Sample Examination Questions

  1. 1.) Which of the following departments would be considered an ancillary service at an acute care hospital?

    a. Sleep Lab Services
    b. Telehealth
    c. Nutritional Counseling
    d. Medical staff services

    2.) An auditor is testing Emergency Room wait times. Wait times have increased from 1-2 hours to 10 hours over the last year. Which of the following is most likely a reason for increased wait times?

    a. The hospital has had trouble in recruiting speech therapists.
    b. The Pharmacy is behind in mixing Total Parenteral Nutritional (TPN) orders
    c. Late meal delivery from Food Services
    d. Shortage of triage nurses

    3.) An auditor works for a large not-for-profit hospital, struggling to raise capital. In order to gain access to more capital funds, which of the following would be a reasonable solution:

    a. Issuing common or preferred stock
    b. Seek private investors
    c. Negotiating a joint venture with another affiliated partner
    d. Building a hotel as another revenue source

    4.) A hospital is sponsoring a dance marathon which results in significant cash donations. The dancers and the event are staffed with volunteers. Which would be a significant risk regarding those donations?

    a. The hospital is not fully compliant with Payment Card Industry (PCI) standards.
    b. The bank makes an error due to the volume of small donations.
    c. Cash donations might be skimmed from the till.
    d. Dancing participants become workers compensation risks.

    5.) The auditor works for a hospital and is conducting an audit to review the controls in the Supply Chain function. Which would be considered a significant segregation of duties conflict in the Materials Management/Supply Chain process?

    a. Large dollar requisitions are only approved 50% of the time
    b. The Radiology Department only has one clerical employee who can order and receive supplies.
    c. The clerk who posts cash payments also takes the deposit to the bank.
    d. Buyers cannot receive on their purchases orders but have receiving functionality.

    6.) An auditor is testing for proper recording of expenses at fiscal year-end. The auditor is reviewing payroll, medical supplies, and drug costs. Which of the following scenarios could result in the understatement of drug costs:

    a. Three employees have been quarantined for two weeks and did not turn in timesheets.
    b. Accounts Payable did not pay a large invoice timely.
    c. Pharmacy personnel did not enter the receipt for the last delivery of the month.
    d. A large credit received in the month was not applied until the following month.

    7.) An auditor is completing a dashboard review. Which of the following would help the auditor evaluate the patient access function?

    a. Daily patient census
    b. Financial profitability
    c. Denials based on patient demographics
    d. Month to date ER visits

    8.) In a large healthcare system, which function is typically part of Payroll?

    a. Addressing documentation regarding workers compensation for remote employee’s states
    b. Supporting the back end of the payroll application
    c. Recovering incentive payments for employees who terminated before fulfilling their obligations
    d. Processing voluntary deductions and garnishments

  2. 9.) Which of the following is typically referenced in a Business Continuity Plan?

    a. Joint Commission Study
    b. Community Health Needs Assessment
    c. Diversity and Inclusion Goals
    d. Hazard and Vulnerability Assessment

    10.) Which of these emerging revenue cycle system challenges most impacts a health system’s profitability?

    a. New consumer debt rules
    b. Price transparency
    c. Back-end revenue cycle management
    d. High patient financial responsibility

    11.) Medicare Part D is what type of insurance?

    a. A Medicare Advantage program managed by private insurers
    b. Hospital coverage available to all Medicare Beneficiaries
    c. Prescription drug coverage available to all Medicare Beneficiaries
    d. Physician coverage requiring monthly premiums

    12.) The patient was seen by a specialist and the nurse was asked to provide information such as name, date of birth, medical history specially blood test results to their primary care physician. What must the nurse verify before sending a fax to the primary care physician?

    a. Physician Name and Office Location
    b. Physician National Provider Identifier (NPI)
    c. Provider Tax Identification Number (TIN) and Phone
    d. Physician Medicare Number and Date of Birth

    13.) An auditor has been assigned to conduct an IT security review. Which of the following would the auditor expect to find in the organization’s IT security policy?

    a. Vision statement
    b. Industry Regulations
    c. Data Analytics
    d. IT Support Staff

    14.) Which of the following statements is correct regarding information technology (IT) governance?

    a. A primary goal of IT governance is to align with organizational objectives
    b. IT governance is an appropriate issue for organizations at the level of the board of directors only
    c. IT goals should be independent of strategic goals
    d. IT governance requires that the Control Objectives for Information and related Technology (COBIT) framework be adopted and implemented

    15.) Which of the following is the responsibility of an information technology (IT) steering committee?

    a. An IT steering committee plan shows how a project will be completed, including the modules or tasks to be performed and who will perform them, the dates they should be completed, and projects costs
    b. An IT steering committee must develop clear specifications. Before third parties bid on a project, clear specifications must be developed, including exact descriptions and definitions of the system, explicit deadlines, and precise acceptance criteria
    c. An IT steering committee must assess the operations of IT using system performance measurements. Common measurement include throughput (output per unit of time), utilization (percentage of time the system is being productively used), and response time (how long it takes the system to respond)
    d. An IT Steering committee is a committee of senior executives to direct, review, and approve IT strategic plans, oversee major initiatives, and allocate resources.

    16.) The Enterprise Risk Management (ERM) – Integrated Framework of the Committee of Sponsoring Organizations (COSO) is best defined as:

    a. A process which replaces the COSO internal control framework.
    b. The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
    c. A process which applies a control-based approach to an organization.
    d. A serial process in which one component affects only the next component.

    17.) An auditor is performing a walkthrough of a patient first facility. Which of the following is a preventive supervisory and monitoring control?

    a. Conducting performance reviews
    b. Requiring mandatory vacations
    c. Performing audits
    d. Providing hiring guidelines

    18.) A whistleblower reported via a government hotline that two nurses at your hospital were diverting oxycodone for personal use. An internal review showed controls were not operating effectively. What governmental agency is most likely to do an investigation and assess fines?

    a. Center for Medicare and Medicaid Services (CMS)
    b. Drug Enforcement Agency (DEA)
    c. Office of Civil Rights (OCR)
    d. The Joint Commission (TJC)

    19.) Your hospital just had the closing conference of its Joint Commission inspection with no significant deficiencies. As a result, which of the following would be a likely scenario? The Joint Commission will:

    a. Schedule its next inspection in four years at the closing conference.
    b. Receive a one-year moratorium on tracking data values for Joint Commission Measures.
    c. Since there were no deficiencies receive the certification at the closing conference.
    d. State regulators will accept the Joint Commission’s certification and not do an inspection of their own.

    20.) A healthcare organization is required to perform a Community Health Needs Assessment (CHNA) by which of the following:

    a. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    b. CMS Conditions of Payment
    c. Section 501(r)(3) of the IRS Code
    d. Stark and Anti-Kickback rules

    21.) Qai tam lawsuits are typically filed under:

    a. Physician Payment Sunshine Act
    b. Stark and Anti-Kickback rules
    c. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    d. The False Claims Act

    22.) An auditor is performing an audit of the hospital’s freestanding Emergency Rooms (FSER). Which of the following would be most concerning to the auditor?

    a. Different prices are charged for Level IV ER visits between the FSER and the hospital.
    b. The FSER is not within 10 miles from the hospital.
    c. A Medicare patient transferred from the FSER to the hospital was billed for the FSER copayment and inpatient deductible.
    d. A commercial patient gets two separate bills for the physician and FSER charges.

    23.) An auditor is testing the reimbursement of a Hospital’s Medicare Advantage (MA) Program. Which of the following would be most useful in determining if the hospital is being reimbursed properly?

    a. The hospital’s most recent cost report.
    b. The latest CMS regulations in the Federal Register.
    c. Current Medicare Physician Fee Schedule Final Rule.
    d. The commercial third party’s Medicare Advantage contract.

    24.) An auditor is performing an audit of an ambulatory surgical center (ASC). Which of the following would warrant additional follow-up by the auditor?

    a. Anesthesia services are billed separately from the “packaged” service.
    b. Pacemaker insertion is covered as part of the ASC charge.
    c. The ASC uses a combination of physician and hospital billing, employing CPT and HCPCS codes.
    d. Medicare ASC billing is done electronically using the UB92 bill format.

    25.) Which of the following would a hospital’s Patient and Financial Services track as a key performance indicator (KPI) that the department’s coding is performed timely?

    a. Monthly administrative write-offs.
    b. Discharged but not final billed charges.
    c. Patient refunds are paid within 30 days.
    d. Quarterly quality coding audits by an independent third party.

    26.) An auditor is testing revenue charge capture as it relates to hospital reimbursement. In which of the following reimbursement type contracts is revenue charge capture most critical to reimbursement?

    a. Value-based reimbursement
    b. Bundled payments
    c. Shared savings
    d. Discount from billed discharges

    27.) Which of the following healthcare related governmental entities does the Centers for Medicare and Medicaid Services (CMS) have jurisdiction over?

    a. The Affordable Care Act
    b. Drug Enforcement Agency
    c. National Institute of Health
    d. The Federal Drug Administration

    28.) An auditor is reviewing the hospital’s physicians’ payments received from equipment and drug manufactures under the Physician Payments Sunshine Act (PPSA) on the Centers for Medicare and Medicaid Services (CMS) website. Which scenario is the most concerning?

    a. Physicians receiving payments under the False Claims Act.
    b. CMS Conditions of Payment are met.
    c. Physicians not performing at least 10% of services for patients receiving services under the Affordable Care Act.
    d. A physician received a $500 honorarium from a manufacturer for speaking at a medical conference.

    29.) A patient learns that their healthcare provider shared their protected health information with their family member when they had not given consent for their information to be shared. Which agency should the patient contact with their complaint?

    a. Centers for Medicare and Medicaid Services (CMS)
    b. Department of Health and Human Services’ Office for Civil Rights (OCR)
    c. Food and Drug Administration (FDA)
    d. The Joint Commission

    30.) A potential new hire has a name that appears to be on the Office of Inspector General’s (OIG) Exclusion list. What should the hiring organization do before moving forward with onboarding?

    a. Run a criminal background check
    b. Immediately rescind the job offer
    c. Contact the organization’s legal department
    d. Verify exclusion status using Social Security number

    31.) The auditor for a Medicare Advantage-Prescription Drug Plan is conducting a Program Integrity audit. Which of the situations below would the Centers for Medicare and Medicaid Services (CMS) consider as potential fraud indicator?

    a. The provider submitted unbundled codes when billing for a procedure.
    b. The provider ordered unnecessary lab tests for beneficiary bloodwork.
    c. The provider billed the plan for an appointment that the beneficiary did not keep.
    d. The provider sent beneficiary information to the plan via an unsecured email.

    32.) Mary is a non-exempt hospital employee. She goes to the breakroom to take her 30-minute lunch break and she does not have to clock out since her company’s timekeeping system utilizes an auto-deduct feature. While on break, her supervisor stops in and asks questions about a patient for over 10 minutes. How should Mary’s timecard reflect this lunchbreak?

    a. 10 minutes as time worked and 20 minutes as time off.
    b. 30 minutes as time worked, since she was interrupted during her break.
    c. 30 minutes as time off, since the company utilizes auto-deduct.
    d. 30 minutes as time off, since Mary was in the lunchroom for the full 30 minutes and did not have to return to her station.

    33.) An auditor wants to validate the propriety of travel expenses for an employee and is reviewing a department’s P-card transactions. While examining the receipts, the auditor identifies entertainment expenses for several out-of-town dinners. The attendees, business purpose and business relationship are documented, and the expense was approved by the employee’s manager. What is the next best step for this auditor?

    a. Conclude the expense is inappropriate since there is no way to validate that the attendees were at the dinner as listed on the receipt.
    b. Conclude the expense was appropriate and properly documented, since the receipts were complete, and expenses were approved.
    c. Review other transactions for this P-card to determine if there are red flags with any other transactions before concluding.
    d. Review the employee’s travel expense reports to see if these dinner expenses were submitted for reimbursement.

    34.) An auditor is performing a review of controlled substances and has documented the process flow and reviewed drug record documentation. Which of the following would the auditor deem as a potential issue?

    a. Documentation of the sole individual who wasted the drug is present on the drug record.
    b. Controlled substance waste is returned to the pharmacy from patient care areas.
    c. A reverse distributor is used for returns and recalls.
    d. Orders received are documented with a date and signed by both witnesses, but only one of the receivers is a licensed pharmacist.

    35.) An auditor has been asked to inventory risk management efforts made by their organization. Which of the following efforts undertaken by the organization would be included on the list?

    a. A strategic planning session by leadership to identify future growth opportunities.
    b. The hiring of external auditors to ensure financial statements are presented in accordance with GAAP.
    c. The hiring of a new Chief Operating Officer who is experienced in healthcare.
    d. The implementation of a robust cybersecurity system to protect PHI.

    36.) A CAE has been asked for their Internal Audit group to be involved in the entity’s Enterprise Risk Management (ERM) program. How should they respond?

    a. The Internal Audit function should not be involved, since this impairs independence of the audit function.
    b. Internal Audit should not be involved, since their detailed knowledge of the entity may unfairly impact risk rankings and results.
    c. Internal Audit should be involved, since day-to-day risk management and risk mitigation is their responsibility.
    d. Internal Audit should be involved, since they are in a position to support ERM efforts and may gain important information for their audit plan.

    37.) A healthcare organization wants to strengthen its culture of safety. What is one of the most effective ways for this organization to measure and evaluate its culture and commitment to patient safety?

    a. Conduct surveys
    b. Review placement in national rankings of hospitals
    c. Review volumes of letters and emails received from patients
    d. Assess employee retention

    38.) The Internal Auditor is conducting fieldwork for a Locum Tenens Audit. During an interview with key leaders, management informs the Internal Auditor that they do not have Locum Tenens and that all physicians are credentialed through the credentialing process. What should the Internal Auditor do next?

    a. Obtain and review the Locum Tenens policy
    b. Obtain and review the Credentialing policies and procedures
    c. Obtain a data pull of billed claims that contain the Locum Tenens modifier
    d. Verify the physicians are credentialed on claims with the Locum Tenens modifier

    39.) The Internal Auditor identified issues during a Physician Contract Compliance Audit. The auditor is ranking the risk level for each of the findings. Which issue has the highest risk level?

    a. An agreement was not in place for a surgeon providing specialty call coverage.
    b. The President of Medical Staff services has not been paid for the previous calendar year.
    c. One physician had two separate contracts and received compensation for 13.5 hours of work in one day.
    d. Contracted physicians for OB-GYN calculated their service hourly instead of the contracted daily rate.

    40.) During fieldwork, the Internal Auditor is conducting a walkthrough at a medical office building to identify areas of risk. Which of the following indicates the highest regulatory risk?

    a. The medical office building is named for a major donor.
    b. One of the medical office suites has signage outside their door with the full hospital name, indicating the suite is a department of the hospital.
    c. Monitoring by security personnel of physical access to doors is only handled on an “as needed” or requested basis.
    d. A standardized electronic security access control program has not been implemented.

    41.) Mary has been a patient of Dr. Smith for years but noticed that her out-of-pocket cost increased 150%. Who should Mary contact to obtain the rationale for the increase?

    a. Employer
    b. Health Plan
    c. Referring Clinician
    d. Healthcare Financial Management Association

    42.) After a patient has completed their visit, what revenue cycle phase includes accurately documenting medical services and communicating them to the billing office to increase recovered revenue, secure revenue integrity, and compliment the revenue cycle?

    a. Charge Capture
    b. Credentialing providers and enrolling them in payer networks
    c. Coordination of Care
    d.Third-Party follow-up

    43.) An auditor needs to obtain information on their organization’s processes for requesting participation in a payor network, completing credentialing requirements, submitting documents to the payer, and signing a contract. Which revenue cycle area should they contact?

    a. Denials Management
    b. Managed Care
    c. Payer Enrollment
    d. Charge Capture

    44.) A member of the hospital’s Account Receivable team is responsible for analyzing the payment received from the insurance payor to determine if there was an error causing the payment to be delayed. What is the process called if an error is reported and the claim gets directed to the clearinghouse for charge review and follow-up so the claim can be sent back to the payor for correction?

    a. Medical Coding
    b. Claim/Remittance Processing
    c. Insurance Follow-up
    d. Patient Collections

    45.) Revenue cycle key performance indicators (KPIs) provide the foundation for standardization and benchmarking. The Initial denial rate as a percentage of claim volume is a trending indicator of the total population of initial denials at the claim level. What are the components for Initial denial rate as a percentage of claim dollars formula?

    a. Initial denials overturned and paid (gross charges for overturned and paid claims) divided by total initial denial dollars paid and adjusted (gross charges)
    b. Total inpatient denials overturned, paid, and converted to observation status divided by total inpatient denials overturned paid and adjusted
    c. Total initial denial claims gross charges divided by total claims submitted gross charges.
    d. Total initial denial claims divided by total claims submitted.

    46.) An Internal Auditor is reviewing the controls related to goods and devices in the acute care hospital operating room. Which finding should be classified as a high risk due to regulatory compliance?

    a. Vendors did not always provide the same quality goods to the hospital.
    b. Controls related to vendor contracts need improvement to address the scenario where the contract expires and is still being negotiated.
    c. Controls are not in place to identify overcharges from vendors, including investigating spikes in the price paid.
    d. The returned medical device process is not functioning effectively and requires enhancement.

    47.) An auditor is conducting a charge capture audit in an Orthopedic clinic. In order for the auditor to determine if there are any patients with missing charges, the auditor must review which of the following:

    a. The encounter forms and medical record
    b. The proof of payment and cash receipts
    c. The report of arrived patients and encounter forms (charges)
    d. The schedule and encounter forms (charges)

    48.) A patient enrolled in a liver research study had a CT scan of the liver. The patient did not have an emergency visit. The charges were billed to a payor and not the research sponsor. What is the best documentation for the auditor to review to determine whether the charges should have been billed to the research sponsor?

    a. The physician order for the CT scan
    b. The research study protocol coverage analysis
    c. The medical record documentation
    d. The billing claim submitted to the payor

    49.) A patient called the scheduling department to schedule a dermatology procedure their physician ordered. What must the clinic do before the day of the appointment to ensure the patient can have the procedure?

    a. Collect the copayment before the scheduled procedure.
    b. Verify the patient has insurance benefits.
    c. Obtain the patient consent.
    d. Obtain authorization from the payor for the procedure.

    50.) An auditor is performing a review of their hospital billing processes. What would the auditor review to determine root causes for delays in billing?

    a. Do a comparison of charge dates and date of service
    b. Review claims with modifiers
    c. Run a report to look for duplicate charges
    d. Look at patients discharged but not final billed report

    51.) What element is critical to code by professional and hospital coders regardless of the visit type?

    a. Procedure code
    b. Patient age
    c. Diagnosis code
    d. Modifier

    52.) Dr. Jones is a cardiologist who performs pacemaker insertions and has requested that the hospital order the medical devices from Cardinal Company. The surgery manager asks the Compliance Officer to review Dr. Jones’ request to ensure a compliant process is set up for which regulatory requirement?

    a. EMTALA
    b. CARES Act
    c. Physician Payment Sunshine Act
    d. HITECH Act

    53.) The hospital emergency department would like Internal Audit to complete an EMTALA audit. What is one important piece of the regulation that the Internal Auditor should look for evidence of?

    a. Information regarding patients’ ability to pay for services was not obtained prior to patients receiving medical screening exams.
    b. The emergency department staff recorded patient wait times.
    c. Patients were not transferred to another facility after they were stabilized.
    d. The Hospital By-Laws include EMTALA processes.

    54.) The Internal Auditor is wrapping up an audit of Virtual Medicine/Telehealth. A meeting to review key findings is scheduled with the Finance Manager. Which key finding would have the most impact on lost revenue?

    a. Coding and billing for Virtual Medicine/Telehealth may not comply with federal requirements.
    b. Changes in federal and state laws and regulations may impact where this service can be used.
    c. Patient end user devices may not be able to access the internet.
    d. Access to Virtual Medicine/Telehealth applications may not align with credentialing and privileging processes.



   Answer Key