Health care regulations associated with the Patient Protection and Affordable Care Act (PPACA), P.L. 111-148, have created new opportunities for internal auditors.
But internal auditors may need to get more familiar with PPACA’s provisions to help their organizations understand the risks associated with the law and their organization’s preparedness to mitigate those risks, according to a new report.
More than four in 10 (41%) of 428 North American internal audit managers said risks associated with PPACA will be moderately or extremely impactful on their organization, according to the fall “Pulse of the Profession” survey by the Institute of Internal Auditors (IIA).
An additional 37% said PPACA-associated risks will be somewhat impactful to their organizations. But among respondents who said PPACA would apply to their organization, 38% rated themselves as not very knowledgeable of PPACA, and another 43% said they are just somewhat knowledgeable.
“One of the greatest opportunities facing the profession this coming year relates to the U.S. Affordable Care Act,” IIA President and CEO Richard Chambers said in a news release. “To take advantage of this opportunity, internal audit cannot assume a reactive posture. This regulation challenges internal audit to become a visionary, proactive function in their organization.”
Being aware of the effects of regulatory activity allows internal auditors to show foresight on compliance risk issues, Chambers said.
The survey also showed that the newly refreshed internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is popular with organizations. A substantial majority (87%) plan to use the 2013 COSO framework for their control processes, while 73% used the original, 1992 version of the framework.
In addition, the survey showed that:
- Stable or increased resources for internal audit are expected with respect to budgets (90% of organizations) and staffing levels (97%) in 2014.
- Compliance risks are expected to receive greater audit coverage in 2014.
- Internal auditors are misaligned with their organizations’ priorities with respect to strategic business risks. Although 71% of respondents say strategic business risks are a top priority for executive management, 57% indicate no coverage of strategic business risks in their 2014 audit plan.
“Now is the time to get up to speed as the real risks manifest themselves,” Chambers said.
—Ken Tysiac (firstname.lastname@example.org) is a JofA senior editor.