2019 AHIA Houston Regional Seminar


AHIA Regional Seminar 
Houston, TX
October 28, 2019

Houston Methodist
Walter Tower Columbia Room
6565 Fannin St., Houston, TX 77030


Sponsored by:

Limited amount of seats will be available. Group discounts will be available to companies that purchase multiple registrations.
The AHIA Regional Seminars provide a forum for Healthcare internal auditors to network and interact with their peers, to share internal audit best practices, and to strengthen the profession of Healthcare internal auditing.

Who Should Attend:
Internal Auditors, Senior Internal Auditors, IT Auditors, Audit Supervisors, Internal Audit Managers, Internal Audit Directors, Chief Audit Executives, and Compliance Professionals.
Education Objectives:
These sessions are designed to be highly interactive to promote attendee participation and sharing of internal audit best practices. Attendees will learn about current healthcare internal audit topics, audit approaches and techniques and best practices. 
CPE: 8 credits

Registration Details:
AHIA Members
                Full Day Registration
                                First Registrant: $150
                                Additional Registrant from Same Organization: $125
                Half Day Registration
                                Morning Registration: $85
                                Afternoon Registration: $85
Non-AHIA Member
                Full Day Registration
                                First Registrant: $195
                                Additional Registrant from Same Organization: $170
                Half Day Registration
                                Morning Registration: $110
                                Afternoon Registration: $110


Program Schedule

7:00 AM - 8:00 AM             Registration/Breakfast
8:05 AM - 8:55 AM             Internal Auditing in the Cloud
Mark Stacey, FCA, CIA, CISO, IT Audit Manager, University of Texas Medical Branch (UTMB Health); Richard Ochoa, CISO, IT Auditor, University of Texas Medical Branch (UTMB Health)

Cloud Services can be leveraged to increase operational capabilities through cost-effective, scalable and resilient IT services via scalable, on demand service provisioning.  Such services also introduce new risks as part of the IT infrastructure and data reside external to the institution.  Related risks include: expanding and uncontrolled operational costs, the use of unapproved IT services or insufficient due diligence, uncontrolled transfer of sensitive data to potentially undesirable locations, increased exposure to external vulnerabilities and denial of service, unassured reliance on third parties information security within shared infrastructures, unplanned operational reliance on third parties affecting business continuity, and an inability to collect forensic evidence as required.   An increased reliance on cloud services requires adaptation of institutional approaches to Information Security, IT Governance, and IT Service development and provisioning. The Cloud Security Alliance Cloud Controls Matrix (CCM) Is a model control framework specifically designed to guide establishment and review of cloud controls.

Field of Study: Auditing      CPE: 1       Level: All

9:00 AM - 9:50 AM            Revenue Analytics
Landon Adkins, CHIAP, CIA, Associate Director, Protiviti; Don Billingsley, CRCR, Director, Protiviti

In today’s environment, providers face a multitude of obstacles in obtaining reimbursement for their services and may not be fully aware of the significant impact denied claims and other internal control breakdowns are having on financial and operational performance. Discussion will include how to perform a targeted Revenue Cycle Assessment, including continuous advanced analytics that can be implemented, to evaluate the effectiveness of an organization’s revenue cycle and to identify root causes for revenue loss. In addition, we will discuss common assessment findings and the types of improvements that can be implemented that often lead to a direct bottom line impact.

Field of Study: Auditing      CPE: 1       Level: All

9:50 AM - 10:10 AM            Break

10:10 AM - 11:00 AM          Prescription Practices and Drug Utilization - A fact-based approach
Fran Grabowski, CISA, MBA, Director, Digital Risk Solutions

The opioid epidemic is a multifaceted, highly complex crisis with staggering economic and social costs. As the undiscriminating death toll rises, the media has increased coverage and regulators are starting to act. Internal auditors are in a unique position to act, as we have access to a wide variety of stakeholders across their provider systems, and increasingly, access to an enormous amount of data. In applying that data, healthcare providers face many strategic and operational considerations. However, by leveraging our mandate to identify and mitigate risk, coupled with your relationships and data access, we have a unique opportunity to join the fight against the opioid epidemic. Analytics can spark fact-based conversations and form the basis for taking future actions in line with an organization’s social and regulatory responsibilities and risk tolerances. Incorporating trends and insights into prescribing practices and the treatment of at-risk patients is a solid base from which to launch an aggressive attack. An analytics initiative also lays a foundation for provider systems to begin using predictive analytics to identify and engage those most at risk early on in treatment. In this session we will explain the various types of Prescription Drug Monitoring Programs being implemented by providers and states. We’ll also discuss organizational and technical challenges and opportunities faced by organizations when implementing Prescription Drug Monitoring Programs. We will then share some approaches for addressing these challenges, as well as facilitate a discussion among participants in the room around how their organizations are addressing the issue.

Field of Study: Auditing      CPE: 1       Level: All

11:05 AM - 11:55 AM           The Bots are Coming... Man Your Risk Battle Stations
Terry Corcoran, CRMA, CISA, Senior Manager, Deloitte & Touche LLP

A deluge of digital disrupters—from robotic process automation (RPA) to cognitive technologies—are transforming the way we work and how business gets done. As life science and healthcare organizations begin to leverage advanced technologies to drive digital transformation, they are often left wondering what new risks they may be introducing. Leaders need a structure in place that allows them to rapidly transform with the confidence that risks have been identified and mitigated. The right governance, processes, and controls can allow for aggressive transformation without the worry. As healthcare organizations are riding the digital transformation wave, they are beginning to ask questions: How to manage the risks and embrace digital transformation? What are cascading consequences of ignoring risks from digital transformation? What governance and controls are needed to manage risks from digital transformation? How to manage and mitigate risk without losing speed or value of digital technologies? Is your organization ready to embrace the new risks that accompany digital transformation?

Field of Study: Auditing      CPE: 1       Level: All

12:00 PM - 1:30 PM               Lunch and Learn: Business Objectives, Data, and Controls in the Electronic Health Record
David Hullum, CIA, BBA, Risk Assurance Director, Digital Risk Solutions, PwC

Your organization is using the latest and greatest Electronic Health Record (EHR) software. These applications are integrated into every facet of care delivery, interfaced with multiple ancillary applications, and connected to ERP and Decision Support Systems.  How is your organization managing and leveraging the huge amounts of data the integrated electronic enterprise generates on a daily basis? How are you, Internal Audit, taking advantage of this information to inform your customers on controls?

Field of Study: Specialized Knowledge      CPE: 1       Level: All

1:30 pm - 2:20 PM               Audit Reports that Command Attention and Get Results
Liz Meyers, CPA, CFE, MBA, Focus on Risk Enterprises, LLC

Writing an audit report that gets results is not as difficult as one might think. In this presentation, we will focus on what matters most in a report that gets executives to take action.

Field of Study: Auditing      CPE: 1       Level: All

2:20 PM - 3:00 PM               Break

3:00 PM - 3:50 PM               Addressing Priorities for Internal Auditors in Healthcare Delivery Organizations
Richard Williams, MBA, PMP, CHIAP, Managing Director, Global Healthcare Practice Leader, Protiviti; Matt Jackson, PMP, CHIAP, Managing Director, Healthcare IT & Digital Solutions Leader, Protiviti

Protiviti conducts an annual survey to garner targeted insights regarding internal audit priorities or challenges faced by internal auditors. The annual survey of CAEs and audit practitioners assesses current priorities, as well as knowledge and skill gaps, in the internal audit profession. In this session, we’ll discuss the results of this survey along with hot topics and emerging risk areas that the healthcare industry is facing today. An emphasis will be placed on highlighting top audit plan priority areas that span multiple domains of risk, including finance, reimbursement, privacy, information security, etc. We will also share our perspective on the key aspects of next-generation internal auditing and how healthcare internal auditors can leverage the power of RPA, continuous monitoring, etc. to add value to their organizations.

Field of Study: Auditing      CPE: 1       Level: All

3:55 PM - 4:45 PM                 Cracking the Code: Auditing Biomedical Devices
Tom Tharp, CIA, CISA, Director, Internal Audit, Baylor Scott and White Health

During this session you will understand the key risks associated with biomedical devices, key controls associated with biomedical devices, how to substantively audit for any control gaps in the current processes, and common audit issues.

Field of Study: Auditing      CPE: 1       Level: All