implementing value-added auditing
level 3 and level 4
In this article, we will discuss each of the four steps (Managing, Planning, Conducting and Reporting), of Value-Added Auditing (VAA) and the corresponding activities that fulfill these steps. As in the first article, we have broken these activities down into levels to help ensure that VAA is sustainable and it is producing tangible results. This article will address levels 3 & 4 of all four steps. Implementing at levels 3 & 4 should only happen once you have mastered the first 2 levels. You’re on a path to sustainable improvement, using audits as function of your management system to assist in that journey. Remember, slow and steady wins the race.
Step 1: Managing the VAA
Senior leadership and board level commitment are essential for successful VAA. In levels 3 & 4, their commitment becomes more evident. Commitment should come more fluidly as the currently implemented first 2 levels should be mastered and showing value. The benefits of a true VAA program are measureable. Benefits can include increased efficiencies, financial benefits, enhanced patient safety, increased competitive position in your market, cultural benefits and assurance of compliance with applicable rules and laws.
Activity 1- Senior Management Commitment (Board Level & C-Suite)
This is paramount for success. ISO 9001:2015 requires a deeper leadership engagement.
Level 3-4: At these levels, specific influences of Senior management are called out, such as cultural adjustments to help ensure sustainability, trust, importance of improvement, effective communication, empowerment and recognition, ethics and resources. Resources are big motivators for everyone since VAA should be making everyone happy.
Activity 2- An audit “lead” is identified and will have ultimate responsibility for the VAA. This is an executive level position with this responsibility.
Level 3-4: The audit lead will monitor the VAA processes and performance to ensure that VAA objectives (which should align with organizational strategic and business objectives) are achieved.
Activity 3- Audit Staff is identified. Your current auditors should be included and consider adding auditors with business office knowledge, revenue cycle and risk. This may include staff to assist in the VAA through activities other than auditing (such as analysts).
Level 3-4: Same attributes as in levels 1 & 2 but at a mature or advanced level
Level 3-4: Knowledge of internal controls (seeing and understanding systems and understanding how internal controls can ensure anticipated results, operational and financial)
Level 3-4: Budgetary and financial knowledge, a deep understanding of the cost of quality.
Activity 4- Value-Added Auditor requirements are specific for those who will be conducting the VAA.
Level 3: collaborative problem solving skills (with auditees and audit team)
Level 3: enhanced technical knowledge of the VAA process and the processes being audited
Level 4: analytical skills
Level 4: critical thinking skills
Activity 5- Organizing the VAA function is the first operational step for success.
Level 4: Consider creating position(s) for full-time VAA auditors and dedicated VAA report writers/analysts
Step 2: Planning the VAA
Planning properly enhances assurance and reduces the likelihood of asking uninformed questions, chasing false leads, missing risk, not understanding controls, too much time in less significant areas, missing operational deficiencies, overemphasizing minor deficiencies, staying in comfort zone and auditing in circles. Effective planning is essential.
Activity 1- VAA Preparation
Level 1-4: Determine the scope of the audit and dates/times
Level 1-4: Assemble the audit team, based on competence and availability
Activity 2- Understand the audit objectives and business objectives, specifically for the process or area audited.
Level 3: Implement VAA process metrics to measure success of VAA
Level 4: Look for possible business opportunities during the VAA
Activity 3- Notify auditee of date, time and what processes will be audited
Level 3-4: implement pre-audit questions to maximize actual audit time with interview
Level 3-4: distribute a preliminary copy of the pre-audit survey
Activity 4- Understand auditees’ processes and documentation
Level 3-4: Conduct an interface process analysis with those processes that affect the process being audited
Level 3-4: Determine the process objectives (direct and indirect) of the audited process
Activity 5- Develop Audit Plan
Level 3-4: Align the audit plan with interface process analysis results
Level 3-4: Align the audit plan with process objectives
Activity 6- Develop Audit Survey, a tool to assist the auditor in preparation for the VAA. This activity is most important in complex organization, systems and processes.
Level 3-4: Create a survey for the purpose of identifying general issues that will be reviewed during the VAA
Step 3: Conducting the VAA
Conducting a Value-Added Audit (VAA) is more complex and thorough than a typical QMS audit. Value-Added audits are completed by a much more competent auditor who will plan and conduct a comprehensive audit that covers a such items as: organizational maturity, process capability, risk-based thinking, effectiveness of controls, vertical objectives and cost of quality as well as the traditional QMS audit items. The sampling process must create the confidence level necessary to achieve audit objectives.
Activity 1- Assess the organizational maturity in the system and process audited.
Level 3-4: Implement process lifecycle methods at the appropriate level in CMM (to determine how long this current process might be effective)
Activity 2- Assess process capabilities
Level 3-4: Review process data such as Corrective Actions, Preventive Actions, process effectiveness, operating parameters, reword rates, variations, costs, efficiencies, employee turnover, work arounds, heroic efforts, risks, improvements and innovations.
Activity 3- Assess system/process risk
Level 3-4: Assess high-risk areas
Level 3-4: Assess effectiveness (by stress testing) of risk mitigation strategies
Activity 4- Evaluate control effectiveness to achieve intended results
Level 3-4: Determine & assess the types of controls used, such as: people, methods, machines, environment, culture and leadership.
Level 3-4: Assess the effectiveness of types of process control
Level 3-4: Assess the effectiveness of types of risk control
Level 3-4: Assess the effective use of resources
Level 3-4: Assess opportunities for improvement or innovation
Activity 5- Assess evidence gathered to ensure that findings created would be received with confidence.
Level 3-4: Broaden the sample for evidence to include vertical processes and interfacing processes
Level 3-4: Test the evidence (i.e.- re-perform and re-calculations) for applicability to the audit objectives
Activity 6- Create findings based on the evidence gathered. These are the same for all levels.
Level 1-4: Compare evidence to criteria to create findings (conformance, non-conformance, opportunity for improvement or innovation)
Level 1-4: Classify findings based on levels of importance (risk, repeat finding, etc.)
Activity 7- Conduct an exit meeting. These are the same for all levels.
Level 1-4: Conduct a formal exit meeting with agenda and invite auditees if appropriate
Level 1-4: Share the findings based on evidence gathered and gain agreement from organization
Level 1-4: Determine the date for completion and delivery of the final report.
Step 4: Reporting VAA results
The audit report will be the documented information that summarizes the audit findings and can be used to close out the audit and possibly to begin activities for corrective action, improvements or innovations. VAA incorporates the Senior Leadership and the Board of Directors; therefore they should be apprised of the VAA results. Due care is exercised when creating and sharing this report as some information may be considered confidential. These activities are the same for all levels.
Activity 1- Communicate Audit results to appropriate parties
Level 1-4: Take due care to capture all findings in report and in clear, concise, objective, constructive and timely fashion
Level 1-4: Board and Senior Leadership should receive the report first
Level 1-4: Communicate in a language appropriate to the reader(s)
Activity 2- Determine report format (this may have been determined with the organization in the planning step.
Level 1-4: VAA report must add value to customer
Level 1-4: Report format may be agreed upon before the actual audit
Level 1-4: Report should include audit findings, Cost of Quality data, benchmarking opportunities, resources used, status of audit objectives achieved during the audit and potential improvements or innovations. Items requiring urgent response should be easily identified.
Activity 3- Correct, prevent, predict and preempt
Level 1-4: Corrective and Preventive actions identified in the report must be initiated.
Level 1-4: VAA should identify trends by means of sampling and help the customer predict certain risks.
Level 1-4: Organizations will take preemptive actions to mitigate risks
Activity 4- Maintain audit records
Level 1-4: The final audit report will become documented information and maintained per customer requirements.
Level 1-4: Auditor notes should also be maintained with the report
Level 1-4: Confidentiality must always be maintained.
Thank you for your interest and time to read all the way to here. I am passionate about what I do and I would welcome the opportunity to learn more about you and the journey your hospital is taking to enhance your internal audit program. I can be reached by email at tschmidt@bluesynergyassociates.com or you can call 844-424-7825. Your comments are always welcome.
Let's stay in touch,
Ted
Step 1: Managing the VAA
Senior leadership and board level commitment are essential for successful VAA. In levels 3 & 4, their commitment becomes more evident. Commitment should come more fluidly as the currently implemented first 2 levels should be mastered and showing value. The benefits of a true VAA program are measureable. Benefits can include increased efficiencies, financial benefits, enhanced patient safety, increased competitive position in your market, cultural benefits and assurance of compliance with applicable rules and laws.
Activity 1- Senior Management Commitment (Board Level & C-Suite)
This is paramount for success. ISO 9001:2015 requires a deeper leadership engagement.
Level 3-4: At these levels, specific influences of Senior management are called out, such as cultural adjustments to help ensure sustainability, trust, importance of improvement, effective communication, empowerment and recognition, ethics and resources. Resources are big motivators for everyone since VAA should be making everyone happy.
Activity 2- An audit “lead” is identified and will have ultimate responsibility for the VAA. This is an executive level position with this responsibility.
Level 3-4: The audit lead will monitor the VAA processes and performance to ensure that VAA objectives (which should align with organizational strategic and business objectives) are achieved.
Activity 3- Audit Staff is identified. Your current auditors should be included and consider adding auditors with business office knowledge, revenue cycle and risk. This may include staff to assist in the VAA through activities other than auditing (such as analysts).
Level 3-4: Same attributes as in levels 1 & 2 but at a mature or advanced level
Level 3-4: Knowledge of internal controls (seeing and understanding systems and understanding how internal controls can ensure anticipated results, operational and financial)
Level 3-4: Budgetary and financial knowledge, a deep understanding of the cost of quality.
Activity 4- Value-Added Auditor requirements are specific for those who will be conducting the VAA.
Level 3: collaborative problem solving skills (with auditees and audit team)
Level 3: enhanced technical knowledge of the VAA process and the processes being audited
Level 4: analytical skills
Level 4: critical thinking skills
Activity 5- Organizing the VAA function is the first operational step for success.
Level 4: Consider creating position(s) for full-time VAA auditors and dedicated VAA report writers/analysts
Step 2: Planning the VAA
Planning properly enhances assurance and reduces the likelihood of asking uninformed questions, chasing false leads, missing risk, not understanding controls, too much time in less significant areas, missing operational deficiencies, overemphasizing minor deficiencies, staying in comfort zone and auditing in circles. Effective planning is essential.
Activity 1- VAA Preparation
Level 1-4: Determine the scope of the audit and dates/times
Level 1-4: Assemble the audit team, based on competence and availability
Activity 2- Understand the audit objectives and business objectives, specifically for the process or area audited.
Level 3: Implement VAA process metrics to measure success of VAA
Level 4: Look for possible business opportunities during the VAA
Activity 3- Notify auditee of date, time and what processes will be audited
Level 3-4: implement pre-audit questions to maximize actual audit time with interview
Level 3-4: distribute a preliminary copy of the pre-audit survey
Activity 4- Understand auditees’ processes and documentation
Level 3-4: Conduct an interface process analysis with those processes that affect the process being audited
Level 3-4: Determine the process objectives (direct and indirect) of the audited process
Activity 5- Develop Audit Plan
Level 3-4: Align the audit plan with interface process analysis results
Level 3-4: Align the audit plan with process objectives
Activity 6- Develop Audit Survey, a tool to assist the auditor in preparation for the VAA. This activity is most important in complex organization, systems and processes.
Level 3-4: Create a survey for the purpose of identifying general issues that will be reviewed during the VAA
Step 3: Conducting the VAA
Conducting a Value-Added Audit (VAA) is more complex and thorough than a typical QMS audit. Value-Added audits are completed by a much more competent auditor who will plan and conduct a comprehensive audit that covers a such items as: organizational maturity, process capability, risk-based thinking, effectiveness of controls, vertical objectives and cost of quality as well as the traditional QMS audit items. The sampling process must create the confidence level necessary to achieve audit objectives.
Activity 1- Assess the organizational maturity in the system and process audited.
Level 3-4: Implement process lifecycle methods at the appropriate level in CMM (to determine how long this current process might be effective)
Activity 2- Assess process capabilities
Level 3-4: Review process data such as Corrective Actions, Preventive Actions, process effectiveness, operating parameters, reword rates, variations, costs, efficiencies, employee turnover, work arounds, heroic efforts, risks, improvements and innovations.
Activity 3- Assess system/process risk
Level 3-4: Assess high-risk areas
Level 3-4: Assess effectiveness (by stress testing) of risk mitigation strategies
Activity 4- Evaluate control effectiveness to achieve intended results
Level 3-4: Determine & assess the types of controls used, such as: people, methods, machines, environment, culture and leadership.
Level 3-4: Assess the effectiveness of types of process control
Level 3-4: Assess the effectiveness of types of risk control
Level 3-4: Assess the effective use of resources
Level 3-4: Assess opportunities for improvement or innovation
Activity 5- Assess evidence gathered to ensure that findings created would be received with confidence.
Level 3-4: Broaden the sample for evidence to include vertical processes and interfacing processes
Level 3-4: Test the evidence (i.e.- re-perform and re-calculations) for applicability to the audit objectives
Activity 6- Create findings based on the evidence gathered. These are the same for all levels.
Level 1-4: Compare evidence to criteria to create findings (conformance, non-conformance, opportunity for improvement or innovation)
Level 1-4: Classify findings based on levels of importance (risk, repeat finding, etc.)
Activity 7- Conduct an exit meeting. These are the same for all levels.
Level 1-4: Conduct a formal exit meeting with agenda and invite auditees if appropriate
Level 1-4: Share the findings based on evidence gathered and gain agreement from organization
Level 1-4: Determine the date for completion and delivery of the final report.
Step 4: Reporting VAA results
The audit report will be the documented information that summarizes the audit findings and can be used to close out the audit and possibly to begin activities for corrective action, improvements or innovations. VAA incorporates the Senior Leadership and the Board of Directors; therefore they should be apprised of the VAA results. Due care is exercised when creating and sharing this report as some information may be considered confidential. These activities are the same for all levels.
Activity 1- Communicate Audit results to appropriate parties
Level 1-4: Take due care to capture all findings in report and in clear, concise, objective, constructive and timely fashion
Level 1-4: Board and Senior Leadership should receive the report first
Level 1-4: Communicate in a language appropriate to the reader(s)
Activity 2- Determine report format (this may have been determined with the organization in the planning step.
Level 1-4: VAA report must add value to customer
Level 1-4: Report format may be agreed upon before the actual audit
Level 1-4: Report should include audit findings, Cost of Quality data, benchmarking opportunities, resources used, status of audit objectives achieved during the audit and potential improvements or innovations. Items requiring urgent response should be easily identified.
Activity 3- Correct, prevent, predict and preempt
Level 1-4: Corrective and Preventive actions identified in the report must be initiated.
Level 1-4: VAA should identify trends by means of sampling and help the customer predict certain risks.
Level 1-4: Organizations will take preemptive actions to mitigate risks
Activity 4- Maintain audit records
Level 1-4: The final audit report will become documented information and maintained per customer requirements.
Level 1-4: Auditor notes should also be maintained with the report
Level 1-4: Confidentiality must always be maintained.
Thank you for your interest and time to read all the way to here. I am passionate about what I do and I would welcome the opportunity to learn more about you and the journey your hospital is taking to enhance your internal audit program. I can be reached by email at tschmidt@bluesynergyassociates.com or you can call 844-424-7825. Your comments are always welcome.
Let's stay in touch,
Ted