1

INTRODUCTION

A hospital is an institution for health care providing treatment by specialized staff and equipments. Modern-day hospitals are largely staffed by professional physicians, surgeons and nurses.

Hospitals are set up to deal with many kinds of disease and injury, and typically has an emergency ward to deal with immediate threats to health and the capacity to dispatch emergency medical services. A hospital is typically the major health care facility in its region, with large numbers of beds for intensive care and long-term care; and specialized facilities for various surgeries.

Some hospitals are affiliated with universities for medical research and the training of medical personnel and on the other hand Clinics generally provide only outpatient services.

A hospital may be a single building or a campus which includes various wards classified as:

(a) A standard ward;

(b) A semi-private ward; or

(c) A private ward;

As the case may be, and in accordance with the accommodation provided by the hospital and the requirements in respect thereof set out in the regulations. The rated bed capacity of any hospital established for wards of each of the classes should be appropriately examined and approved by the cost and financial management department.

2

Laws Applicable to Audit of Hospitals:

Laws play a very vital role for smooth and disciplinary functions followed by an enterprise. Also from an audit point of view proper application of Laws in a business/ professional environment sets a clean impression about client’s work which brings consistency in the management as well. Besides, it’s very important to keep a track of new amendments for not getting into any discrepancy henceforth. However, further defaults (if any) would lead to harsh consequences.

Operational standards for hospitals are to hold a subsisting license as per law enacted for License Registration.

Hospital rules and regulations.

The operator of a hospital shall enact and put into force suitable general hospital by-laws and medical staff by-laws for example:

Indian Medicine Council Act 1956,

Consumer Protection Act,

Labour laws,

Drugs and Magic Remedies Act 1953,

3

License fees Act,

Act in relation to Waste Management

Supreme Court Judges (Salaries and Condition of services) Act 1958 etc

Regulations and rules shall comply with any model by-laws, regulations and rules, and directions or guidelines, provided or approved as per prescribed amendments.

The above Laws are enacted for:

(a) Prescribing the method and terms of admission to the hospital;

(b) Setting out the duties and authority of the officers and employees engaged in the operation or administration of the hospital;

(c) Prescribing the scales of salaries and wages payable to persons to whom clause (b) refers; and

Where the operator of a hospital is a corporation, the by-laws, regulations, or rules shall be made by by-law of the board of directors or other such managing board or committee thereof.

Special Steps Involved in the Audit of a Hospital:

(1) Vouch the Register of patients with copies of bills issued to them. Verify bills for a selected period with the patients’ attendance record to see that the bills have been correctly prepared. Also see that bills have been

4

issued to all patients from whom an amount was recoverable according to the rules of the hospital.

(2) Check cash collections as entered in the Cash Book with the receipts, counterfoils and other evidence for example, copies of patients bills, counterfoils of dividend and other interest warrants, copies of rent bills, etc.

(3) See by reference to the property and Investment Register that all income that should have been received by way of rent on properties, dividends, and interest on securities settled on the hospital has been collected.

(4) Ascertain that legacies and donations received for a specific purpose have been applied in the manner agreed upon.

(5) Trace all collections of subscription and donations from the Cash Book to the respective registers. Reconcile the total subscription due (as shown by the Subscription Register and the amount collected and that still outstanding).

(6) Vouch all purchases and expenses and verify that the capital expenditure was incurred only with the prior sanction of the Trustees of the Managing Committee and that appointments and increments to staff have been duly authorised.

(7) Verify that grants, if any, received from the government or local authority have been duly accounted

5

for. Also, that refund in respect of taxes deducted at source has been claimed.

(8) Compare the totals of various items of expenditure and income with the amount budgeted for them and report to the Trustees or the Managing Committee significant variations which have taken place.

(9) Examine the internal check as regards the receipt and issue of stores: medicines, linen, apparatus, clothing, instruments, etc. so as to insure that purchases have been properly recorded in the Stock Register and that issues have been made only against proper authorisation.

(10) See that depreciation has been written off against all the assets at the appropriate rates.

INTERNAL CONTROL

6

Internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal control procedures reduce process variation, leading to more predictable outcomes.

AAS-6 issued by the ICAI deals with the study and evaluation of Internal Control in connection with an Audit. It defines Internal Control as “All the policies and procedures adopted by the management of a concern to ensure the orderly and efficient conduct of its business”.

The internal auditors and external auditors of the organization also measure the effectiveness of internal control through their efforts. They assess whether the controls are properly designed, implemented and working

7

effectively, and make recommendations on how to improve internal control. They may also review Information technology controls, which relate to the IT systems of the organization.

The system of internal control is the plan of the organisation and all the methods and procedures adopted by the management of an enterprise to accomplish the following objectives:

a)Execution of transactions in accordance with management’s general or specific authorisation;

b)prompt and correct recording of all transactions so as to enable preparation of financial information as per recognised accounting policies and practices and relevant legal requirements, if any, and to maintain accountability of assets;

c) safeguarding of assets from unauthorised access, use or disposition;

d)comparison of recorded assets with the existing assets at reasonable intervals so as to enable appropriate action in the case of any difference.

The effectiveness of internal control procedures depends on the environment in which the internal control system operates. But a strong environment with effective budgetary and internal audit system may not necessarily ensure an effective internal control system. The internal

8

control environment may be affected by the following factors

a)Organisation structure, i.e., delegation of authority and assignment of functions so as to facilitate the working of the internal control system.

b)Management supervision, i.e., a regular review of the adequacy of the internal control system with a view to ensuring effective operation of all significant controls. Internal audit system can also take care of such review.

c) Personnel, i.e., competence and integrity of the persons who are responsible for establishment and operation of the internal control system.

Important Points to be Considered by an Auditor with regard to Internal Control:

The auditor should review the accounting system and the related internal controls to understand the flow of transactions and the specific control procedures to identify the controls which could be relied upon during the audit, keeping in view the size of the enterprise and the extent of controls. The review will be mainly by way of enquiries addressed to personnel at various levels in

9

the enterprise, together with reference to documentation, e.g., procedure manuals, flow charts, job descriptions, etc. In a continuing engagement, knowledge about the control procedures should be regularly updated.

A certain number of representative transactions should be traced through the accounting system so as to understand the system and the related internal controls. Information relating to the internal controls may be recorded by way of narrative descriptions, questionnaires and flow charts, as the auditor deems appropriate.

Preliminary review should be based on the assumption that the controls operate generally as described, and they function effectively throughout the period of intended reliance. The purpose of the review is only to identify the specific controls which can continue to be relied upon. The auditor may decide not to rely on any particular controls because of their defective design or because the effort required to test whether they are being complied with, will not be commensurate with the reduction in effort to be achieved by placing reliance on them.

10

Internal Control in a Hospital:

The two panels on the left represent the hospital administration. The right-hand panel represents the medical staff. For clarity, only a few of the many departmental entries have been labeled in each panel.

Although the administration's exact departmental grouping varies considerably with the size and type of hospital, it basically consists of patient care services (e.g., pharmacy), depicted in the middle panel, and support services (e.g., accounting), depicted in the left-

11

hand panel. As indicated in the right-hand panel, the medical staff is usually divided into clinical services according to the specialty branches of its member physicians (e.g. cardiology).

INTERNAL CHECK / AUDIT

Internal auditing is a profession and activity involved in advising organizations regarding how to better achieve their objectives. Internal auditing involves the utilization of a systematic methodology for analyzing business processes or organizational problems and recommending solutions. Professionals called internal auditors are employed by organizations to perform the internal auditing activity. The scope of internal auditing within an organization is broad and may involve internal control topics such as the efficacy of operations, the reliability of financial reporting, deterring and investigating fraud, safeguarding assets, and compliance with laws and regulations. Internal auditing frequently involves measuring compliance with the entity's policies and procedures.

A hospital's internal audits increasingly should focus on the clinical aspects of cost and payment. This scrutiny can provide a better look at the efficiency of clinical operations control and bottom line effect.

Four steps are involved in planning an operations audit:

First, background information (including regulations and standards concerning pacemakers) should be obtained. Flow charts and questionnaires can help explain various administrative stages for acquisition handling and charging.

12

Second, a set of preliminary objectives should define the scope of an audit. An audit should review the financial and operational issues involved in purchasing concepts, control pricing, charging, and credit return. A hospital audit should include justification for extended stays, surgical management care, and protocol.

Third, an auditor should be familiar with an institution's goals, objectives, organization, staffing, information systems, performance standards, and written procedures. A walk-through with the manager of each review area is a good idea.

The final step is to devise a step-by-step audit program.

Performing an Audit,

For an analysis of charges and payments, a personal computer can be used to establish databases from the following source documents:

Accounts payable files by manufacturer; Medical records and billing files by patient; and

Operational and surgical logs for implanting and explanting.

The analysis should include sufficient data to draw reasonable conclusions.

A hospital's medicine charges, found in its billing files, can be compared to its medicine purchases, listed by

13

manufacturer or serial number. Bills should be separated into charges versus payments received and recorded as either profit or loss per patient.

Bill review computation or electronic method of transmitting pacemaker data to third-party payers for accuracy and timeliness of payments also should be analyzed.

The next step involves determining whether surgical implant charges are based on time, procedure, or both. Charges should be consistent from patient to patient.

Price changes should be verified, and unadjusted profit margin on price changes should be identified.

The unit price the hospital is paying should be examined against the manufacturer's list price, with particular attention given to discounts and bidding agreements.

To avoid MediClaim fraud and abuse issues, manufacturers can be asked whether physicians are receiving any form of commission or rebate for using a particular brand of medicine. While a manufacturer is unlikely to reveal a commission arrangement, inquiring about it can help clear a hospital of liability in the event of fraud or abuse charges.

FINANCIAL AUDIT

A financial audit, or more accurately, an audit of financial statements, is the examination by an independent third

14

party of the financial statements of a company or any other legal entity (including governments), resulting in the publication of an independent opinion on whether or not those financial statements are relevant, accurate, complete, and fairly presented.

Financial audits are typically performed by firms of practising accountants due to the specialist financial reporting knowledge they require. The financial audit is one of many assurance or attestation functions provided by accounting and auditing firms, whereby the firm provides an independent opinion on published information.

Many organisations separately employ or hire internal auditors, who do not attest to financial reports but focus mainly on the internal controls of the organization. External auditors may choose to place limited reliance on the work of internal auditors.

Financial audits exist to add credibility to the implied assertion by an organization's management that its financial statements fairly represent the organization's position and performance to the firm's stakeholders (interested parties). The principal stakeholders of a company are typically its shareholders, but other parties such as tax authorities, banks, regulators, suppliers, customers and employees may also have an interest in ensuring that the financial statements are accurate.

The audit is designed to reduce the possibility of a material misstatement. A misstatement is defined as false or missing information, whether caused by fraud (including deliberate misstatement) or error. Material is

15

very broadly defined as being large enough or important enough to cause stakeholders to alter their decisions.

The exact 'audit opinion' will vary between countries, firms and audited organisations.

Stages of a Financial Audit:

A financial audit is performed before the release of the financial statements (typically on an annual basis), and will overlap the 'year-end' (the date which the financial statements relate to).

The following are the stages of a typical financial audit:

Planning and risk assessment

Timing: before year-end

Purpose:

to understand the business of the company and the environment in which it operates.

to determine the major audit risks (i.e. the chance that the auditor will issue the wrong opinion). For example, if sales representatives stand to gain bonuses based on their sales, and they account for the sales they generate, they have both the incentive and the ability to overstate their sales figures, thus leading to overstated revenue. In response, the auditor would typically plan to increase the rigour of their procedures for checking the sales figures.

Internal controls testing

16

Timing: before and/or after year-end

Purpose:

to assess the internal control procedures (e.g. by checking computer security, account reconciliations, segregation of duties). If internal controls are assessed as strong, this will reduce (but not entirely eliminate) the amount of 'substantive' work the auditor needs to do (see below).

Substantive procedures

Timing: after year-end (see note regarding hard/fast close below)

Purpose:

to collect audit evidence that the management assertions (actual figures and disclosures) made in the Financial Statements are reliable and in accordance with required standards and legislation.

Methods:

where internal controls are strong, auditors typically rely more on Substantive Analytical Procedures (the comparison of sets of financial information, and financial with non-financial information, to see if the numbers 'make sense' and that unexpected movements can be explained)

17

where internal controls are weak, auditors typically rely more on Substantive Tests of Detail (selecting a sample of items from the major account balances, and finding hard evidence (e.g. invoices, bank statements) for those items)

Finalization

Timing: at the end of the audit

Purpose:

to compile a report to management regarding any important matters that came to the auditor's attention during performance of the audit,

to evaluate and review the audit evidence obtained, ensuring sufficient appropriate evidence was obtained for every material assertion and

to consider the type of audit opinion that should be reported based on the audit evidence obtained.

NON FINANCIAL AUDIT

Cost Audit:

Cost audit is defined as the verification of correctness of cost records and check in the adherence to the cost accounting plan. It is the audit of cost records. It is an audit process for verification of the cost of manufacture to utilization of material, labour and other items of cost maintained by the company with the accepted principles

18

of cost accounting. Thus, cost audit is an audit of efficiency. It is mainly a preventive measure, a guide for management policy and decision, in addition to being a barometer of performance of a company.

Management Audit:

Management Audit is “The comprehensive examination of an enterprise to appraise its organizational structure, policies and procedures in order to determine whether sound management exists at all levels, ensure effective relationship with the outside world and internal efficiency”. Management Audit is concerned with review of the past performance to ascertain whether it is in tune with the objective, policies and procedures. It is a method used to evaluate the efficiency of management at all levels through the organization. Therefore, it is also called an efficiency audit. It comprises the investigation of a business by an independent body from the highest executive levels downwards in order to ascertain whether sounds management prevails throughout and to report as to its efficiency.

Environment Audit:

Environment Audit is concerned with the verification of performance of environment management systems to control pollution and their efficiency to conserve the environment. Conservation of environment extends not only to control pollution of air and water, but also control

19

of noise level, prevention of denudation of forests and maintenance of ecological balance.

Proprietary Audit:

Proprietary means that which meets the test of public interest, commonly accepted customs and standard of contract and particularly as applied to professional performance, requirement of Government regulations and professional codes. Proprietary audit would therefore mean whether the transactions have been done in conformity with established rules, principles, some established standards, statutory regulations which meets the tests of public interest.

Social Audit:

Social Audit is a technique for monitoring, appraising and measuring the social contribution of business. It is a new concept. It is a technique of finding out how the social responsibilities are being discharged by a business unit. It evaluates the performance of an enterprise in relation to environment, consumer protection and community services.