Auditing and Monitoring

The UNC Health Compliance Office creates an annual audit work plan, based upon a risk assessment, to guide Compliance monitoring and auditing activities across UNC Health. Entity-level Compliance Offices may also create annual work plans.

A risk assessment is conducted prior to each topic being added to the work plan and helps determine overall risk or vulnerability to the organization. Factors considered in our risk assessment include financial, regulatory, operational, likelihood, inherent complexity, and existing environment of controls.

The annual work plan is reviewed and approved by the Chief Audit and Compliance Officer as well as the Finance, Audit, and Compliance Committee of the UNC Health Board of Directors. Entity-level work plans are approved by the applicable Board or Board Committee.

The Compliance audit process is a collaboration with operational key stakeholders across the organization. Throughout the process we conduct internal and external fact finding missions, review patient medical records and claims data, discuss any identified opportunities for improvement with key stakeholders, and make recommendations for improvement which is aimed at reducing the level of risk in a certain area or service. We wrap up the process with a thorough findings report which is communicated to key stakeholders as well as key senior leaders. The goals of our audit work plan efforts are communication, transparency, and action. 

Additional Resources include: