The opinions expressed in this presentation are those of the speaker. The International Foundationdisclaims responsibility for views expressed and statements made by the program speakers.

Auditing Health and Welfare Plans

Scott M. Price, CPAPrincipalBond Beebe, Accountants and AdvisorsBethesda, Maryland

P-ACCT5-1

Topics Covered

• Insured vs. Self insured• Analytical review• Use of claims auditor • Use of SOCI report• Planning and sample selection• Fraud

P-ACCT5-2

Types of Plans

• Funded plans• Self funded plans

– Fully self funded– Partially self funded

P-ACCT5-3

Comparison Between Fully Insured and Self Funded Plans

• Paid claims• Claims reserves • Inflation• Profit • Overhead• Risk • Margin

P-ACCT5-4

Comparison Between Fully Insured and Self Funded Plans

(continued)

Fully Insured Self-Funded

Inflation (Trend) In a conventional insured plan, the insurer requires the insured group to prepay projected inflation.

The plan pays actual inflation

Profit No insurance company can grow, or in fact, exist without profit; hence, it is a necessary cost of operation

The plan is providing anemployee health benefit program—its purpose is to provide savings versus profit.

Premium Tax The insurer must pay a premium taxto both state and the federal governments. The state tax is typically about 2.5% of the total insurance premium, but it varies by state. Health care reform added a new federal premium tax that is also about 2.5% of the total insurance premium.

Premium taxes are not assessed on self-funded plans

P-ACCT5-5

Comparison Between Fully Insured and Self Funded Plans

(continued)

Fully Insured Self-Funded

Risk Virtually all conventional insurers pool claims in excess of a given point. Theoretically, claims in excess of this amount are not charge to a specific group. The insurer applies an excess risk charge to all groups

The plan sponsor is responsible for all claims. To avoid exposure to catastrophic loss, the plan sponsor can purchase stop-loss coverage.

Margin Virtually all conventional insurers add a margin to their premiums in case their estimate of claims is too low.

The plan sponsor is responsible for all claims, so adding a margin to the budget may be advisable. However, no cash is disbursed until a claim is paid.

P-ACCT5-6

Health Care Funding

CorporationsPublic

Employers Multi

Employer Overall Fully Insured 40% 36% 22% 33%Fully Self Funded 11% 27% 20% 16%Self Funded w/Stop-Loss 49% 37% 58% 51%

P-ACCT5-7

Administration of Self Funded Plans

• Self administration • Administrative services only• Third party administrator

P-ACCT5-8

Why Audit Claims?

• IT’S REQUIRED! • Fraud risk factors• Probability of errors

– Most complicated portion of the audit– Audit procedures are unique

P-ACCT5-9

Benefit Payment Testing Alternatives

• Analytically • Control test• Substantive test

P-ACCT5-10

Benefit Payment Testing Objectives

• Payments in accordance with plan documentation?

• Payments made to or on behalf of persons entitled to them?

• Transactions recorded in proper account, amount and period?

P-ACCT5-11

Analytical Test of Claim Data

• What types of information do you need? – Detailed records of enrollments, including options

selected for the current and prior periods– Detailed accounting of types of procedures

performed, comparative of the prior period – Detailed cost information for the procedures

performed, comparative of the prior period– Information on number and types of catastrophic

illnesses (assuming no stop-loss insurance obtained by the plan)

• This is very difficult to perform on a self-insured plan.

P-ACCT5-12

Attributes of a Good Claims Auditor

• Experiences in claims processing• Must understand nature of the industry• Must understand the plan and the plan’s claims payment

process; how are the claims paid? • Must understand the nature of errors found

– Systematic – Manual

• Must understand the codes– What procedure was performed?– Why was the patient treated?

P-ACCT5-13

What Can Go Wrong in Claims Payments

• Plan provisions improperly applied• Claim payments not properly authorized• Payments are not recorded timely• Payment details are improper in the system• Payments made to ineligible participants • Fictitious or duplicate claims paid• Demographic data for eligibility is improper• Administrative fees are combined with claims

P-ACCT5-14

Claims Testing as a Test of Controls

• Never done in first year audit• Only done if you know your client well and you

do a walkthrough• Sample size, all random

– 40 if you expect zero errors– 60 if you expect two or less errors

• If number of errors exceed expected error rate then you cannot use the results

P-ACCT5-15

Claims Testing as a Substantive Test

• How many you need to test is based on:– Risk– Volume– Dollar value

P-ACCT5-16

Claims Testing as a Substantive Test (continued)

• Stratification lowers number of claims tested– High dollar value claims– High risk areas (e.g., surgical)– Denied claims

• How many to test?– 25 random to gain understanding – Small plan: 70-100– Large plan: 100-200– Government plan: 240

• Budget one hour per claim

P-ACCT5-17

Service Organization Control Reports (SOC 1 or SSAE 16) (formerly known as SAS 70 reports)

• Type 1 report – Design and

implementation – As of a specified date

• Type 2 report– Design and

implementation – Operating effectiveness– Use to reduce

substantive testing– Throughout a specified

period

P-ACCT5-18

Services Covered

• TPAs– Recordkeeping– Trust reporting– Plan testing– Information systems– Claims processing

• IT controls especially important

• Benefit programming and updates

• Investments– Purchases and sales

transactions– Investment income– Market valuation

P-ACCT5-19

Management’s Responsibilities

• Evaluate and monitor service organizations – Management should review SOC 1 report– User controls

• What are they?• Are they being followed?

P-ACCT5-20

Auditor’s Responsibilities

• Document understanding of control environment

• Identify all service organizations and sub-service organizations used by the plan

• Obtain and review the most recent SOC 1 report

P-ACCT5-21

Once SOC Report Is Obtained

• Is it appropriate (location, timing, services)

• Type 1 or Type 2• Review auditor opinion • Read the entire report• Document review and reliance

– AICPA has a documentation tool

• User control evaluation

P-ACCT5-22

What if There Isn’t a SOC 1 Report?

• Test controls in order to reduce substantive testing– SOC 1 cannot eliminate substantive testing– Consider the overall risk assessment in designing

substantive tests

• Rely solely on substantive testing– Claims are always a significant audit area with

significant risks – Carefully consider sample size and selection – Expected errors?

P-ACCT5-23

Health Claims Fraud—What’s Hot

• Group therapy—Mental health– Patients with dementia diagnosis in group therapy– Therapy appears to be for entertainment

• Control – Should “kick” claims to “SIU”– Data analytics

• Look for trends/plan limits

P-ACCT5-24

Health Claims Fraud—What’s Hot (continued)

• Rehab and employment fraud – Non-PPO facilities are attracting members for rehab treatments – Look for multiple members with the same address– Misrepresentation of care– Drug testing– Unbundling services of care

• Phantom clinics– Clinics registered using the same address

• Sober house– Recruiting kids to get them to sober up

P-ACCT5-25

Health Claims Fraud—What’s Hot (continued)

• Hernia surgery– Cover up for weight loss procedures

• Birthing centers – Can’t cover critical care procedures – Significant amount of up coding

• Bluelight.Org– Social media forum to share fraud schemes

P-ACCT5-26

Proposed Changes to 5500 for Health Plans

• New proposed Schedule J, Group Health Plan Information

• Schedule J requirements for larger plans:– Number of individuals receiving cobra coverage– Who is covered? – Whether plan has high deductible – Whether the plan is grandfathered– Information about rebates from service providers

P-ACCT5-27

Proposed Changes to 5500 for Health Plans (continued)

• Schedule J requirements for larger plans:– Premium payments and stop loss coverage– Employer and participant contributions– Claims payment information– Counts of claims approved and denied– Dollar amount of claims paid– Number of claims, appeals and results– Number of claims processed late

P-ACCT5-28

Website Resources

https://www.ifebp.org/inforequest/ifebp/0200006.pdf

P-ACCT5-29

2017 Educational ProgramsFund Professionals—Accountants

63rd Annual Employee Benefits Conference October 22-25, 2017Las Vegas, Nevadawww.ifebp.org/usannual

Accounting and Auditing Institute for Employee Benefit PlansJune 26-28, 2017San Diego, Californiawww.ifebp.org/accounting

Fraud Prevention Institute for Employee Benefit PlansJuly 17-18, 2017Chicago, Illinoiswww.ifebp.org/fraudprevention

Collection Procedures InstituteNovember 15-16, 2017Santa Monica, Californiawww.ifebp.org/collections

Related Reading

Payroll Auditing: A Guide for Multiemployer Plans,Second Edition | Item #7303 Visit one of the on-site Bookstore locations or see www.ifebp.org/bookstore for more books.

P-ACCT5-30