated with three-party processing of government-insured medical claims
- Appreciate computer audit software
- Identify and provide remedies for a number of internal control weaknesses
- Learn to apply internal control concepts, common internal control activities, and control issues surrounding the information technology use
INTRODUCTION
This case study involves the relevant audit, fraud, and information technology (IT) issues associated with the third-party processing of government-insured medical claims. A fictitious private contractor provides claim processing (paper and electronic) for the United States Department of Health and Human Services (HHS), the administrator of Medicare (the U.S. funded medical insurance). You should take the perspective of an auditor for HHS in addressing the internal control and other audit and fraud-related issues found in the case.
RELEVANT INFORMATION
To keep pace with the explosive growth of information technology (IT) applications in the realm of financial reporting, audit procedures and techniques must be continually updated and improved. In turn, auditing and accounting information systems students need to learn these procedures and techniques to prepare themselves for challenging careers in these fields. The AICPA and other account-ing professionals recommend that auditors acquire the necessary knowledge of IT to effectively evaluate computerized internal controls (Bagranoff et al. 2004). This case study was developed to help you recognize key issues relative to auditing, fraud, and IT and then make appropriate recommendations to address these issues.
The case involves an audit of a fictitious, private, third-party processor of government-funded medical claims. The senior auditor, Bob, works for the United States Department of Health and Human Services (HHS), the administrator of Medicare (the U.S. funded medical insurance). Bob is auditing Medicare Southwest (MSW), a small subsidiary of Acme Corporation, which represents one of the largest affiliations of health-care plans in the American southwest. Both Acme and MSW are private contractors and generate the bulk of their revenues by processing medical premiums and claims.
Hire a Professional Essay & Assignment Writer for completing your Academic Assessments
Chat Now
PART I
Required:
Address the following questions as they pertain to the noted areas of concern:
Physical Security
- What concerns might Bob have about the receipt of the paper claims with the regular mail?
- Why would Bob be worried about the sharing of the facility and staff members by several Acme subsidiaries (including MSW)?
- Why would Bob be concerned that no one reviews the physical access lists for everyone who may enter the processing facility?
- Related to physical security, Bob and his staff also requested a list of recently terminated employees and a current list of employees with physical access to the data entry and/or data center facilities. Using these lists, what types of tats could the auditors conduct to ensure that physical and logical access is properly controlled?
Logical Security
- In addition to the recently terminated employee list, Bob and his staff requested information related to logical security. Using the following requested information, what types of tests could the auditors conduct to ensure that logical access is properly controlled?
- The current list of employees with logical (system) access privileges to the claims processing system, including users and administrators.
- List of security software parameters, such as password length/type, number of logon attempts allowed; etc.
- Procedures to control changes to claims processing and support software, along with logs or other records, which list recent changes.
Personnel
- What unique concerns might Bob have regarding the use of temporary employees?
- Why would Bob be concerned about the activities of the “single data entry manager”? What types of controls should be implemented?
- Why would Bob be worried that the adjudication staff can resubmit claims “without further review”?
- Bob learned that a single system programmer can write, test, and approve changes to the claims processing system software. Why is this a concern?
PART II
Required:
Address the following questions as they pertain to the noted areas of concern:
Audit Techniques
- Bob and his staff purposefully embedded 20 fictitious daims, which included the same type of data as a real claim, into the daims processing program. What is the name of this auditing technique, and what is its purpose?
- Bob also discovered that audit modules had been embedded within the daims processing program. These modules flag claims that exceed a specific dollar amount for a claimed procedure and records them in a special audit log. What is the name of this auditing technique, and what is its purpose?
- Bob and his staff decided to review the amounts submitted for payment for a particular sample of daims and then compare them with the actual amounts paid to the providers. Bob noticed that the amounts paid were consistently slightly lower than the amounts submitted. Since the difference only amounted to a few cents for each claim, why would Bob be concerned about this?
- Fraudulent claims have been a frequent concern in the Medicare program, including:
- multiple claims for medical procedures that are usually not performed on the same patient more than once within a particular time period (e.g. organ transplants).
- claims for medical procedures that cannot be performed for a particular patient (e.g. physical therapy coma patients).
- claims for deceased individuals.
How can Computer Audit Software (CAS) assist auditors in identifying these types of fraudulent claims?
- To determine if the five-cent discrepancy for every third claim was fraudulent, what types of procedures might be used?
The post Auditing a Private Third-Party Claims Processor for Medicare: Investigations Case Study, MIT, US appeared first on .
