Friday, June 24, 2011

NY Medicaid Fraud Inspector General – Good Auditor or Obsolete Audit Methods?

Crain’s New York Business.com  reported this week that New York’s Medicaid Inspector General has been asked to resign within 30 days by New York’s Governor. I’m deeply concerned about this firing and its impact on  the auditing profession.

New York's Medicaid program is the most expensive in the nation at $52.8 billion a year. Inspector General Jim Sheehan and his staff reportedly recouped more than $1 billion in improper payments and fines since he took the job in 2007. Mr. Sheehan's tactics though have enraged many in the hospital and nursing home arena, sparking legislative hearings in 2010 by now-former Long Island state Sen. Craig Johnson.

Crain’s reported, “Those Mr. Sheehan crossed have been quick to say they will not be sorry to see him go. Their main criticism is that, unlike health insurance companies, he treats all payment errors as fraud or abuse. Insurers who find such errors typically have only 60 days to recover their money and do not impose penalties during that time.” For instance, in testimony at the legislative hearing, a nursing home lobbyist said he had seen $700 mistakes turn into $500,000 bills from the Office of the Medicaid Inspector General.
"If I were appointing his successor I'd look for someone who was not a punitive nit-picker, someone who would do the job without the 'gotcha' attitude,'” said Neil Heyman, president of the Southern New York Association, a nursing home group.
Crain’s said, “Mr. Sheehan's position has been that there is nothing wrong with treating any accounting error as “Medicaid abuse” or with using extrapolation to estimate how much that error should cost the facility that made it.”
So who is right?
In my mind, there is a big distinction between errors and fraud. One you fix. The other you prosecute.
Auditors have to be very careful to be sure the elements of fraud exist. The act must be deliberate and designed to deceive. Most people define health-care fraud as "the intentional misrepresentation of a material (important) fact submitted on, or in support of a claim for payment of a health-care insurance claim, or the theft of money or property belonging to a health plan or health insurance company."[1]
I talked with staff in the Medicaid Inspector General’s Office to find out if in fact there was any validity to the concerns of the health care providers subject to review by the Inspector General’s Office. My sense is obsolete audit methodologies may have been used. From what I understand, too often, auditors relied on a sample of transactions and assessed whether those transactions complied with all requirements. When a problem was found, they would project the finding to the population (statistical sampling) and assess a dollar amount against the provider.
This is an acceptable audit methodology and is defined in the auditing literature. It also is a dying methodology that has been replaced by more sophisticated data analysis and data mining techniques that examine the whole population of transactions and draws conclusions on the specific identifiable transactions that are fraudulent or in error. It may be combined with statistical sampling in limited situations when the number of exception transactions is exceedingly large.
For example, when I was leading the New York State Comptroller’s Medicaid audit team, we analyzed a database of sex offenders, compared it to the Medicaid client database and sought out all of the sex offenders on Medicaid who were getting erectile dysfunction drugs (i.e. Viagra). Using data analysis, we did not have to look at a sample of transactions and extrapolate to the population. We knew exactly how many and who were getting these drugs. Sex offenders getting Viagra was not right, but it wasn’t fraud. The problem was fixed when the federal government banned these drugs from the Medicaid program based on our audit.
Using mapping software, we could narrow down clients going to Medicaid providers who were coming from locations that were not reasonable. We could also track where prescription drugs were being filled to assess reasonableness. This technique has been expanded to other areas and proven quite fruitful as a fraud tool. Many of these transactions turned out to be fraudulent.
Using more modern techniques, the Medicaid auditors in the State Comptroller’s Office were able to find close to $2 billion in improper payments - about double the $1 billion found by the Inspector General. The Comptroller’s auditors are in a significantly smaller audit shop, but more successful because of the cutting edge techniques they use.
I’m concerned about the firing of Mr. Sheehan. If the firing is not properly explained and justified, it creates an environment of fear that will cause future auditors not to aggressively pursue the cheaters we know exist in the State’s Medicaid program.
If the Inspector General used obsolete audit techniques that unnecessarily penalized Medicaid providers, shame on him. If he was using cutting edge techniques and going after the true cheaters and they simply don’t like it, shame on them.
I respectfully ask Governor Cuomo to more fully explain the need for the resignation of New York’s Medicaid Inspector General. As a former prosecutor of Medicaid fraud when he was Attorney General, Governor Cuomo has an appreciation for the challenges confronting auditors and prosecutors in doing what’s right.

Monday, June 20, 2011

Consolidating Auditing Standards

Without much research, I can identify seven professional associations I follow which issue auditing standards.

These include:
  1.  AICPA
  2. GAO
  3. IFAC
  4. IIA
  5. INTOSAI
  6. ISACA
  7. PCAOB

Each of these professional associations has a vested interest in issuing standards and they do so claiming they serve a specialized group of auditors. The reality is, many of these standards overlap and it becomes difficult for practitioners to stay current in all areas.

In light of the globalization that is occurring in today’s world there has been some movement towards consolidating the guidance in the accounting and auditing professions.

The International Accounting Standards Board has been making progress trying to standardize guidance on accounting principles. “The goal of the IFRS Foundation and the IASB is to develop, in the public interest, a single set of high-quality, understandable, enforceable and globally accepted financial reporting standards based upon clearly articulated principles.”

The AICPA Auditing Standards Board (ASB) and the International Auditing and Assurance Standards Board (IAASB) are working on the Clarity Project, with a goal to converge U.S. GAAS and international standards on auditing (ISAs) by December 2012. Their hope is to make GAAS for nonpublic companies easier to understand and apply, as well as more consistent across international borders, while avoiding unnecessary conflict with auditing standards for public companies issued by the PCAOB.

Among the most significant changes are:
  • A change to a consistent and more readable format for all standards;
  •  A change in the authoritative status of the traditional 10 generally accepted auditing standards;
  • Changes in the wording of the auditor’s report; and
  • Changes in standards for group audits.

But the problem remains that the PCAOB and the other standards issuing bodies are not on board and working towards the public interest of clarifying and simplifying auditor expectations.

We have standards overload today. The professional associations need to work together to produce a common set of auditing standards that meet the needs of the auditing profession.

Saturday, June 11, 2011

A Good Auditor has Courage

Many times I read audit reports and a crucial element of the audit finding is missing – the cause of the findingSometimes, auditors will identify a component of internal controls as a cause – typically, some policy or procedure is lacking.

This comes from the Government Auditing Standards which defines cause as one of the five elements of a good audit finding. Specifically, it says:

4.17 CauseThe cause identifies the reason or explanation for the condition or the factor or factors responsible for the difference between the situation that exists (condition) and the required or desired state (criteria), which may also serve as a basis for recommendations for corrective actions. Common factors include poorly designed policies, procedures, or criteria; inconsistent, incomplete, or incorrect implementation; or factors beyond the control of program management.

This standard focuses on lower level causes which are not controversial. If there are poorly designed policies or procedures, the next logical question is to ask why. Is it because management failed to  assess risk in this area? Is management incompetent?

Often, auditors will not focus on the higher level causes because it is controversial and may create conflict with the senior staff being audited.

Without getting to a higher level cause, it is not possible to make a real recommendation that will actually bring about change.

This week, I did read an audit report where the Inspector General of the Nuclear Regulatory Commission had the courage to take on the management style of the Chairman of the Commission. You can read the report
 at:
http://republicans.energycommerce.house.gov/Media/file/Hearings/Environment/061411/IGREPORT.PDF

The Inspector General paints a complex picture of Commissioners and senior NRC staff being misled by Chairman Gregory Jaczko, of critical information for Commission decision-making being withheld from Commissioners, and of matters required for full Commission action being blocked from resolution. He describes the Chairman’s bad behaviors in his interaction with staff members and other Commissioners. For example, the Chairman would use his power to approve foreign travel as a way to get other Commissioners to support him on issues.

Congratulations to Inspector General Hubert T. Bell and his team. They had the courage to address some real issues that negatively affect professional staff concerned with public safety of nuclear matters.

Tuesday, June 7, 2011

Follow-up on Auditors in the Doghouse

I think the comments in response to the Barron's column by  JIM MCTAGUE are worth reviewing. It gives you a sense of the frustration people have with auditors not doing their job.

http://online.barrons.com/article/SB50001424052970203757604576204502663552710.html?mod=googlenews_barrons#articleTabs%3Dcomments

Auditors in the Doghouse

Here's an interesting article in Barron's - March 19, 2011.


"The financial statements of Lehman Brothers, AIG, Fannie Mae, Freddie Mac, Washington Mutual, Bear Stearns and Countrywide all were graced with unqualified opinions by their auditor a few months before each of them entered bankruptcy or had to be rescued. Small wonder, then, that a survey by PCAOB's Investor Advisory Group released last week found that 45% of the respondents, which included CFOs, COOs, audit committee members and investors, said audit reports don't provide enough valuable information; and close to 80% said they'd like auditors to disclose more about financial statements and audit risk."

Monday, June 6, 2011

Audits must be founded on independence and skepticism

PCAOB chair, Jim Doty's June 2, 2011  speech, "Rethinking the Relevance, Credibility and Transparency of Audits is a must read for auditors.

Mr. Doty’s identified a number of important challenges to the auditing profession.

He’s concerned about auditor independence, auditor skepticism, whether auditors communicate effectively, the need to bring more transparency about how audits are conducted and how the PCAOB inspection process works.

As my blog on Going from the Big 8 to the Big 0?? pointed out, the issue of independence is fundamental to an effective auditing system if it is to bring real accountability to stakeholders (creditors, shareholders, future shareholders, taxpayers, the public). So is the issue of professional skepticism.

Mr. Doty cited the inherent conflict that exists when audit firms are hired by the company to be audited. Mr. Doty said, “Auditors are, after all, paid by the clients they are charged with policing. As in other professions, auditors want to advance in their chosen profession which often means keeping the client happy and growing their business.

To address some of these concerns, the PCAOB is considering several approaches:
  • Discussing changes to the auditor’s report to better communicate what auditors actually do.
  • Determining whether mandatory auditor rotation would help address the problems caused by the need to keep clients happy.
  • Providing more context about the PCAOB inspection process and results to audit committees.
  • Considering a requirement that engagement partners sign audit reports with their own name in addition to the firm’s name.

These are good first steps, but they also do not address the work auditors should be doing to find the real problems that may exist in the financial statements. Many of the traditional audit procedures are old and obsolete. Finding fraud depends on professional skepticism, but it must go far beyond examining documents and assess the substance of the underlying transaction(s).

I like Mr. Doty’s willingness to begin assessing the challenges and seeking to bring about change.