“The value of ACL goes far beyond Internal Audit. It’s a sophisticated solution that provides a considerable ROI.”
Jill Hatfield, VP, Business Risk, Mercy Health
Mercy Health is the eighth-largest Catholic healthcare system in the U.S., with 28 acute care hospitals and 200 outpatient facilities. The company operates in a seven-state area that includes Arkansas, Kansas, Louisiana, Mississippi, Missouri, Oklahoma and Texas. Mercy Health has almost 37,000 staff, including nearly 4,700 physicians, and records approximately £2.5 billion in annual revenues.
At Mercy Health, the Business Risk group is focused on promoting collaboration, interpreting data trends, and uncovering control gaps before they create regulatory and operational issues. U.S. healthcare costs are rising faster than inflation, so it’s critical for the team to mitigate supply chain risks and work proactively to prevent fraud.
The team had a clear vision of using ACL technology for widespread audit analysis, but first, they needed to demonstrate a strong return on investment. They developed a business case for the ACL implementation by holding a series of demonstrations to familiarise stakeholders with the technology and demonstrating the value by targeting quick wins.
The group began with a pilot project to uncover duplicate payments in the Accounts Payable division and re-calculate commission payments. These automated tests quickly uncovered errors providing significant savings that support the company’s bottom line. With these results, the Business Risk group easily obtained enthusiastic buy-in for the continuous auditing solution.
Prior to the ACL implementation, the Business Risk group worked closely with IT stakeholders to address security, system database access and user access concerns. They created service accounts and established appropriate provisioning and approval routing procedures. The teams also collaborated with experienced ACL consultants, who provided both remote support and spent several weeks on-site to complete the implementation and develop tailored analytics.
The focus was on automating manual processes and prioritised projects with the highest potential for time and cost savings. For example, the Treasury department was struggling to manually reconcile bank fees from more than 70 different accounts. Employees would manually skim through pages and pages of fees to find incorrect charges – an inefficient process that rarely identified erroneous charges. With ACL, staff can simply run an automated test that pinpoints anomalies for further review.
“The ACL Professional Services team was the key to our initial success. We couldn’t have achieved such great results without their help.”
Dieu Tran, Director, Business Risk, Mercy Health
In Finance, the month-end close required a five-hour data import with another five hours of processing time for each of Mercy’s 8 additional locations. The data warehouse often hit mid-process snags and would require a full re-start. Employees lost many hours to this basic task. Now, one person can launch an automated ACL analytic that imports all the data in less than three hours.
Other ACL tests target vendor data files and payroll records, perform HR benefits calculations, and automate AP duplicate analysis. Additional analytics have been created to report on DRG and APC reimbursement classification utilisation and compliance. The Business Risk team works directly with stakeholders to develop new analytics and automated projects, while using ROI calculations to prioritise its ongoing to-do list.
Mercy also equipped its employees for success by holding a series of on-site training sessions, led by ACL instructors. The combination of ACL consulting, training and technical support helps the organisation to maximise its investment and achieve its business goals.
Mercy Health has used ACL solutions to:
Audit analytics enable Internal Audit to surpass its traditional assurance role and to deliver significant cost savings and enhance productivity. The Business Risk team now integrates ACL into its planning process and applies the technology to each audit project.
The ACL solution includes a secure, permission-based repository where users and stakeholders can share analytics, results and data files. It prevents task duplication and promotes audit consistency. Staff members also have access to critical data without relying on IT intervention. Instead of making requests or waiting for slow imports, users can quickly obtain the files they need – without compromising data integrity.
With a tailored continuous auditing solution Mercy has achieved a significant return on their investment. They have more than recovered the cost of the solution and continue to identify duplicate and erroneous payments and find and prevent revenue leakage, errors, and inefficiencies. The Business Risk team is automating processes across multiple business units and using sophisticated analytics to mitigate risk.
As staff gain deeper traction with ACL, Mercy will use the solution as a proactive way to uncover fraud, while still maintaining whistleblower programs. In addition to what was previously in place the team plans to create tests that monitor electronic health record access and ensure compliance with the Health Insurance Portability and Accountability Act (HIPPA). The Business Risk team will continue to implement full-population audit analytics that offer timely insight into business assurance issues.