The following article is adapted from an original piece written by Rebecca Welker (FHFMA, CIA) in the U.S.
John Gavens (Partner – Audit & Assurance, Findex) has tailored the content for an Australian audience.
In Australia, the most significant risks to healthcare organisations relate to clinical governance. However, traditionally internal audit activities have focussed on financial risks and controls, and have ignored clinical areas such as clinical governance.
The scope and complexity of risk in the present highly regulated, value-driven healthcare environment requires healthcare organisations to rethink the value they are getting from their use of Internal Auditors.
At Findex, we believe that by bringing together clinicians and internal audit professionals to work alongside each other, our clients are able to achieve better value through clinical audits across core elements/strategies of the health service. This may include measuring compliance of healthcare delivery and operations against industry standards, with the goal of identifying actions to address key risks and assist in improving care delivery and patient outcomes.
Three Lines of Defence
In a 2013 position paper, the Institute of Internal Auditors (IIA) described a model for effective risk management and control consisting of three lines of defence; management control serving as the first line of defence, the various risk management and compliance oversight functions as the second, and independent assurance as the third. “All three lines should exist in some form at every organisation, regardless of size or complexity,” according to the IIA.1
In healthcare, the quality improvement initiatives most hospital and health system Clinical Departments have been immersed in for years represent the first line of defence. The additional work of internal quality and compliance departments to monitor these clinical efforts provides the second line of defence. The third line of defence uses an independent resource (the organisation’s internal audit department, an outside firm, or a team consisting of internal audit professionals from both within and outside of the organisation) to examine clinical processes from both the design and operations perspectives to identify gaps in elements that are needed to produce strong care delivery processes. Audit activities at each line of defence provide different perspectives that are necessary to drive performance improvement.
The significance of the work performed by the first and second lines of defence is without question. The third line of defence – review by an independent resource – takes a cohesive look at the workflow design, technology, culture, education, training, communication, policies, protocols, and metrics related to a given aspect of clinical care (see exhibit). Each one of these areas can have an impact on the efficiency and effectiveness of care delivery. This clinical audit focus provides a clear picture of what is working and what is not working, which creates the potential for care delivery risk.
Exhibit: Clinical Audit Focus
Considering the complexity and demands of the current regulatory environment, this third line of defence is essential. For example, a third-party clinical audit might help a healthcare organisation that is struggling to comply with evidence-based practices for the management and treatment of ventilator-associated pneumonia, discover that the root cause of an issue actually stems from the inconsistent use of available electronic medical record technology and incomplete order sets. This lack of clarity hinders the organisation’s ability to provide timely care that aligns with evidence-based care protocols. The clinical audit can help pinpoint these performance gaps and provide the insight needed to develop sustainable solutions.
But we have accreditation!
Accreditation is like passing an exam – an end itself. It does not bring about systemic and cultural change. It does not ensure that processes are continuously revised to ensure ongoing improvements and better practice.
Steps to Success
For many healthcare organisations, the clinical audit represents a new strategy to provide a third line of defence against clinical quality risk and patient safety risk. The following steps can help an organisation enhance performance improvement efforts and achieve clinical objectives.
1. Conduct a robust risk assessment to define areas of focus.
2. Engage both senior executives and front-line managers in the audit process, and clearly define participants.
3. Use data, establish metrics, and monitor outcomes.
4. Engage an internal auditor with appropriate specialist clinical expertise.
5. Scope the internal audit to maximise and deliver best practice outcomes.
6. Build action plans to monitor the implementation of changes.
7. Create accountability to achieve outcomes.
The need for clinical audits will grow as the demand for a healthcare organisation’s ability to demonstrate value and meet standards for quality and safety increase. These demands may be increasingly linked to financial rewards and penalties. It is incumbent upon organisations to begin exploring ways to make clinical audits a regular and ongoing part of their internal audit activities. Working together, clinicians and internal audit professionals can begin to deliver the deeper level of risk coverage required in the current value-driven environment.