US Affordable Care Act holds opportunities, challenges for internal auditors

Health-care regulations associated with the US Patient Protection and Affordable Care Act (PPACA) have created new opportunities for internal auditors.

But internal auditors may need to get more familiar with PPACA’s provisions to help their organisations understand the risks associated with the law and their organisation’s preparedness to mitigate those risks, according to a new report.

More than four in 10 (41%) of 428 North American internal audit managers said risks associated with PPACA will be moderately or extremely impactful on their organisation, according to the fall “Pulse of the Profession” survey by the Institute of Internal Auditors (IIA).

An additional 37% said PPACA-associated risks will be somewhat impactful to their organisations. But amongst respondents who said PPACA would apply to their organisation, 38% rated themselves as not very knowledgeable of PPACA, and another 43% said they are just somewhat knowledgeable.

“One of the greatest opportunities facing the profession this coming year relates to the U.S. Affordable Care Act,” IIA President and CEO Richard Chambers said in a news release. “To take advantage of this opportunity, internal audit cannot assume a reactive posture. This regulation challenges internal audit to become a visionary, proactive function in their organisation.”

Being aware of the effects of regulatory activity allows internal auditors to show foresight on compliance risk issues, Chambers said.

The survey also showed that the newly refreshed internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is popular with organisations. A substantial majority (87%) plan to use the 2013 COSO framework for their control processes, while 73% used the original, 1992 version of the framework.

In addition, the survey showed that:

• Stable or increased resources for internal audit are expected with respect to budgets (90% of organisations) and staffing levels (97%) in 2014.
• Compliance risks are expected to receive greater audit coverage in 2014.
• Internal auditors are misaligned with their organisations’ priorities with respect to strategic business risks. Although 71% of respondents say strategic business risks are a top priority for executive management, 57% indicate no coverage of strategic business risks in their 2014 audit plan.

“Now is the time to get up to speed as the real risks manifest themselves,” Chambers said.

—Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine senior editor.