Palomar Pomerado Health

Audit and Compliance Board Committee

Agenda

PPH Grand Office Bldg Thursday, March 17, 2011 456 E. Grand, Escondido 5:15 – 6:45 P.M. Conference Room — 1st floor

Call to Order Public Comments Item Presenter Page Mins

1.

2.

3.

4.

5.

6.

7.

* Meeting Minutes – February 17, 2011 * Review External Audit Engagement - Deloitte Internal Auditing & CCM - Committee Education 2011 Audit Plan External Audit Engagement

* Date/Time/Location of Next Meeting – April 21, 2011 Adjournment

T. Kleiter

M. Kawauchi

T. Boyle

T. Kleiter

T. Boyle

T. Kleiter

T. Kleiter

2-4

N/A

5-24

25-35

36-39

N/A

N/A

5

20

30

15

15

5

5

Nancy Bassett, R.N, Chairman Michael Covert, CEO John Lilley, M.D. Ted Kleiter, Director Janine Sarti, General Counsel Lachlan Macleay, M.D. Bruce Krider, Director Bob Hemker, CFO Linda Greer, R.N., Director (Alternate) Tom Boyle, District Audit Officer Marty Knutson, Corporate Compliance Officer Pernell Jones, Admin Fellow

*NOTE: Asterisks indicate anticipated action; action is not limited to those designated items. “In observance of the ADA, Americans with Disabilities Act, please notify us at (858) 675-5230,

forty-eight hours prior to meeting so that we may provide reasonable accommodations”.

Palomar Pomerado Health AUDIT & COMPLIANCE

BOARD COMMITTEE MEETING 456 E. Grand Ave.

1st Floor Conference Room February 17, 2011

AGENDA ITEM/

PRESENTER DISCUSSION CONCLUSIONS/ACTION

CALL TO ORDER 5:15 P.M. by Director Bassett. Present: Directors Kleiter and Krider Also attending: Michael Covert, Bob Hemker, Tom Boyle, Marty Knutson, Janine Sarti, John Lilley, M.D., and Lanissa Weddington

NOTICE OF MEETING Notice of Meeting was posted consistent with legal requirements.

PUBLIC COMMENTS There were no members of the public present.

APPROVAL OF MINUTES January 20, 2011

MOTION: by Director Kleiter, 2nd by Director Bassett and carried to approve the minutes of January 20, 2011 as submitted. All in favor. None opposed.

COMPLIANCE AND ETHICS COMMITTEE REPORT

Mr. Hemker reported on the Compliance and Ethics activity for the months of January and February. The full reports were included in the packet for the committee’s review. Mr. Hemker noted that the Code of Conduct was approved by the POM MEC and went to the Board for adoption on February 14, 2011.

2

AGENDA ITEM/ PRESENTER

DISCUSSION CONCLUSIONS/ACTION

He also informed the committee PPH will be facilitating HCPro's Medicare Bootcamp at PPH in May. Mr. Hemker reported that the committee has heavy involvement with executive leadership, has good attendance and is meeting expectations. There are approximately 14 members with both clinical and business representation.

COMPLIANCE HOTLINE ACTIVITY REPORT

Ms. Knutson presented the quarterly compliance hotline activity report for the months of October – December 2010. The report included allegation types, detail on actual calls and web submissions received and a monthly comparison of page views on the Compliance Intra and Internet sites. The full report was included in the packet.

COMPLIANCE AND ETHICS PLAN

The committee reviewed the draft Compliance and Ethics Plan. The plan will replace the Compliance Program Policy. The Compliance and Ethics Plan will meet the Federal Sentencing Guidelines for Organizations and Compliance Plan requirements from the Office of the Inspector General (OIG). Ms. Knutson addressed seven elements the Federal Government established for compliance and ethics plans. The seven elements are: (1) respond to offenses and prevent repetition, (2) assign specific responsibilities to individuals, (3) establish standards and procedures, (4) use due care in choosing and retaining those with discretionary authority, (5) methods to communicate standards and procedures, (6) check performance against standards in various ways, and (7) consistent enforcement of standards (discipline and incentives). Ms. Knutson also discussed the Board’s role with regard to the Compliance and Ethics Plan. The Board’s role is (1) to be knowledgeable about the content and operation of the compliance and ethics program, and (2) exercise “reasonable oversight” about its implementation and effectiveness.

MOTION: by Director Krider, 2nd by Director Kleiter and carried to approve the Compliance and Ethics Plan.

3

http://www.google.com/url?sa=t&source=web&cd=1&sqi=2&ved=0CBwQFjAA&url=http%3A%2F%2Fwww.hcprobootcamps.com%2F&ei=UBNcTdfnLIO8sAO9luSRCg&usg=AFQjCNEE0nZLj8-igXrxESD39mr5LJfGpg

February 17, 2011 Audit and Compliance Board Meeting Minutes Page 3 of 3

AGENDA ITEM/ PRESENTER

DISCUSSION CONCLUSIONS/ACTION

CODE OF CONDUCT – ROLL OUT PLAN

Ms. Knutson gave a status update on the Code of Conduct. Employees, Medical Staff and Volunteers will be receiving a letter with the Code of Conduct in the mail. Employees and volunteers will have until April 30, 2011 to commit to the Code. Medical Staff will commit to the Code at the time the time of staff appointment. The web address to the compliance hotline was changed to www.speakingupatpph.net. A “what the Code of Conduct means to you” contest will be announced in April. The winner will have a lunch with Mr. Covert.

CLOSED SESSION The committee recessed into closed session. OPEN SESSION & ADJOURNMENT

The committee reconvened into open session for adjournment at 8:00 P.M.

Director Bassett moved to adjourn.

DATE/TIME & LOCATION OF NEXT MEETING

The next meeting of the Internal Audit and Compliance Committee is tentatively scheduled to be held on Thursday, March 17, 2011 at 5:15 p.m. in the 456 E. Grand Conference Room.

SIGNATURES Committee

Chairperson

Secretary to

Committee

________________________

[Nancy Bassett, R.N., M.B.A.] ________________________

[Lanissa Weddington]

4

http://www.speakingupatpph.net/

ContinuousMonitoring

InternalAuditing

Palomar Pomerado HealthAudit and Compliance Committee

March 17, 2011

Committee Education Session

And

5

Agenda

1. What is Internal Auditing

2. What is Continuous Monitoring/Auditing

3. Why Audit Automation is Essential

4. Audit Automation at PPH

5. Summary

6

“Internal Auditing is an independent, objective assurance and consulting activity

designed to add value and improve an organization's operations. It helps an

organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness

of risk management, control, and governance processes.”

WHAT IS INTERNAL AUDITING ?

- The Institute of Internal Auditors 7

Limitations of Traditional Audits

• Analysis frequently occurs long after transaction has taken place– Too late for action

• Lack of timely identification of control risks and deficiencies

• Problems escalate - risks increase

The Solution Independently test all transactions at, or

soon after, point at which they occur 8

“A method used to automatically perform control and risk assessments on a

more frequent basis”

-The IIA Global TechnologyAudit Guide

WHAT IS CONTINUOUS AUDITING ?

In other words, automated processes to ensure that procedures and operations are effective to ensure that the direction

of management and the Board are being carried out as planned.

9

-The IIA Global TechnologyAudit Guide

WHAT IS CONTINUOUS AUDITING ?

“Continuous auditing changes the audit paradigm from periodic reviews of a

sample of transactions to ongoing audit testing of 100 percent of transactions.

It becomes an integral part of modern auditing at many levels.”

10

“The role of internal audit needs to be considered

throughout the continuous audit cycle…In some cases,

the active participation of internal audit would be necessary to make the

continuous audit feasible...”AICPA;Continuous

Auditing research report, ©1999

WHAT IS CONTINUOUS AUDITING ?

11

• A growing trend where key business processes are reviewed for effectiveness and compliance on a regular and timely basis

• A means to reduce business risk and increase operational efficiency

• Reviewed by an independent audit function to validate results and integrate controls and processes

WHAT IS CONTINUOUS MONITORING ?

12

WHAT IS CONTINUOUS MONITORING ?

•Allows management to monitor their own controls in their responsibility to meet organizational objectives

•Focus on analysis of results and correcting problems rather than gathering data.

13

Auditor’s Role in Continuous Monitoring

• Validation of Continuous Monitoring (CM) tests– Design– Processing

• Control of the Continuous Auditing process– Change controls– Totals reconciliations– Audit trails

• Security over access to the CM system• Security over changes to tests and test parameters • Processing audit trail• Follow up procedures – response to control deficiencies

detected14

“(management and auditing) processes must change radically so that they better use technology to check all of the financial (and related) data, all the time, to continuously search for anomalies and other indicators of controls problems or of outright fraud and abuse”

Sarbanes-Oxley Compliance Journal- Feb 9 2005; CONTINUOUS FINANCIAL CONTROLS REVIEW PROCESSES

By Grady E Means and J Donald Warren, Jr PhD, CPA.

Auditor’s Role in Continuous Monitoring

15

CONTINUOUS MONITORING Vs CONTINOUS AUDITING

• Continuous Monitoring is targeted to management

• Continuous Auditing is targeted to auditors

16

MONITORING INTERNAL CONTROLS

Management Involvement

Audit Effort

Less

More Monitoring

More Work

Less Work

Inverse relationship: the greater the role of management, the less

of a direct role of internal audit

17

•Timely discovery of fraud, waste, abuse Identify issues and risks when they occur, not months/years later

•Identification of control deficiencies

•Examination of consistency of processes

•Expanded audit coverage

•Shorter audit cycle

BENEFITS OF AUDIT AUTOMATION(Continued)

18

•Reduced audit staff time, costs

•Increased ability to mitigate risk

•Increased confidence in financial results

•Reduce financial errors - potential for fraud

•Eliminate recurring control assessments

•Sustainable, integrated control system

BENEFITS OF AUDIT AUTOMATION(Continued)

19

• Proactive – Not Reactive Approach– Identify, quantify, remediate

• Cost Savings– Automate manual tasks

– Reduce waste, misuse, fraud

• Management Confidence– Assurance that controls are working

• Regulatory Compliance– Demonstrable and auditable

BENEFITS OF AUDIT AUTOMATION(Continued)

20

Allows auditors to:• Build customized analytics to test key controls• Run tests automatically on a regular basis• Identify and quantify exceptions and anomalies• Embed best-practice control rules and

parameters• Provide easy, secure access

BENEFITS OF AUDIT AUTOMATION(Continued)

21

Allows auditors to:• Efficiently investigate abnormal results and

suspicious transaction• Trend and analyze historical results• Transfer knowledge of auditing, monitoring to

management/staff• Create a positive organizational culture change

BENEFITS OF AUDIT AUTOMATION(Continued)

22

Continuous Controls Monitoring Continuous Controls Monitoring

Clinical Utilization

Lab & Rad

Case Management

Complex Cases

Daily Unit Discharges

Medicare INPs & OBS

Compliance Excluded Providers

Finance Discount Pricing

Price Differences

Duplicate Invoices

Department Expenditures

Unclaimed Refunds

Managed Care Contract Performance

Internal Audit

Information Security

Process Automation

AX Admin

Audit Analysis

Process Admin

PFS PFS Dashboard

Performance Excellence

Daily Census

23

CERNER

AVEGA

LAWSON

Data Definitions

Standard Tests

Analytical Results

Auditors & Dept Specialists

Establishes data access protocols

Creates/distributes standard tests

Ensures data integrity

Analytical Results

Automated Data AcquisitionReview/Monitor test results

Department Managersand other users

Perform Ad Hoc Analysis

DATA

DATA

DATA

EBCDC

ASCII

PDF

Print Image

Flat Files

Delimited

Informatica ETL

Efficient Data Access

ODBC

DBF

CSV

Excel

Access

Up-to-date results

Customize needs

EDUCATION SESSION

HOW ACL WORKS !

24

Palomar Pomerado HealthInternal Audit

Report to The Audit and Compliance Committee

March 17, 2011 25

Arch Partners

PMC West

Palomar Medical Center

Pomerado Hospital PCCC

Escondido Surgery Center

Villa Pomerado

Internal Audit Department Universe

26

Internal Audit Process

27

Notification

Steps to Perform during an AuditSteps to Perform during an Audit

Planning

CommunicatingResults

Fieldwork

Access to Information

Entrance Meeting

Draft Report

Exit Meeting

Final Draft

Final Report Issued

Advance notice is provided to key stakeholders who may include Department Directors and their Executive Management Team (“EMT”) sponsor, vendors, or PPH affiliates. This is typically in the

form of an “Engagement Letter”

for formal audits. In situations, where fraud or illegal activities are suspected, some projects may have little or no notice.

For new projects, this phase includes gathering preliminary background information, developing audit approach and developing audit programs. For ongoing activities, such as long-term construction activities, planning has been established globally but specific review or adjustment of audit scope may be warranted to reflect the particular uniqueness or relevance to the auditee or trade.

An entrance conference is usually held to discuss the purpose, procedures, goals, schedule, scope, timing of the audit and any issues that management may have related to the audit. This dialogue may be conducted along with the presentation of the engagement letter. Attendees will include the relevant stakeholders, which may be vendor representatives: EMT executive or designee, department director, department manager and key personnel as appropriate.

The auditors may request documentation from auditee management prior to beginning or during fieldwork. Such items include: organizational charts, contact information, financial records, transaction files, access to data, policy and procedures, contracts, etc.

This phase is what is typically thought of as the audit work. During this phase, the auditor(s) may perform work both on and off site

IAS discusses all observations with the auditee management before fieldwork is completed. Auditees are given draft findings to review before the formal audit report is issued.

After completing fieldwork and validating findings and observations with auditee management, the auditors will develop a draft report.

Closing conferences are held for each audit engagement to clarify and validate findings and resolve any concerns the auditees

may have about the audit report. Comments regarding the audit and observations noted in the draft report will be discussed at this meeting. Attendees are typically those who also attended the entrance conference.

After the exit conference the final draft is issued to management. We typically request that management write responses to recommendation

made in the report. Management is typically given two weeks to submit written responses to audit findings and recommendations.

A final report, including management responses, is presented to the management of the areas, along with other appropriate stakeholders or EMT members, and to the Audit and Compliance Committee.

28

Continuous  Controls  

Monitoring15%

Operational22%

Compliance13%

Financial26%

Fraud16%

Information Technology

6%

Clinical2%

Financial Audits: Independent evaluation performed for the purpose of attesting to the fairness, accuracy, and reliability of financial data.

Information Systems (IS) Audit:Reviewing a data center, an operating system, a security software tool, or processes and procedures (such as the procedure for controlling production program changes).

Clinical Audit: A quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change.

Compliance Audit: Is a comprehensive review of an organization's adherence to regulatory guidelines

Fraud Audit: preventive measure to reduce business risk.

Operational Audit: Policies and achievements related to organizational objectives. Internal controls and efficiencies may be evaluated during this type of review.

Continuous Control Monitoring( CCM): Is the process and technology used to detect compliance and risk issues associated with an organizations financial and operational environment.

TYPES OF AUDITS

Continuous  Controls  

Monitoring15%

Operational22%

Compliance13%

Financial26%

Fraud16%

Information Technology

6%

Clinical2%

TYPES OF AUDITS

29

Audit Project

Con

tinuo

us

Con

trol

s M

onito

ring

Ope

ratio

nal

Com

plia

nce

Fina

ncia

l

Frau

d

Info

rmat

ion

Tech

nolo

gy

Clin

ical

Description of Scope and Objectives*

Case Management x x x IAS assists to reduce the risk of unfavorable RAC findings by obtaining the following reports, in compliance with Medicare regulations: Identify Inpatient Outpatient Status x x x Perform daily review of Medicare inpatients and observations.Complex Cases x x x Perform weekly review of unfunded complex cases.Daily Unit Discharges x x x Perform daily review of discharged Medicare patients as part of the Important Message (IM) procedure.

Clinical Utilization x x x IAS performs monthly trend review of numbers and charges of Lab and Rad tests for ICU patients in support of costs reduction.Compliance x x x IAS performs monthly review of excluded providers from OIG and GSA. Additionally, PECOS will be included in this review in the near future.Finance x x x x IAS assists the Accounts Payable department to identify the following:

Duplicate Invoice Test x x x x Obtain a monthly report of possible duplicate invoices to eliminate/recoup duplicate payments.Identify Discounts not taken x x x x Obtain a monthly report of missed price discounts.Identify Price/Payment Variance x x x x Obtain a monthly report of significant price differences between purchase orders and invoices to assist in process improvement and reduce payments.Identify Vendor Pricing Difference x x x x Obtain a monthly report of price differences between vendors in support of obtaining lower pricing.Report Monthly Expenditures by Dept x x x x Obtain a weekly generation of expenditures report for all departments.Report of Unclaimed Refunds x x x x Obtain a monthly acquisition of last date of payment for unclaimed refunds.

Managed Care x x x IAS obtains a weekly report of contract performance to identify shifts in utilization which can be addressed when negotiating the future contracts.

Internal Audit x x x xIAS obtains a monthly review of the list of recipients of CCM reports which contain HIPAA sensitive information. This review checks to see if recipients have changed departments, positions, or left PPH so that their continued access to these reports can be adjusted appropriately.

Process Improvement via Automation x x IAS has provided assistance in automating manual processes to free up limited resources for more important tasksPatient Financial Services x x x IAS performs a weekly generation of baseline PFS dashboard.Performance Excellence x x IAS obtains a daily update of PPH facilities census.Follow-up of CCM projects x IAS will perform a follow-up investigation on currently functioning CCM projects.

Established Continuous Monitoring Controls

*NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders. 30

Audit Project

Con

tinuo

us

Con

trol

s M

onito

ring

Ope

ratio

nal

Com

plia

nce

Fina

ncia

l

Frau

d

Info

rmat

ion

Tech

nolo

gy

Clin

ical

Description of Scope and Objectives*

External Auditors x Assist Deloitte with annual financial audit.Facilitate RFP/RFQ for Financial Audit x Coordinate a Request for Qualifications/Proposals for Independent Financial Audit

Perform/Coordinate Quality Assessment x Perform an Internal Quality Assessment Review for the Internal Audit Services departmentRisk Assessment x x x x x x x Continue to evaluate emerging and ongoing organizational risksReview of Executive Reimbursements x x x Determine if EMT reimbursements were made in compliance with PPH policies and procedures Emergency Projects/Special Requests x x x x x x x Internal Audit responds to unplanned events, projects and requests which take priority over projects identified in the audit plan. Cerner Contract Mgmt x x Ensure services and payments are in compliance with contract specificRAC x x Preparedness and managementStark legislation compliance x Continued support of STARK regularities with legal and compliance Clinical Documentation Initiative x x Validation of the initiative and report processMedical Staff Credentialing/Licensure x x x Ensure appropriate credentialing and licensing process is in placePerioperative Services/Surgery x x Evaluate controls related to billing and reporting of key proceduresInformation Systems x x Assist in the increased use and monitoring of Automated Controls Bio-Medical maintenance x x x Accuracy of device inventory

Charge Master Review x x Assist / coordinate independent review : Ensure that the organization maintains and updates the chargemaster (CDM) in order to report accurate, timely charges to payers.

Independent Coding Review x x x Assist / coordinate independent review: Evaluate both simple and complex coding errors that affect diagnosis-related group (DRG) assignment.Facilities Management x x Evaluate the practices related to capital leases

Payroll Processing x x xPerform payroll audit and develop CCM tools: Evaluate the internal and business environment surrounding payroll, to ensure that internal controls are in place and operating effectively and efficiently.

Pharmacy x x Follow up of action plan from previous audit recommendationsInformation Security x x x HIPAA phase 3

Planned Projects - (with current resources)

*NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders. 31

Palomar Pomerado Health Internal Audit

Construction Audit Plan 2011- 2012

Con

trac

tual

ly

Req

uire

d Pe

riodi

c A

udits

Ope

ratio

nal

Com

plia

nce

Fina

ncia

l

Frau

d

Info

rmat

ion

Tech

nolo

gy

General Scope and Objectives

Berg Electric x x x x Electrical Contractor - Cost Reimbursable with Risk and Incentive based on Target Price. 25% of Savings between Actual Cost of Work and Target PriceDPR Construction x x x x Drywall Contractor - GMP with Risk and Incentive. 25% of Savings in GMP

University Mechanical & Eng. Contractors x x x x Mechanical & Plumbing Contractor - Cost plus Fee with Risk and Incentive based on Target Price. 25% of Savings between Actual Cost of Work and Target Price

Best Interiors x x x Exterior Framing Contractor - GMP with Risk and Incentive. 25% of Savings in GMPCo-Architects x x x Primary Architects - Fee for Service DPR - Construction Management x x x x x Construction Manager - Review compliance to contractual obligations Pinnick x x x Earthwork Contractor - Lump Sum ContractTrade Contractors x x x Various Trade Contractors - Contract-based audits mostly Lump SumOwners Construction Ins. Program (OCIP) x x x x Confirm proper accounting for mandatory insurance program for all Trade Contractors

Change Order Process x x x x x Assess the appropriateness and controls in the change order process maintained by the Construction Manager, DPR.

Retention x x x x Verify the accuracy and appropriateness of Retention held in escrow for most of the Trades ContractorsRisk Assessment x x x x x x Continue to evaluate emerging and ongoing construction risks

Ongoing Operational Projects

Planned Projects

NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders.

32

Audit Project

Con

tinuo

us

Con

trol

s M

onito

ring

Ope

ratio

nal

Com

plia

nce

Fina

ncia

l

Frau

d

Info

rmat

ion

Tech

nolo

gy

Clin

ical

Description of Scope and Objectives*

Compensation/Benefits x x x Evaluate controls related to compensation and benefits administration.Escondido Surgery Center x x Verify the appropriateness of coding and billingTechnology acquisitions x x x Analyze the process for the acquisition of new technology.Home Health Services x x Verify the appropriateness of coding and billingRady's Contract x x Ensure services and payments are in compliance with contract specific for labor and delivery processPhysician Relations Analyze the procedures defined for the administration and relations with physicians.

Finance x x x x Month End Close/GL/CCMMarketing – limited scope x x Carry-over from prior year; evaluate the effectiveness of focused marketingWelcome Home Baby Grant x x x Evaluate compliance to grant requirements Balance Scorecard x Determine the effectiveness of metrics defined by business units

Supply Chain Services x xPerform audit and develop CCM tools: Evaluate the internal and business environment surrounding payroll, to ensure that internal controls are in place and operating effectively and efficiently.

Pharmacy x x Charge management – pricing, trackingEvaluate hiring practices and retention of key personnel x Evaluate practices of hiring staff Vs. use of temps and consulting for cost effectivenessKey Business Applications x Evaluate the process for selection/acquisition of business applicationsLaboratory x x x Evaluate appropriateness of E&M Coding; Verify compliance with coding rules, payer requirements, and information flow for laboratory servicesSkilled Nursing Facilities x x x x Evaluate controls for services provided on resident's behalf, use of debit cardsSKILLED NURSING x Evaluate benefits of pharmacy move to in house or continue external management Emergency Room/ x x x Determine appropriateness of Trauma levelsFoundation – limited scope x x Evaluate controls related to the receipt and processing of funds*NOTE: This plan is intended to be a dynamic instrument, by which the priorities, scope, objectives, timing, and resources are subject to change based on changing conditions to include environmental, business operations, and availability of resources. As a result, updates to this plan will be periodically created and distributed as needed. The descriptions of each project are general in nature, with the specific scope and objectives to be developed as part of each project, usually with the cooperation of subject matter stakeholders.

Identified Risks - Proposed Projects (additional resources required)

33

Administrative Tasks: Tasks include Internet web-page and Intranet updates and preparing for the Audit Committee meetings

Professional Development:Includes future certifications and training possibilities. Seminars, webinars, local meeting and workshops.

Special Projects & Requests:Special assignments or investigations brought to Internal Audit from an internal department.

Meetings:PPH Education/meetings/events, Departmental Meetings/Training.

PTO: Vacation holiday/sick days taken into account for projects.

Available Project Hours: Include all the audits planned for the current year plus Reviews/Follow ups (Report Follow ups) and the audit not completed last year due to time.

Audit Hours for Year 2011

Administrative tasks13%

Special Projects and Requests

7%

Available Project Hours63%

Meetings8%

Professional Development

2%

PTO7%

34

2011 Internal Audit Organizational Chart2011 Internal Audit Organizational Chart

District Audit Officer

Analytics Internal Audit Construction

Sr. Internal Auditor Construction Auditor Construction Auditor Sr. Audit Info Tech Specialist

Administrative Assistant

35

Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor

Form A - External Auditor for Audit and Compliance Committee

TO: Board Audit and Compliance Committee MEETING DATE: Thursday, February 17, 2011 FROM: Tom Boyle, District Audit Officer Bob Hemker, Chief Financial Officer Background: At its January 20, 2011 meeting, the Audit and Compliance Committee discussed the need / appropriateness of putting the Annual External Audit out to bid. The premise for this consideration being the current contract with Deloitte is ending as well as the duration of time that PPH has engaged Deloitte as its Auditors. Previously, the Committee agreed to retain the services of Deloitte for another contractual term subject to rotation of the In-Charge Partner and the Engagement Manager. These requirements were accomplished and Deloitte has utilized the rotated Partner and Manager during the current contract period.

The Committee had thorough discussion on the matter and solicited input from the District Audit Officer as well as the Chief Financial Officer. It was concluded based upon the verbal discussion that for the FY2011 audit, Deloitte’s services would be utilized. The Committee requested that the District Audit Officer and Chief Financial Officer memorialize the factors that provided the basis and rational for this decision. Following is the requested memorialization:

Discussion: The Audit and Compliance Committee of the Board for PPH is entrusted with the responsibility to recommend to the Board, a public accounting firm to conduct the yearend financial audit for the PPH District. Following the creation of the Internal Audit Department and the Audit Committee of the Board in 2004, the responsibility to oversee the audit was assigned to the Committee. The Committee’s Charter/Role of Responsibilities reflects this duty and was incorporated into the charter based on current best practices. Coincidentally, Audit Committee roles were being revised nationally as a result of significant attention toward public disclosure and independence, following numerous ethical debacles involving publicly held companies. During the past 10+ years, PPH has engaged Deloitte to perform the audit. In 2007, PPH entertained an RFP process to evaluate prospective audit firms. The decision was made to remain with Deloitte, due to a variety of factors; however, the audit team management was to be replaced, in order to attain a comfort level surrounding the issue of independence. We are now approaching 5 years again and the review of our public accounting firm needs to be evaluated.

36

Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor

Form A - External Auditor for Audit and Compliance Committee

There are several factors which need to be considered while evaluating whether or not it would be appropriate for PPH to change audit firms: 1) There is an obvious and significant cost to the District in the transition of external firms, not only in terms of direct fees, but also in the additional time/energy of PPH staff in orienting an entirely new audit firm with the financial operations, business strategies, and culture of our organization. Additionally, there exists a risk that the lack of familiarity by a new team may have different results than a team who is thoroughly familiar with past operations and personnel. At a minimal, it could result in a delay in the timing of issuance of the audit report. We have stipulated dates by which the audit report must be issued to comply with bond covenants. Further, the change in auditors could likely result in a single year presentation. The ability to issue a comparative year statement would require the new auditor to rely upon and test the previous auditors work and opinion on what would become the preceding year numbers. This requires additional work, costs, and time – which as previously noted is not something we have available to us. 2) The practice of changing firms or evaluating the need to change accounting firms holds a much higher importance with publicly held companies, where financial improprieties may be driven by stockholder demands and self interest by corporate executives. The structure of a District healthcare system and the PPH compensation program is arguably distinct from SEC corporations and may not need the rigid mandate for independent oversight. Our structure already contains a publicly elected board which oversees operations throughout the year, and our district is not driven by stockholder interests. Although there are some benefits in changing firms periodically, PPH is not legally mandated to do so. 3) Always of concern is an auditor becoming too familiar with the management and staff of an organization. This can lead to perceived or real complacency and lack of independence. In the case of PPH, this exposure is significantly mitigated in that for the last several years we have issued G.O. and Revenue Bonds. As part of these issuances, it is required that our audited financial statements be including in the bond offering materials i.e. the Preliminary Official Statement and Official Statement. This inclusion requires additional levels of review by Deloitte partners at the local, regional and national office levels. Effectively, our financial statements and the underlying audit work papers are reviewed by at least 4 Partners and various subject matter experts. Significant additional independence and distancing from PPH management and staff is achieved in this process. Thus, it is concluded that a minimal exposure exists related to this risk.

37

Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor

Form A - External Auditor for Audit and Compliance Committee

4). It is important to consider the timing of a transition to another firm with regard to matters such as bond rating agency and investor community effects, internal staffing impacts, and the existence of internal transitions and operations. PPH has several unique factors to consider including our bond rating, business development/ventures and a major transition to a new facility. As it relates to our bond rating, the latest ratings cited sustained financial performance and continuity of management as positive factors. Concerning was uncertainty related to construction risks. Effectively, the agencies want to see minimal / mitigated risk and no significant change in conditions. Changing auditors at this stage of construction could be viewed / perceived as a significant change and at a minimum raise uncertainty. Despite the rational reasons for doing so, they may interpret the change in auditors is a result of issued related to the FMP, construction risks, presentation of financial information, etc. While not necessarily so, it could be their reality. It could be argued that PPH has issued and sold all of its bonds so adverse reaction by the investor community is not a substantive risk. However, it should be noted that our December 2006 bonds ($180 million) were issued as Auction Rate Securities – series A, B, and C. These bonds are reset (effectively re-sold) every week on Monday, Tuesday and Wednesday. Thus, investor interest, and therefore their review and monitoring of PPH, is happening on a weekly basis. Their interest in re-buying the bonds, and also at what interest rate they demand, could be influenced by issues / perceptions similar to those identified for the rating agencies. Conclusion is the unknown risk of external agency and investor community reaction outweigh the benefits achieved by an auditor change. 5) The External Auditor has unbridled and confidential access to the Internal Audit Department, The Board Audit and Compliance Committee and the Board of Directors. No matters have resulted requiring this access or suggesting that their independence is at risk. This relationship provides for a separation from management and reduction of risk. Summary Conclusion: PPH takes very seriously its responsibilities in providing prudent fiscal management and transparency in its fiduciary oversight responsibilities. While not directly subject to the provisions of Sarbanes Oxley, the organization has voluntarily adopted many of the guiding principles. The use and role of its External Auditor is included in this thinking. In doing so, risks and benefits of those decisions must be evaluated. The current relationship with Deloitte must be assessed in the context of their own internal evaluation and review processes and their validation of independence, thoroughness, and oversight along with PPH’s validation of the auditor’s independence through its

38

Board Audit and Compliance Committee Memo regarding use of Deloitte as External Auditor

Form A - External Auditor for Audit and Compliance Committee

Board Audit and Compliance Committee and Internal Audit Department. It is concluded that a rotation of auditors is not needed to achieve real and / or perceived independence. Further, the benefits of retaining Deloitte far outweigh the uncertainties of change at this critical time for PPH.

Budget Impact: N/A

Staff Recommendation: Information only

Committee Questions:

COMMITTEE RECOMMENDATION: Motion: Individual Action: Information: Required Time:

39

Audit-Compliance Committee Agenda 03.17.11PPH Grand Office BldgCall to Order*NOTE: Asterisks indicate anticipated action; action is not limited to those designated items.

Audit Compliance Minutes 02.17.11456 E. Grand Ave.CALL TO ORDERNOTICE OF MEETINGAPPROVAL OF MINUTESCOMPLIANCE AND ETHICS COMMITTEE REPORTCOMPLIANCE HOTLINE ACTIVITY REPORTCOMPLIANCE AND ETHICS PLANCODE OF CONDUCT – ROLL OUT PLANDATE/TIME & LOCATION OF NEXT MEETINGSIGNATURES

Education Internal Auditing and Continuous MonitoringSlide Number 1Slide Number 2Slide Number 3Limitations of Traditional AuditsSlide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Auditor’s Role in Continuous MonitoringAuditor’s Role in Continuous MonitoringCONTINUOUS MONITORING Vs CONTINOUS AUDITINGSlide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19

audit plan bodSlide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Medicare INPs and OBSFinance Monitors

External Audit Contracting Process2011-Internal Construction Audit Plan.pdf2011-2012 Construction Plan

2011-Internal Audit Risk Assessment Draft v3.pdf2011 Audit Plan