In August 2016, new Health and Human Services (HHS) Office of Inspector General (OIG) guidance was issued on Independent Review Organization (IRO) independence and objectivity. This new guidance follows the original guidance offered in 2004, prompted by inquiries from individuals and entities who were subject to Corporate Integrity Agreements (CIAs) regarding circumstances that might affect the independence of an IRO that performs CIA reviews.
Then, in 2007, the Government Accountability Office (GAO) updated its auditing standards, leading to an updated guidance from the OIG in 2010 to reflect those updated standards and additional types of IRO reviews included in CIAs, such as arrangements reviews, promotional and product services reviews, etc.).
This most recent guidance reflects the 2011 revisions to the GAO auditing standards and is a summary of the OIG’s views on the relevant principles that should be used to assess the independence and objectivity of an IRO that performs CIA reviews.
Summary of OIG’s Views on Applicable Independence and Objectivity Standards
The OIG has previously determined it to be appropriate to adopt the standards for auditor independence and objectivity that are set forth in the GAO Government Auditing Standards (December 2011 Revision), also known as the “Yellow Book.” The Yellow Book provides both ethical principles and general standards that apply to all types of IRO reviews performed under CIAs and that form the basis of the OIG’s requirements relating to independence and objectivity of the IRO.
Oftentimes, CIAs will require that each IRO used by the provider must furnish a certification that the IRO has evaluated its professional independence and objectivity with respect to the review being performed for the provider and that the IRO has concluded that it is independent and objective.
The Yellow Book provides that objectivity includes “independence of mind and appearance when providing audits, maintaining an attitude of impartiality, having intellectual honesty, and being free of conflicts of interest.” The concepts of objectivity are closely related and independence impairments impacts objectivity.
The Yellow Book requires that, in all matters relating to audit work, the audit organization and individual auditor remain independent. Independence comprises both independence of mind and independence in appearance. IROS must maintain independence so that their opinions, findings, conclusions, judgments, and recommendations are impartial, and viewed as impartial by the OIG.
The Yellow Book identifies two categories of threats to independence: (1) “self-review threat”: the threat that an auditor or audit organizations that has provided nonaudit services will not appropriately evaluate the results of previous judgments made or services performed as part of the nonaudit services when forming a judgment significant to an audit and (2) “management participation threat”: the threat that results from an auditor taking on the role of management or otherwise performing management functions on behalf of the entity undergoing the audit.
Services that Likely Would Not Impair the IRO’s Independence and Objectivity
The OIG has set forth examples of nonaudit services furnished by an IRO to an entity under a CIA that likely would not present an impairment to the IRO’s independence and objectivity with respect to the IRO performing a CIA review for that entity.
Some services that likely would not impair the independence and objectivity include services such as: IRO personnel furnishing general compliance training that addresses the requirements of the provider’s CIA and introduces employees to the provider’s overall compliance program; the IRO performs routine tasks relating to the provider’s confidential disclosure program, such as answering the confidential hotline or transcribing the allegations received via the hotline; and the IRO provides personnel to perform work plan procedures that are developed by the provider’s internal audit department and are not related to the subject matter of the CIA reviews.
Services that Likely Would Impair the IRO’s Independence and Objectivity
Likewise, the OIG set forth a list of examples of nonaudit services furnished by an IRO to an entity under a CIA that, if the IRO performed, would likely be considered an impairment of independence and objectivity.
Services that likely would have an impact on independence and objectivity include: a provider using a billing system or coding software that was developed or designed by the IRO and the IRO is being engaged to perform a claims review; the IRO participates in decision making relating to the confidential disclosure program, such as determining which allegations warrant further investigation or the appropriate corrective action to take in response to compliance allegations; or the IRO is engaged to provide consulting services to the provider during the term of the CIA on a matter that is related to the subject matter of the CIA reviews.
Professional Judgment and Competence
According to the Yellow Book, auditors should use professional judgment in all aspects of their professional responsibilities, including following the independence standards and related conceptual framework, maintaining objectivity and credibility, assigning competent staff to the audit, defining the scope of work, evaluation, documenting, and reporting the results of the work, and maintaining appropriate quality control over the audit process.