Healthcare Internal Audit Solutions

Healthcare Internal Audit Solutions

Healthcare organizations today are faced with a myriad of challenges and many are under-utilizing one of their greatest assets: internal audit. Leading internal audit functions have moved well beyond checking the box on policy compliance and serve as a strategic partner to help ensure their organizations become more innovative and explore new technologies, identify and mitigate emerging risks, develop creative solutions to complex business challenges, and encourage best practices to enhance business functions. Protiviti’s industry-leading healthcare internal audit solutions are flexible with proven methodologies, provide access to a vast array of skills, are value-added and collaborative, incorporate tools/techniques such as robotic process automation (RPA) and advanced analytics, and allow us to be a strategic partner in helping your organization confidently face the future.

The following provides an overview of the many ways Protiviti can partner with you to ensure you have a leading internal audit function implemented for your organization.

  • Flexible and Collaborative Delivery Models
  • Breadth of Expertise
  • Targeted Assistance

“Protiviti has been a trusted and collaborative partner to us for several years and has truly become part of our organization — from a cultural fit to having our best interests at heart in everything they do for us. We can rely on Protiviti and their deep expertise to help us solve problems with meaningful and creative ideas that align with our overall strategic direction.” 
— General Counsel and Chief Administrative Officer

Flexible and Collaborative Delivery Models

Whether a company is trying to determine if co-sourcing or outsourcing is the best solution, Protiviti has deep expertise working with clients all over the world in transforming their internal audit functions into leading practice, based on The Institute of Internal Auditors Standards.

Protiviti can meet all of your internal audit needs under a continuous full-service outsourcing arrangement by managing and executing the internal audit function, bringing our in-depth industry knowledge, proprietary tools, methodologies, training and experience to your organization.

Alternatively, co-sourcing internal audit with Protiviti provides organizations with all of the technical and subject-matter resources they require on-demand, without the need to hire full-time staff. We offer the capabilities to easily and affordably flex the number of resources assigned to an internal audit function, keeping an organization properly staffed during both peak and off-peak periods.

Protiviti can also provide support for an existing internal audit program by providing training, qualified interim internal audit leadership (CAE) and/or supplemental staffing of experienced professionals (as outlined by the Internal Audit Sourcing Model below).

Protiviti believes internal audit can also support other functions, such as compliance, privacy, IT, finance and legal, through the performance of audits and investigations when those functions lack resources or skillsets needed. We emphasize collaboration across the organization and prevention of silos, and encourage enterprise-wide accountability between audit, compliance and legal for achievement of the organization’s goals and objectives.

Internal Audit Sourcing Model

Sound Methodologies

Protiviti is a principal partner of The Institute of Internal Auditors and our internal audit methodologies, policies and procedures (i.e., The Protiviti Way) are independently reviewed annually by an Accredited Internal Quality Assessment Validator.

In addition to The Protiviti Way’s approach to internal auditing, our Healthcare Center of Excellence has developed industry-specific quality assurance steps that are followed for all of our healthcare engagements.

Breadth of Expertise


Protiviti has extensive references and significant experience working with a variety of healthcare providers to address today’s challenges, including large integrated delivery systems, multi-hospital health systems with both domestic and international facilities, community hospitals, rehabilitation hospitals, specialty hospitals, children’s hospitals, post-acute delivery systems (LTAC, SNF, hospice, etc.), and physician groups. Not only do we understand the driving forces of regulatory change in the healthcare industry, but we also have the unique blend of operational, clinical and information technology knowledge needed to understand the implications that you are currently facing and will face in the future.

A key differentiator for Protiviti is our ability to provide our clients with a wide range of deep expertise through the internal audit function by performing audits covering, for example, the areas outlined below.

Revenue Cycle and Supply Chain

Protiviti helps organizations enhance their revenues and margins by improving strategy, processes, and system controls. Our approach is designed to improve net revenue, streamline costs and vendor management, accelerate cash flow, enhance operating performance, and prepare for future acquisitions or joint ventures. Areas of expertise include patient access; utilization review; charge capture; charge description master (CDM); health information management (HIM) and coding; billing and collections; denials; and underpayments, overpayments and patient refunds. We can perform 835 claim analytics and benchmarking using proprietary tools and consolidated data to identify preventable denials and other revenue opportunities related to pricing, payment delays, and potential underpayments by payer, provider and facility. We can also use this data to test the integrity of internal denial and AR reporting.


Protiviti can assist healthcare organizations in maturing their compliance function by performing compliance program effectiveness assessments and compliance risk assessments; training on compliance hot topics; and executing projects on a compliance work plan and specialty audits/investigations, including HIPAA gap evaluations, physician coding audits, conflict of interest assessments, Business Associate Agreement reviews, mock independent review organization (IRO) audits, corporate integrity agreement (CIA) audits, etc.

Information Technology and Security

Protiviti helps healthcare organizations strategically align technology with the business and proactively mitigate security risks. We have deep IT skillsets to support organizations in more specialized areas including cybersecurity, HIPAA compliance, medical device management, effectiveness of EHR utilization and optimization, ERP management, data integrity, third-party/vendor management, business continuity management and disaster recovery, etc. In the area of security, Protiviti provides a range of services, including technical penetration testing and vulnerability scans, incident response, security program assessments, firewall management, and Payment Card Industry (PCI) compliance. Protiviti also helps healthcare organizations manage the risk of disruptive innovation, embrace opportunities presented by new and emerging technologies (e.g., RPA, advanced analytics, Internet of Things, artificial intelligence, telehealth, etc.), enhance customer engagement, digitize products/services, make better-informed decisions, and improve operational performance.


Protiviti is a global leader in helping organizations address Sarbanes-Oxley and internal controls over financial reporting requirements. Our areas of expertise include scoping to determine financial statement risks, documenting relevant process areas, identifying controls to effectively mitigate those risks, evaluating the design and testing the operational effectiveness of controls. Protiviti also provides assistance with the new FASB accounting standards around revenue recognition and lease accounting, data analytics to identify duplicate AP payments and payroll payment variances, forensic services and investigations, and initial public offering (IPO) readiness support.

Targeted Assistance

Risk Assessments

A great way to determine the focus of an internal audit function is to perform a comprehensive annual risk assessment by identifying internal and external risk factors specific to your environment, emerging issues/trends and hot topics, and using Protiviti’s proprietary methodology to develop a risk-based audit plan that is responsive to the needs of the organization. Annual risk assessments are most successful when performed jointly with compliance and other key risk management functions to implement efficiencies, achieve resource optimization, and demonstrate a strategic partnership with senior leadership and other risk functions in the management of risks.

Enterprise Risk Management

A major goal of enterprise risk management (ERM) is to provide management and the board with information on risks and opportunities that may influence key decision-making. Protiviti can help facilitate the ERM journey that organizations wish to take. We can help organizations determine the appropriate focus on strategic execution risk as part of the overall ERM program implementation.

Board Reporting and Education

With the release of practical guidance for healthcare governing boards, Protiviti can assist with evaluating various risk management function’s reporting process to the board and audit committee (e.g., presentation decks, dashboards, KPIs, other reporting packages, etc.); preparing, presenting and training the audit committee on regulatory risk and other hot topics in the industry; and assessing the composition of the audit committee, its charter and whether the committee is successfully fulfilling its roles to the organization.

Assess, Benchmark and/or Implement

Based on tried and proven methodologies, coupled with Protiviti’s deep healthcare internal audit expertise and experience, we can evaluate the structure and effectiveness of your overall internal audit function. This includes the purpose and role within the organization; collaboration efforts with other risk management functions/third parties; structure and reporting capabilities; current resource capabilities as compared to the needs of the organization and IIA Audit Intelligence Suite survey data; tools, analytics and methodologies used; the audit universe considered, risk assessment process and audit plan development/coverage; the audit approach (i.e., planning, fieldwork, reporting and wrap-up); and audit follow-up process. The impact of an internal audit program assessment can be dramatic as internal audit functions are provided a roadmap to improve their processes and/or move their maturity level higher up the Capability Maturity Model ladder. In addition, Protiviti can perform formal external quality assessments, which are recommended by The IIA every five years.


Richard Williams
Global Healthcare Industry Leader
[email protected]

Jarod Baccus
Internal Audit Solutions Lead
[email protected]

David Kupinski
Central Region Healthcare Lead
[email protected]

Bryon Neaman
Northeast Region Healthcare Lead
[email protected]
Vickie Patterson
Southeast Region Healthcare Lead
[email protected]
Alex Robison
West Region Healthcare lead
[email protected]

Ready to work with us?

Richard Williams
Richard Williams
Managing Director
+1 (214) 395-1662
Jarod Baccus
Jarod Baccus
+1 (281) 513-9559