In the summer of 2002, Congress reacted to the slew of corporate and accounting scandals of the time — the most notable being Enron — with a new law that aimed to establish transparency and accountability to corporations. Former Sen. Paul Sarbanes (D-Md.) and former Rep. Michael Oxley (R-Ohio) drafted legislation that set stricter standards and penalties for how U.S. public company boards and accounting firms handled their financials — better known as the Sarbanes-Oxley Act.
Although the Sarbanes-Oxley Act sets a framework for audit committees at public companies, it also contains elements that could and should be adopted by non-profit hospitals, says Mark Greenfield, JD, partner at Blank Rome in Los Angeles. In fact, some states, including California, have legislated some of the Sarbanes-Oxley Act requirements into law for large non-profit organizations.
Mr. Greenfield is also a board member of Cedars-Sinai Medical Center in Los Angeles, and he has been the chair of the hospital's audit committee for 10 years. Hospitals are complex organizations, and he says the bigger they are, the more Sarbanes-Oxley could pertain to them in how they structure their governance and utilize their audit committees.
"Cedars-Sinai has in excess of $2 billion in revenues, and it has more than 100 service lines," Mr. Greenfield says. "For an organization as large and complicated as Cedars-Sinai, it made sense to adopt and even embrace various governance features of Sarbanes-Oxley as important to us as they are with other companies affected by Sarbanes-Oxley."
Mr. Greenfield identifies six of the most important issues and shares best practices for hospitals organizing audit committees.
1. Members of management cannot be on the audit committee. One of the most important concepts behind Sarbanes-Oxley is accountability and transparency of the executive staff. Mr. Greenfield says in order for a hospital audit committee to be truly accountable, the members of the committee must have certain independence. Therefore, members of hospital management cannot sit on the audit committee.
However, having those parameters should not impede communication. The goal ought to be independence and transparency while also working together to resolve any issues. "The management of the hospital is not allowed to be member of audit committee itself, but we interface completely with management," Mr. Greenfield says. "Our CEO is an ex-officio member of the audit committee, and our CFO and vice president of finance attend all committee meetings. The idea is that we want to provide the opportunity for independent auditors working closely with the CFO and other executives to be able to feel comfortable, transparent and open with us."
2. Audit committee, not the board, must hire the external audit firm. When it comes time to hire an external, independent audit firm to audit the hospital's finances, that decision should fall squarely on the audit committee, not management, Mr. Greenfield says. The audit committee should also require the independent audit firm to change the lead audit partner every five years to avoid any potential conflicts of interest.
3. Hospital audit committees must keep their distance from the external auditors. Mr. Greenfield says the independent audit firm must work closely with both the audit committee and board of directors to complete the audit in a timely and accurate fashion, but it should only report to the audit committee. The basic underpinnings of Sarbanes-Oxley require these types of separate governance in order to uphold full financial integrity.
4. Embrace a robust internal audit function. Conducting an internal audit is not a provision of Sarbanes-Oxley, but Mr. Greenfield says it certainly could be a valuable management and board oversight tool that provides extra insight into the different sectors of the hospital's controls and adherence to established policies.
The audit committee should look at a wide array of "auditable" entities, especially those at high risk. For example, Mr. Greenfield suggests the audit committee focus on subcategories such as cash and collections, purchasing, contracts and any department that may have augmented financial risk.
Finally, when an internal audit is conducted, the involved parties must be sensitive to the fact that the people who are audited have other responsibilities. "Explain the value of what the internal audit is doing, but also recognize that we may initially be viewed as an intrusion," Mr. Greenfield says.
5. Work closely with hospital compliance. Mr. Greenfield says the Cedars-Sinai audit committee works very closely with the hospital's chief compliance officer to stay compliant with the myriad rules and regulations that apply to non-profit hospitals. The chief compliance officer should also have a presence at all audit committee meetings.
6. Monitor conflicts of interest. Audit committees should never lose sight of their overarching purpose, which is to make sure the hospital or health system stays financially honest and monitors all financial matters with a close eye. Mr. Greenfield says at Cedars-Sinai, the audit committee collects and reviews conflict-of-interest questionnaires that go out to medical staff, management and all board committee members to make sure the financial integrity of the institution lines up with the integrity of its employees. "If we're vigilant, any conflict issues that arise can be managed and resolved in all cases," Mr. Greenfield says.
Although the Sarbanes-Oxley Act sets a framework for audit committees at public companies, it also contains elements that could and should be adopted by non-profit hospitals, says Mark Greenfield, JD, partner at Blank Rome in Los Angeles. In fact, some states, including California, have legislated some of the Sarbanes-Oxley Act requirements into law for large non-profit organizations.
Mr. Greenfield is also a board member of Cedars-Sinai Medical Center in Los Angeles, and he has been the chair of the hospital's audit committee for 10 years. Hospitals are complex organizations, and he says the bigger they are, the more Sarbanes-Oxley could pertain to them in how they structure their governance and utilize their audit committees.
"Cedars-Sinai has in excess of $2 billion in revenues, and it has more than 100 service lines," Mr. Greenfield says. "For an organization as large and complicated as Cedars-Sinai, it made sense to adopt and even embrace various governance features of Sarbanes-Oxley as important to us as they are with other companies affected by Sarbanes-Oxley."
Mr. Greenfield identifies six of the most important issues and shares best practices for hospitals organizing audit committees.
1. Members of management cannot be on the audit committee. One of the most important concepts behind Sarbanes-Oxley is accountability and transparency of the executive staff. Mr. Greenfield says in order for a hospital audit committee to be truly accountable, the members of the committee must have certain independence. Therefore, members of hospital management cannot sit on the audit committee.
However, having those parameters should not impede communication. The goal ought to be independence and transparency while also working together to resolve any issues. "The management of the hospital is not allowed to be member of audit committee itself, but we interface completely with management," Mr. Greenfield says. "Our CEO is an ex-officio member of the audit committee, and our CFO and vice president of finance attend all committee meetings. The idea is that we want to provide the opportunity for independent auditors working closely with the CFO and other executives to be able to feel comfortable, transparent and open with us."
2. Audit committee, not the board, must hire the external audit firm. When it comes time to hire an external, independent audit firm to audit the hospital's finances, that decision should fall squarely on the audit committee, not management, Mr. Greenfield says. The audit committee should also require the independent audit firm to change the lead audit partner every five years to avoid any potential conflicts of interest.
3. Hospital audit committees must keep their distance from the external auditors. Mr. Greenfield says the independent audit firm must work closely with both the audit committee and board of directors to complete the audit in a timely and accurate fashion, but it should only report to the audit committee. The basic underpinnings of Sarbanes-Oxley require these types of separate governance in order to uphold full financial integrity.
4. Embrace a robust internal audit function. Conducting an internal audit is not a provision of Sarbanes-Oxley, but Mr. Greenfield says it certainly could be a valuable management and board oversight tool that provides extra insight into the different sectors of the hospital's controls and adherence to established policies.
The audit committee should look at a wide array of "auditable" entities, especially those at high risk. For example, Mr. Greenfield suggests the audit committee focus on subcategories such as cash and collections, purchasing, contracts and any department that may have augmented financial risk.
Finally, when an internal audit is conducted, the involved parties must be sensitive to the fact that the people who are audited have other responsibilities. "Explain the value of what the internal audit is doing, but also recognize that we may initially be viewed as an intrusion," Mr. Greenfield says.
5. Work closely with hospital compliance. Mr. Greenfield says the Cedars-Sinai audit committee works very closely with the hospital's chief compliance officer to stay compliant with the myriad rules and regulations that apply to non-profit hospitals. The chief compliance officer should also have a presence at all audit committee meetings.
6. Monitor conflicts of interest. Audit committees should never lose sight of their overarching purpose, which is to make sure the hospital or health system stays financially honest and monitors all financial matters with a close eye. Mr. Greenfield says at Cedars-Sinai, the audit committee collects and reviews conflict-of-interest questionnaires that go out to medical staff, management and all board committee members to make sure the financial integrity of the institution lines up with the integrity of its employees. "If we're vigilant, any conflict issues that arise can be managed and resolved in all cases," Mr. Greenfield says.
Related Articles on Hospital Finance:
The Uninsured and Net Returns: Q&A With DeKalb Medical CFO Diane Harden
5 Common Accounting Blunders Hospitals Can Avoid
7 Best Practices for a Smooth Hospital Tax Process