Skip to main content

Step-by-step Guide to Developing an Effective Auditing and Monitoring Plan

By October 26, 2021Audits, Compliance

The Fourth Quarter is when most Plans work to finalize their risk assessment and their auditing and monitoring plan for the coming year. This is a good time to think about what you have been monitoring and auditing and if you think your plan is effective.

Start with the Risk Assessment

The foundation for the monitoring and auditing plan is the Risk Assessment. The Risk Assessment is driven by Compliance and must include:

  • All of the Plan’s Operational areas
  • All of the Plan’s First-Tier Entities
  • The types of risks being evaluated (beneficiary harm, complexity of services performed, etc.)
  • The level of risks (e.g., high, medium, low)
  • Ranking of Operational areas/First-Tier Entities from highest risk to lowest risk

The Risk Assessment is a living document and should be updated throughout the year.  The Risk Assessment translates into the auditing and monitoring plan. Based on the tenants of an effective compliance program, the Risk Assessment should look for opportunities to detect, correct and prevent non-compliance.

Understand the Difference Between Monitoring and Auditing

It’s easy to get confused between auditing and monitoring.

Monitoring Auditing
Occurs on a routine basis (Daily, Weekly, Monthly) Is performed periodically
Designed to confirm compliance and Is a retrospective review with a methodical approach and sampling of cases
May be done by the operational area of business unit. Auditors should be independent of the area or department they are monitoring

Build the Monitoring and Auditing Plan

Based on the results of the risk assessment an auditing and monitoring plan should be built. Some monitoring should be done of all operational areas and first-tier entities. Audits may be more focused based on risk and resource constraints. Compliance should coordinate all monitoring and auditing efforts with the operational areas.

The auditing and monitoring plan should identify key metrics that will be reviewed. Avoid being complacent and push to monitor metrics that are meaningful. Have ongoing conversations with the operational areas to be sure it is clearly understood what the monitoring is intended to detect and if sample sizes are adequate.

The results of the monitoring and auditing plan should be approved by the Compliance Committee annually and more often if there are changes throughout the year.

Close Menu