| |
Please respond to the following questionnaire in order to assist Internal Audit and Enterprise Risk Management in Cambia Health Solutions’ annual enterprise risk assessment process. In addition, we may contact you to schedule a follow-up interview. The questionnaire results are used by Internal Audit to set the Audit Plan and by Enterprise Risk Management to develop and manage a comprehensive risk portfolio for the organization.
If you have any questions, please contact Anjie Vannoy via email at [email protected], or by phone at (503)276-1865, or Prakash Vanguri at [email protected], or at (503)225-6611.
|
| |
|
|
|
|
|
|
|
| |
2013 Business Objectives:
1 Achieve Sustainable Total Health Care Costs Below Our Competitors.
2 Become Lighter on our Feet and Make it Easier to do Business with Us.
3 Grow in Target Segments without Significantly Reducing Financial Strength.
4 Continue to Diversify our Portfolio to Serve and Influence Health Care Stakeholders.
5 Drive a culture of innovation and engagement to achieve desired results.
In your opinion, what are the top three events or uncertainties that could impede Cambia’s ability to achieve our 2013 Business Objectives (listed above)? Please use this page to document one event or uncertainty; additional pages will be provided to add additional events or uncertainties. |
| |
|
| |
| Describe the first event or uncertainty: | | |
|
|
| |
| After providing your response, please select the appropriate risk category for this event or uncertainty. |
| |
|
Risk Category
Please select an option from the drop down menu below. After selecting an option, another drop down list will be displayed. Select the appropriate option from that list as well.
|
|
|
|
| |
Inherent Risk refers to the Organization’s exposure to a risk event before any mitigation strategies are in place. This measure helps us understand the “true” impact an event has on the organization. Click on the available hyperlink to gain a better understanding of the Inherent Risk criteria.
Please rate your Inherent Risk below:
|
| |
|
|
|
| |
| Please describe your rationale for the Inherent Risk rating: | | |
|
|
| |
Speed of Onset refers to how quickly the risk event and its consequences could materialize. Please rate the Speed of Onset below:
|
| |
|
|
|
Business Process and Sub-Process
Please select an option from the Business Process drop down menu below where this event or uncertainty originates (if applicable). After selecting an option, a drop down list of Sub-Processes will be displayed. Select an appropriate option from that list as well.
|
|
|
|
| |
| Describe the second event or uncertainty: | | |
|
|
| |
| After providing your response, please select the appropriate risk category for this event or uncertainty. |
| |
|
Risk Category
Please select an option from the drop down menu below. After selecting an option, another drop down list will be displayed. Select the appropriate option from that list as well.
|
|
|
|
| |
Inherent Risk refers to the Organization’s exposure to a risk event before any mitigation strategies are in place. This measure helps us understand the “true” impact an event has on the organization. Click on the available hyperlink to gain a better understanding of the Inherent Risk criteria.
Please rate your Inherent Risk below:
|
| |
|
|
|
| |
| Please describe your rationale for the Inherent Risk rating: | | |
|
|
| |
Speed of Onset refers to how quickly the risk event and its consequences could materialize. Please rate the Speed of Onset below:
|
| |
|
|
|
Business Process and Sub-Process
Please select an option from the Business Process drop down menu below where this event or uncertainty originates (if applicable). After selecting an option, a drop down list of Sub-Processes will be displayed. Select an appropriate option from that list as well.
|
|
|
|
| |
| Describe the third event or uncertainty: | | |
|
|
| |
| After providing your response, please select the appropriate risk category for this event or uncertainty. |
| |
|
Risk Category
Please select an option from the drop down menu below. After selecting an option, another drop down list will be displayed. Select the appropriate option from that list as well.
|
|
|
|
| |
Inherent Risk refers to the Organization’s exposure to a risk event before any mitigation strategies are in place. This measure helps us understand the “true” impact an event has on the organization. Click on the available hyperlink to gain a better understanding of the Inherent Risk criteria.
Please rate your Inherent Risk below:
|
| |
|
|
|
| |
| Please describe your rationale for the Inherent Risk rating: | | |
|
|
| |
Speed of Onset refers to how quickly the risk event and its consequences could materialize. Please rate the Speed of Onset below:
|
| |
|
|
|
Business Process and Sub-Process
Please select an option from the Business Process drop down menu below where this event or uncertainty originates (if applicable). After selecting an option, a drop down list of Sub-Processes will be displayed. Select an appropriate option from that list as well.
|
|
|
|
|
|
| |
| In addition to the risks identified in Section I relating to our 2013 Business Objectives, please identify the top three events or uncertainties that could affect your specific department or division objectives in the next 18 months. |
| |
|
| |
| Describe the first event or uncertainty: | | |
|
|
| |
| After providing your response, please select the appropriate risk category for this event or uncertainty. |
| |
|
Risk Category
Please select an option from the drop down menu below. After selecting an option, another drop down list will be displayed. Select the appropriate option from that list as well.
|
|
|
|
| |
Inherent Risk refers to the Organization’s exposure to a risk event before any mitigation strategies are in place. This measure helps us understand the “true” impact an event has on the organization. Click on the available hyperlink to gain a better understanding of the Inherent Risk criteria.
Please rate your Inherent Risk below:
|
| |
|
|
|
| |
| Please describe your rationale for the Inherent Risk rating: | | |
|
|
| |
Speed of Onset refers to how quickly the risk event and its consequences could materialize. Please rate the Speed of Onset below:
|
| |
|
|
|
Business Process and Sub-Process
Please select an option from the Business Process drop down menu below where this event or uncertainty originates (if applicable). After selecting an option, a drop down list of Sub-Processes will be displayed. Select an appropriate option from that list as well.
|
|
|
|
| |
| Describe the second event or uncertainty: | | |
|
|
| |
| After providing your response, please select the appropriate risk category for this event or uncertainty. |
| |
|
Risk Category
Please select an option from the drop down menu below. After selecting an option, another drop down list will be displayed. Select the appropriate option from that list as well.
|
|
|
|
| |
Inherent Risk refers to the Organization’s exposure to a risk event before any mitigation strategies are in place. This measure helps us understand the “true” impact an event has on the organization. Click on the available hyperlink to gain a better understanding of the Inherent Risk criteria.
Please rate your Inherent Risk below:
|
| |
|
|
|
| |
| Please describe your rationale for the Inherent Risk rating: | | |
|
|
| |
Speed of Onset refers to how quickly the risk event and its consequences could materialize. Please rate the Speed of Onset below:
|
| |
|
|
|
Business Process and Sub-Process
Please select an option from the Business Process drop down menu below where this event or uncertainty originates (if applicable). After selecting an option, a drop down list of Sub-Processes will be displayed. Select an appropriate option from that list as well.
|
|
|
|
| |
| Describe the third event or uncertainty: | | |
|
|
| |
| After providing your response, please select the appropriate risk category for this event or uncertainty. |
| |
|
Risk Category
Please select an option from the drop down menu below. After selecting an option, another drop down list will be displayed. Select the appropriate option from that list as well.
|
|
|
|
| |
Inherent Risk refers to the Organization’s exposure to a risk event before any mitigation strategies are in place. This measure helps us understand the “true” impact an event has on the organization. Click on the available hyperlink to gain a better understanding of the Inherent Risk criteria.
Please rate your Inherent Risk below:
|
| |
|
|
|
| |
| Please describe your rationale for the Inherent Risk rating: | | |
|
|
| |
Speed of Onset refers to how quickly the risk event and its consequences could materialize. Please rate the Speed of Onset below:
|
| |
|
|
|
Business Process and Sub-Process
Please select an option from the Business Process drop down menu below where this event or uncertainty originates (if applicable). After selecting an option, a drop down list of Sub-Processes will be displayed. Select an appropriate option from that list as well.
|
|
|
|
|
|
| For this next section, please answer the following questions based on your specific department/work area. This will allow Internal Audit and Enterprise Risk Management to obtain additional information on changes or assurance work that has occurred or will occur in the specified time periods. If you answer “Yes” to any of these questions, please provide further explanation or detail for your answer in the comment box that appears (e.g. details of reported fraud, specific changes that will occur, etc.).
|
|
|
|
|
|
| |
| Lastly, the following is the list of potential internal audits that will occur in the next 18 months. Please indicate for each audit if it is: 1) Valuable (i.e. we must do the audit), 2) Neutral (i.e. you don’t have an opinion or enough knowledge to provide input), or 3) Non-Priority (i.e. irrelevant at this time). If you respond as Non-Priority, then please provide a brief response explaining why. |
| |
|
|
|
| |
Audit/Project Title: Accountable Health Systems (AHS) - Provider Strategy
Audit Objective: Analyze Cambia’s AHS strategy, including provider relationships and networking, and system capabilities |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Product Strategy Development
Audit Objective: Analyze Cambia’s product strategy, including product development and delivery, and system capabilities |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Distributed Project Management
Audit Objective: Analyze the management and control of projects |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Provider Contracting
Audit Objective: Review of policies, procedures, and controls related to provider contracting |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Facets Ancillary Application Security
Audit Objective: Review controls to restrict access to key applications that interface with Facets (e.g. CRM, PIMS, etc.) |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Cloud Information Security
Audit Objective: Assessment of security strategies and controls for data and information that is planned to exist in a “cloud” IT environment |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Gateway Email Tool
Audit Objective: Review controls to block inappropriate information from entering or leaving Cambia’s network |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Business Continuity Planning (BCP) & Disaster Recovery (DR)
Audit Objective: Assessment of BCP/DR documentation, planning and recoverability. |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Data Analytics & Information Flow
Audit Objective: Review strategies and controls to ensure critical information and data are provided completely, accurately, and timely |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: IT Governance
Audit Objective:Review enterprise procedures to control IT risks, promote sound IT practices across all levels, and create overall IT activity that reflects the needs and risk appetite of Cambia |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: ICD-10 (Project Audit)
Audit Objective: Assessment of progress, milestones, and deliverables of the ICD-10 project |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: DACE (Project Audit)
Audit Objective: Assessment of progress, milestones, and deliverables of the DACE project |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Exchanges (Project Audit)
Audit Objective: Assessment of progress, milestones, and deliverables of the Exchanges project |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Office of Civil Rights (OCR) HIPAA Hotspots
Audit Objective: Analyze privacy and security controls related to areas identified as “hotspots” by OCR (e.g. incident detection and response) |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Talent Management
Audit Objective: Assessment of procedures and controls to acquire, retain, and foster growth of human capital |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
|
|
| |
Audit/Project Title: Employee & Board Expenses
Audit Objective: Annual audit of expenses for compliance & fraud |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Outsourced Operations
Audit Objective: Annual audit of outsourced vendors and management of contracts/services |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Medicare Compliance & Operations
Audit Objective: Annual audit of Medicare compliance activities and operational controls |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Model Audit Rule (MAR)
Audit Objective: Annual audit of MAR testing and control deficiency analysis |
| |
|
| |
| |
Please provide a brief explaination why: |
|
|
|
| |
Audit/Project Title: Trizetto
Audit Objective: Annual audit of Trizetto processes and controls |
| |
|
| |
| |
Please provide a brief explaination why: |
|
| |
| Please inform us of any additional suggested audits for 2013-2014 that you feel are necessary: | | |
|
|
| |
| Please use the comment box below to add any additional thoughts or information that you feel is relevant for the 2013 risk assessment process. | | |
|
|
Loading...
