TRINITY UNIVERSITY HOSPITAL

Slides:



Advertisements
Similar presentations
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Advertisements

An Internal Control Overview
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Auditing Computer Systems
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Security Controls – What Works
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
State Examinations Have No Fear, Help is Here. Risk-Focused Financial Condition Exams NAIC mandated for state insurance departments beginning 1/1/2010.
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 12-1 Chapter Twelve Auditing the Human Resource Management Process.
ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
September 2010 Budget Managers Meeting Internal Audit Presentation Dave Cutri, Director of Internal Audit
David N. Wozei Systems Administrator, IT Auditor.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Eliza de Guzman HTM 520 Health Information Exchange.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Generally Accepted Recordkeeping Principles: The Principle of Transparency Alaska Chapter of ARMA International Presented by: Tara Carey, ARMA Board Member.
Office of Human Research Protection Georgia Health Sciences University.
The University of Toledo Finance and Audit Committee Meeting “Internal Audit and Compliance Update” September 21, 2015.
Accounting and Information Systems: a powerful combination.
WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing the Human Resource Management Process Chapter Twelve.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
12/06/20161 ObjectiveProcess Risk Inherent Risk – risk of not achieving objectives Inherent risk Inherent risk – before the assessment of any controls.
Outcomes of the FMC review Vania Tomeva, PIFC consultant July 2013, Tbilisi 1.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
© 2016 Chapter 6 Data Management Health Information Management Technology: An Applied Approach.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Review of IT General Controls
Getting to Know Internal Auditing
Internal and external control in an automated environment
AUDITING BUSINESS PROCESSES Part Five. AUDITING BUSINESS PROCESSES Part Five.
Identity and Access Management
Research using Registries
Getting to Know Internal Auditing
Errors, Fraud, Risk Management, and Internal Controls
Getting to Know Internal Auditing
Presentation to the Portfolio Committee on Finance
From Design to Cross Application Reporting
TRINITY UNIVERSITY HOSPITAL INTERNAL EXIT MEETING
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
Audit Planning Presentation - Disaster Recovery Plan
Value of internal auditing: Assurance, Insight, objectivity
SQL Database Audit Planning
Active Directory Audit
Technology Audit Plan ----BCSY University
Value of internal auditing: Assurance, Insight, objectivity
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
What a non-IT auditor needs to know about IT & IT controls
Getting to Know Internal Auditing
2017 Administration and Finance Conference
Sarbanes-Oxley Act (404) An IT Viewpoint
An IT Viewpoint Darin Kreimeyer, Senior Manager Newel Linford, Manager
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Protect data in core business applications
Presentation transcript:

TRINITY UNIVERSITY HOSPITAL DEPARTMENT OF INTERNAL AUDIT HAITAO HUANG - AUDITOR-IN-CHARGE DONGJIE WANG - SENIOR IT AUDITOR XIAOZHOU YU - EXPERIENCED IT AUDITOR RAISA AHMED - EXPERIENCED IT AUDITOR DERRICK A. GYAMFI - IT AUDIT ASSOCIATE H

AGENDA BACKGROUND & OVERVIEW OBJECTIVE SCOPE OF AUDIT RISK ASSESSMENT ROLES & RESPONSIBILITIES RESOURCE BREAKDOWN KEY DATES & DELIVERABLES SUMMARY

BACKGROUND & OVERVIEW THE ERP SYSTEM THE HOSPITAL Trinity University Hospital is currently a 476 - bed tertiary care hospital that has been serving the Philadelphia region since 1977. Three Clinics: General Clinic, Dental Clinic, and Eye Clinic Services offered include Emergency Services, Laboratory Services, and Physiotherapy Services THE ERP SYSTEM Trinity utilizes HANA RAISA, a patient records management software system. HANA RAISA is a fully fledged healthcare specific ERP system solution aimed at enabling the hospital to: Unify the entire spectrum of patient medical records across clinics and departments Make retrieval and viewing of patient information easy and secure Ensure the right information is in the right hands at the right time Supply real-time tracking information for all files at all times (no more missing or mishandled records) Deliver easy-to-use, transparent reporting in a variety of formats

AUDIT OBJECTIVE The main objective of the audit is to verify that the patient records management system is appropriately safeguarded and that data reliability and accuracy are maintained within the environment. The specific objectives of the audit is to: Assess the application level security of the system Evaluate data security in the patient record management system Assess the data security in compliance with laws and regulations

SCOPE OF AUDIT The scope of this audit project included reviews of the system for the following areas: Segregation of Duties Authentication, authorization and access control Data security (Confidentiality, Integrity, Availability) Disaster Recovery and Business continuity Policies and procedures Out-of-scope Areas: Infrastructure of ERP system Physical and environmental controls

RISK ASSESSMENT Impact Likelihood Rationales Findings Inherent Risk High Sensitive data (medical records, insurance info, payments) Laws & regulations (HIPPA) Reputational & financial losses Data is not classified based on level of sensitivity Control Risk moderate Sensitive data Some critical procedures missing Missing account termination procedures Detection Risk Moderate Further errors and risks System logging is not properly configured

ROLES & RESPONSIBILITIES AUDITOR ROLE RESPONSIBILITY Haitao Huang Auditor-in-Charge Oversight General review of reports Supervision and Guidance Dongjie Wang Senior IT Auditor Detailed Review Planning Derrick Gyamfi IT Audit Associate Data Analysis General administrative assignments in support of the audit or auditors Xiaozhou Yu Experienced IT Auditor Testing Document testing results Raisa Ahmed

RESOURCE BREAKDOWN Auditing Phase Start Date End Date Working Hours Planning 2/26/18 3/10/18 86 hrs Testing 3/12/18 5/1/18 400 hrs Reporting 5/2/18 5/15/18 76 hrs Total 565 hrs

KEY DATES & DELIVERABLES

SUMMARY Importance of the PRM and patient information Provide management with assessment of control environment Focus on inherent, control and detection risks ensure deliverables in timely and cost-effective manner

Thank You! QUESTIONS?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.