Show Me the Money: A CAATTS Approach

1
Show Me the MoneyA CAATTS Approach

• Presentation Porter BroylesSeptember 8, 2008
• Houston IIA

2
My Background

• President and Founder of the TexasACL User
  Group (Austin, San Antonio, Houston.)?
• One of only two Super Users on the official
  ACL User Forum.
• Featured by ACL in their Seven Practices of
  Successful Auditors Campaign.
• Guest speaker at ACL's 2008 Annual Conference
  Connections "Advanced Scripting Automating
  Processes."

3
Imperatives on Audit

• Do More
• With Less

4
The two sentences you never want to hear

• You found two exceptions? Do you know how many
  transactions we process?

5
CAATTs

• Computer
• Aided
• Audit
• Tools and
• Techniques

6
CAATTS Software

• General Audit Software
• ACL
• IDEA
• Business Intelligence
• Business Objects
• Cognos
• SAS
• SQL
• EXCEL/Access

• Specific Audit Testing
• OFAC software
• Email Software
• A/P Software
• Surveys
• Statistical analysis
• HR tests
• Other Software
• Electronic Workpapers
• Word Processors

7
Dual Methodology

• Find leads for audit investigation.
• Quantify the findings of the audit.

8
Using CAATTS for Scoping

• Focus on areas where risk exists and problems can
  be found.
• Example Identify process codes that routinely
  cause problems.

9
Targeted Testing

• Test areas that traditional audit techniques
  could never imagine.
• Example Specific compliance issues.

10
Quantitative Tool

• After an issue has been identified, CAATTS can be
  used toQualify
• Quantify
• Example How many transactions were impacted and
  how much did it cost us?

11
As an investigative tool

• Analyze data anomalies.
• Ask, How might this impact the company?
• Look for trends (particularly where they are not
  expected.)?
• Look for exceptions (particularly where trends
  are expected.)?

12
As a Follow-up Tool

• Identify criteria around the identified
  exceptions.
• Try to identify exception via the data.
• Expand search to identify other cases.
• Investigate additional cases to see if they are
  in fact exceptions and adjust criteria above.
• Re-perform testing several months down the road.

13
As a new control

• If CAATTS can identify a problem, then CAATTS can
  be the basis for Continuous Monitoring or
  Continuous Auditing.

14
Example 1Regulatory Compliance

• Health Insurance
• If a policy covers maternity benefits, then you
  cannot deny benefits as a pre-existing condition.

15
Risk

• The company previously cited.
• Failure to comply could result in the company
  being cited for Willful Non-compliance.

16
Six Claims

• 1) Denied as pre-existing conditions.
• 2) Rejected by the system to be manually
  processed.
• 3) Processed by the same individual.

17
Traditional Audit

• Could not have identified these claims.

18
Example 2Quality Assurance Review

• QAR Program monitored Customer Service
  Representatives of major company.

19
Why did it matter?

• Training ground for all other departments.
• Good reviews produced automatic bonuses and
  raises. As well as the prerequisite to being
  promoted.
• CSR's with poor reviews were dismissed.

20
QA Review

• Management had assessed the QAR process and
  confirmed it worked.
• They
• 1) Had the QAers review the same call.
• 2) Reviewed the QAers calls/assessments.

21
What We Did

• We decided to look at the average score given by
  each QAR to determine their average score versus
  the overall average score and standard deviations
  for all QAR's.

22
What We Expected
23
What we found
24

• Example 3 Insurance Fraud

25
Background

• In 2004, a major insurance company decided to
  offer independent health insurance via the web.
  Apply on-line, answer some questions, and
  assuming your answers triggered no red flags, you
  were covered the next day.

26
Categories of Applicants

• Depending on the problem and history
• Policy approved.
• Policy denied.
• Policy sent to underwriting.
• Approved with no limitations.
• Approved with limitations.
• Denied.

27
Adverse Selection

• Anti-fraud control Every month, the unit
  extracted policies that had been issued in the
  past 6 months and incurred more than 2,000 in
  claims.
• NOTEThe company spent 150,000 to have an
  accounting firm design and validate this control.

28
Problems

• Doctors could submit claims up to 90 days after
  service.
• Claims could take up to 45 days to process.
• Claims might not be Clean thus take longer to
  process.

29
Alternate Method

• Internal Audit decided to investigate new members
  looking at diagnosis codes.

30
One Patient

• Obtained coverage on the last day of the month
• The patient went to a doctor on the first day of
  coverage for a medical condition on the
  Automatic Denial list.
• Two months later patient had major surgery.

31
Patient's Total Expenses

• 350,000
• Not recoverable

32
Patient's Coverage

• Lapsed due to non-payment after physical therapy
  ended.
• Patient would have never been identified using
  approved method.

33
Estimated Total Payments

• 700,000
• Not recoverable

34

• Questions?