Affordable Care Act holds opportunities, challenges for internal auditors


Health care regulations associated with the Patient Protection and Affordable Care Act (PPACA), P.L. 111-148, have created new opportunities for internal auditors.

But internal auditors may need to get more familiar with PPACA’s provisions to help their organizations understand the risks associated with the law and their organization’s preparedness to mitigate those risks, according to a new report.

More than four in 10 (41%) of 428 North American internal audit managers said risks associated with PPACA will be moderately or extremely impactful on their organization, according to the fall “Pulse of the Profession” survey by the Institute of Internal Auditors (IIA).

An additional 37% said PPACA-associated risks will be somewhat impactful to their organizations. But among respondents who said PPACA would apply to their organization, 38% rated themselves as not very knowledgeable of PPACA, and another 43% said they are just somewhat knowledgeable.

“One of the greatest opportunities facing the profession this coming year relates to the U.S. Affordable Care Act,” IIA President and CEO Richard Chambers said in a news release. “To take advantage of this opportunity, internal audit cannot assume a reactive posture. This regulation challenges internal audit to become a visionary, proactive function in their organization.”

Being aware of the effects of regulatory activity allows internal auditors to show foresight on compliance risk issues, Chambers said.

The survey also showed that the newly refreshed internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is popular with organizations. A substantial majority (87%) plan to use the 2013 COSO framework for their control processes, while 73% used the original, 1992 version of the framework.

In addition, the survey showed that:

  • Stable or increased resources for internal audit are expected with respect to budgets (90% of organizations) and staffing levels (97%) in 2014.
  • Compliance risks are expected to receive greater audit coverage in 2014.
  • Internal auditors are misaligned with their organizations’ priorities with respect to strategic business risks. Although 71% of respondents say strategic business risks are a top priority for executive management, 57% indicate no coverage of strategic business risks in their 2014 audit plan.

“Now is the time to get up to speed as the real risks manifest themselves,” Chambers said.

Ken Tysiac ( ) is a JofA senior editor.


News quiz: College debt, stolen identities, and retirement planning

See how much you know about these developments and others in the Journal of Accountancy news quiz.


Preventing and detecting fraud at not-for-profits

Organizations in all industries must deal with the potential for fraud to occur, and design controls to prevent and detect it. Environment, policies, and controls can help organizations steer clear of problems.


The dangers of dabbling

To meet evolving marketplace needs, CPAs often look to diversify their service offerings. Firms can mitigate the risk of experiencing competency-related professional liability claims by implementing these basic steps.