Embrace the Audit 

Best Practices for claims departments to maximize the effectiveness of an audit 

With commentary and insight from Rick Sabetta and Barry Bloom

As a Claims Supervisor I reacted very poorly to my first workers compensation claims audit.  

I went through the familiar stages that one does when first audited: 

  • Anger (at how anyone could question my decisions or results)  
  • Denial (that someone in my claims unit had made mistakes) 
  • Negotiations (over the findings and how they had missed all of our successes and only focused on the mistakes) 
  • Depression (I was sure that since I was not perfect that I would not be retained as a Claims Supervisor) 
  • Acceptance (when the Claims Manager sat down and worked through the findings with me.) 

I felt that the auditor’s findings were subjective, did not recognize the work that had been done and were not entirely accurate.  What particularly bothered me were two things. First was the “compliance” section of the audit. At that time, I believed that documenting “compliance” activity had little to do with getting actual results on the claims.  In retrospect, I was wrong about that.  My second issue was the subjectivity which the auditor seemed to have over some of my actions. 

My Manager noted that overall, the audit was very positive. Her astute commentary was that most of the faults and issues which had been identified in the audit were accurate.  She also noted that the subjectivity in the audit, was why claims adjusting was considered a profession and an art and not a science.  That I should consider the approaches suggested as new ways to look at the issues and new methods to resolve the claims.  

It took several audits before I was fully able to embrace the audit process without being angry and defensive. When I finally embraced the audit as a way to improve my performance and results rather than believing and behaving as if it was a personal attack on my work product, I was able to take quantum leaps in improving my skills and claims results. 

Later in my career, the audit process became an important tool for me to appropriately manage and oversee claims operations.  

The audit process can be complex. If not done well, audits can fail to identify material weaknesses, or fail to achieve the results which will most benefit the company and those who are audited.  Learning how to appropriately plan, manage and respond to an audit is an important skill.  Yet it is rarely taught to claims professionals.  Some claims professionals have never learned how to prepare manage or respond to an audit.  I believe that their careers were hindered by not having that skill.  

Reasons for Audits  

Audits are performed for various reasons: 

  • Compliance with internal policies and procedures. 
  • Compliance with State policies concerning timeliness of investigation, compensability decisions, benefit provision, and settlement. 
  • Adequacy, timeliness and accuracy of communication with the injured workers and employers. 
  • Identification and pursuit of subrogation recovery. 
  • Compliance with reporting to excess carriers. 
  • SIU identification and compliance. 
  • Payment coding, vendor addition or selection, review and add vendor to the system. 
  • Litigation management. 
  • Subrosa (deployment strategies and results).  
  • Adequacy and consistency of reserves  
  • Vendor addition to the system, vendor selection and vendor management 

Who does audits and what kinds of audits to they do? 

In the workers compensation system, there are many different kinds of auditors who may audit for many different issues. 

Every company (employer, insurance carrier, third party administrator, public agency) has its own internal audit function.  Internal audits help identify any material weaknesses, single points of failure or control weaknesses. Importantly, they also help confirm the estimated liabilities as well as determine if there is compliance (both internally and externally).   

Within claims operations there may also be a separate audit function. Sometimes the supervisors are assigned audit activity and sometimes there are specifically assigned auditors within the claims department. 

Companies (self-insureds, insureds and insurance companies) also utilize outside independent financial auditors, (usually accounting firms who use actuaries) that audit the workers compensation programs to determine if the reserves are adequate to appropriately recognize the outstanding liabilities.   

Companies may also use independent outside auditors to ensure compliance with the laws rules regulations and internal policies and procedures. 

Insurance companies are also regularly audited by The State Department of Insurance. This is usually done on a rotating three-year cycle (called the tri-annual audit). These audits are done primarily for financial stability, and to determine compliance with the local claims administration laws, rules and regulations.  

State Divisions of Workers Compensation may also audit for compliance on timely and accurate benefit provision.  

Most States also have their own independent audit function to insure fiduciary integrity and to provide insight and assistance to the legislature and governor’s office to determine if the State’s tax money is being spent in accordance with the intent of the laws and regulations.   

Managing the audit 

From a claim perspective, there are two methods of managing an audit. One is engaging and managing the auditor if you are overseeing or requesting the audit.  The second is managing the auditor and responding to the audit if you are you are being audited.  

To help create a list of best practices, I consulted with Rick Sabetta and Barry Bloom, both of whom have spent much of their careers auditing or being audited.  

How to prepare for an audit (if you are overseeing or requesting the audit) 

The nature of the preparation for an audit is different based on the type of audit. For instance, an internal auditor requires far less preparation and management, than an outside auditor. Internal auditors already have access to the system and usually can access the files without disturbing the claims operations. 

The first step in the audit process requires specific definition of the audit goals and scope which will benefit the claims organization, and will also ensure the effectiveness of the audit team.   

For independent audits it is important to establish the scope of the audit. The scope of work (“SOW”) defines what will be examined, how it will be examined and what the audit team will produce and deliver. It also outlines the price of the audit, whether the audit will be done remotely or locally and establishes the parameters of which claims, which years or which offices will be audited.  Equally important, the SOW defines the responsibilities for the claim operation and the audit team. It is important that all parties understand what their respective roles will be. In addition to being an effective “project plan”, the SOW also serves as a guide or timeline to the events of the claim audit.  

The claim organization’s leadership team has a role to play in defining the needs of the company and any particular operational concerns. Prior to the audit, the claim organization should clearly define its concerns that may have prompted the need for the audit.  By sharing this perspective, the claim organization’s leadership team can provide a framework for the Audit Team Leader and help focus the audit team.  

An effective, well-defined SOW also serves as a “roadmap” that specifies which parts of the claim organization and the related core functionality which will be examined.  Determining how “granular” the examination will be is an important factor and one that serves to define the technical approach the audit team will take.  

Another aspect of the SOW is to establish the standards by which the audit will be conducted.  Compliance audits are usually designed and regulated by the auditor’s assessment of the claim organization’s performance against the claim organization’s internal operating standards. Often, at the outset of the examination the audit team may request information regarding the claim operating standards that are in place at the time of the examination.   

For such compliance-oriented audits the claim organization may be focused on determining how efficiently or thoroughly its claim staff adheres to the published and intended operating guidelines.  In those instances, the audit team will incorporate the guidelines into their work papers as the mechanism by which they conduct their assessment.   

More comprehensive operational examinations place more focus on the quality of the claim management performance (i.e., performance assessments).  The comprehensive claim audit may incorporate broader standards by which the assessment is conducted, including recognized insurance industry “best practices” standards. By using a “best practices” standard the audit team will allow the claim organization to discern how effectively the claim staff is performing relative to the commonly observed best practices in the industry.   

It is very important that the two teams of claim professionals (the audit team and the claim organization) share the understanding that the broader set of industry “best practices” standards may be significantly more detailed and stringent than the claim organization’s own operating standards. Creating a calibrated understanding of the standards for performance measurement will help alleviate disputes or misinterpretations of findings.  

The claims organization should understand that the audit team will be comparing performance on a granular basis, the result of a very focused claim-by-claim examination. The metrics that the audit team uses to determine how consistently and how well a claim team performs, should be embedded in the audit team’s work papers.  

The audit team should secure and prepare its completed work papers, with all of the granular data and metric outcomes, to present to the claim organization when the written audit reports are delivered. The work papers provide the basis for the reports’ metric analysis and findings.  The work papers also serve a secondary, but equally important role.  The granular detail in the work papers can assist the claim management team’s leaders in their efforts to identify where specific claim management skills may be weak or where required remedial skill development initiatives are needed.  In this regard, the work papers serve as a “road map” for training and skill development for both the individual examiner and for the overall claim team 

The claim management organization should articulate to those involved the specific purpose for the audit and more importantly identify a specific internal claims “sponsor” or point person for the work.  The audit team requires a specific point of contact within the claims operations to establish the lines of communications and to be accountable for the execution of the audit. 

Audit Logistics 

Logistics planning is vital to a successful audit. Among the first steps for defining the logistical approach should be the determination as to how the audit team will access the claim file records for the examination.  

The scope of the audit will determine the nature and extent of the data that is needed for the audit, as well as if and how the audit team will be given access to the claims system.  The audit team should provide a formal data and access request to the audit sponsor who will typically forward it to its IT department. The sponsor should ensure that the audit team leader and the IT leadership team have a clear communication channel so that the data requests, system access requests and special requests can be executed on a timely basis throughout the course of the entire audit. 

Most audits require some form of access to sensitive information. The audit team must execute all necessary access, non-disclosure, and confidentiality agreements before access is granted.  

It is necessary that the audit Team Leader and the IT leader take time to discuss the content and access protocols so that the audit team can be assured that what is being provided will sufficiently meet the examination needs of the audit team.  This is actually one of the more critical initial steps to take. The efficiency of the audit itself hinges upon a smooth access protocol.   

Technology and Data Logistics 

The technology access protocol should determine the following: 

Are there security and/or data disclosure Releases required? 

Who will require and be given access to the data and information? 

How will the data and information be secured (during the examination and after)?  

The identity of the members of the audit team who will be gaining access to the systems and claim information platform(s) should be disclosed by the audit firm. 

No member of the audit team shall receive anything more than “read only” access to the claim information platform/system. 

Is the access to the claim information platform/system restricted to certain parts of the system?  If so, it is important that the audit Team Leader and the claim organization audit sponsor are in agreement with any limitations to ensure the absence of access will not create any impairment or diminution of assessment. 

Is the access being provided into a “live” system environment or into a controlled “audit” environment? 

Ensure that the audit team has access to claim adjuster notes and/or the catalogue of claim management events and that portion of the claim information system that records ALL claim payments and case reserves. 

Is there a preferred protocol in place for the audit team to relinquish access to the claim information system when its need for access ends? To ensure required system security the IT team should provide the audit team clear protocols for relinquishing access to the system(s). 

Communications protocols 

The Claim Operation leadership and/or sponsor should establish the communications protocol for all parties during the audit.   

Establish a schedule/timeline for regular “check-ins” or briefings with the audit team.  

Establish a communications mechanism so that the auditors have a means by which they can make requests for information or reports or related materials that may not be accessible to them via the claim information platform. 

Ensure that, when the audit is taking place on site, the work space for the auditors is reasonable for the performance of their work.  Auditors are typically used to cramped spaces and many may be armed with a sufficient supply of “war stories” about prior audit conditions that were uncomfortable or compromising.  Make sure that your organization doesn’t offer fodder for another war story—make the accommodations reasonable and easy to use. 

If the audit will take place through remote access to a claim information platform or server, ensure that the connection is reliable and sufficiently supported by the IT team.  Offer the audit team a “point person” from the IT team who can trouble-shoot and resolve access issues and/or continuity for access throughout the entire examination.  This is extremely important to the auditors and should become equally important for the claim management team.  Keep in mind that the audit team performs its work by schedule, often based on hourly professional fee charges. Delays caused by access denials or access discontinuity may impede the audit function.  Such delays should be avoided because they can become costly.  

During an audit 

When issues are identified, some auditors ask for a response during the audit. As part of the SOW, there should be a protocol for who will respond, when they will respond and how they will respond during the audit. 

Depending on the type of audit, sometimes it is important to have an attorney providing all of the responses to help maintain confidentially of the work and the audit. 

To avoid operational disruption in the claim department, an efficient and considerate protocol for issues identified during the audit should be mutually agreed upon in advance by the claim organization sponsor and the audit Team Leader. 

How to respond to the audit (when being audited) 

Be strictly professional with the auditors.  Be careful in all communication with the auditors.  Take careful notes during all meetings with the auditors.   

Most of the time, audits are not personal, but if not handled well or responded to appropriately the process could become so.  Some auditors do not understand their role, the scope of the audit or the function or process that they are auditing.   Some auditors do not have consistent process or utilize detailed work papers (so the results can’t be replicated). Some only focus on nit picking compliance or smaller issues rather than looking at the big picture. My original boss said “… that I would have to deal with these folks the rest of my career and that there is a time to fight and a time to fold the cards….”  Even though you may be technically right, good management is knowing when, where and how to fight an audit. 

Post Audit best practices 

All audits should have a summary discussion or “wrap up” meeting between the claim organization’s leadership team and the audit team. Approach such a meeting with the idea that there is something to be gained from an open and honest discussion.  This may include indicating particular parts of the audit report in which you believe there may have been missed facts or a misinterpretation of some aspect of the claim management.  It is important to let the auditors know what specifically the issue is as it may have a significant impact on the overall audit results. 

Most auditors are generally willing to accept new information, with the proviso that the new information can be empirically verified or proved.  Usually it is worth the time to determine how the information was missed.  If there is new information to impart or share, present that information, not as a challenge to the findings, but in the interest of expanding the auditor’s awareness of an operational situation that may not have been readily available or evident during the examination.   

Auditors who operate in the spirit of fairness want to get the details right.  They will generally be willing to modify or edit a report so long as there is substantiating evidence to support changes.  The best way to approach the discussions around such changes is in a collaborative rather than challenging manner.   

After the audit your effort should be to carefully review the findings to determine if there were any substantive mistakes made by the auditor.  As a response, first acknowledge the correct findings, take responsibility for any failures and outline steps to make sure that those are not repeated. Then point out any material mistakes the auditor may have made.   

Be sure to agree on a sharing protocol with all of the constituencies involved in the process. Specifically agree on whether the employer or insured will receive the findings report.  

It is vital that any learning opportunities or knowledge transfer is shared within the claims operation for productive and constructive feedback. 

In conclusion 

  • Manage the audit process. 
  • Make sure that the results will be considered legally confidential and cannot be subpoenaed for outside mischief. 
  • Make sure it is focused on insuring accuracy of the financial information in the files. 
  • Make sure that it identifies any weaknesses (examiner, claims philosophy, administration and processes) 
  • Make sure the findings are accurate.  
  • Share the audit findings with those who performed the work (so they may improve their performance).  
  • Have an appropriate protocol for sharing the information within (and without) the organization.  
  • Do not over-react to audit findings. 
  • Re-visit any negative findings in the next audit to determine if claims behavior has changed. 
  • Embrace the audit.   

Rick Sabetta is the co-founder and Managing Principal of Risk Navigation Group, LLC, a national claim management advisory services firm based in New Jersey.  He can be reached at (973) 876 4254 or rsabetta@risknavigation.com 

Barry Bloom has executive business experience with private and public entities & quasi-governmental groups, spanning the healthcare, education, retail, manufacturing, staffing, trucking, banking, telecommunications, hospitality and high-tech industries. As a seasoned risk management consultant, Mr. Bloom couples this experience with his technical expertise in the fields of workers’ compensation, absence management and disability, group health benefits, liability and risk management information technology. He can be reached at The bdb Group (650) 400-1017 or bdbloom@comcast.net).