If the host of Family Feud asked contestants to name something everyone dreads, “a visit from the auditor” would likely be the answer next to “a trip to the dentist.”
Due to the massive (and ever growing) list of compliance regulations, health maintenance organizations and other companies are finding themselves in the auditor’s crosshairs more often these days.
In a perfect world, you’d know exactly when the auditor is going to show up, and what he or she will ask of you. Everything would be easy, with your data at your fingertips ready to prove your compliance.
Sadly, the real world is not like that, but there are ways to minimize problems when the auditor comes.
Eliminate complexity by consolidating data
If your IT infrastructure is set up in silos and you have a separate administrator. for every platform, you would have to ask each of those administrators to perform a search and query when the auditor asks which data a particular employee has access to, and how he or she received that access.
How many systems or applications can you currently access? Personally, I count nine just off the top of my head. That means that at least nine administrators have to stop what they are doing and make a search to see if I have access. Then, they have to look through their event logs to determine how I got it.
Also, I know that more than nine different applications exist in my organization, so the administrators for those apps would also have to search to show that I am NOT able to access their applications. It would be much easier if all data was stored in one searchable database so that nine people or more won’t be required to answer that single question.
Get the auditor out of the office as quickly as possible
No, I do not mean faking a contagious illness and forcing the auditor out of the building. Have all the data easily accessible and searchable so that you do not need to keep the auditor waiting while you search for the proverbial needle in a haystack.
If you’ve consolidated your identity access data in one location, and can search it to run a report to give what the auditor needs quickly, then that person could leave the office faster.
Provide the auditor access to run reports
Assuming you have followed the first two points, you have now consolidated your identity and access data in one location, and you have the ability to search it quickly for the info the auditor wants to see.
So, why not cut out the middleman and provide a safe access portal for the auditor to get this information? If you can provide that person access to help run queries and produce reports, no damage is done and it shows you have nothing to hide.
Play the role of auditor to find errors before he does
Finding you have a compliance violation is never fun, but knowing this during an audit is even worse because it leaves you scrambling in front of the auditor to fix something you missed.
Why not run some reports ahead of time? For example, if you know the auditor is coming to evaluate how your organization adheres to certain requirements, run some reports specific to those requirements and see how you stack up. That way, if you find an error or violation, you can take action to address it before your audit starts.
Think of it this way: when something goes wrong in your department, it is better if you can say, “I discovered this problem and I have already taken steps to fix it.” Or would you rather be caught off guard when the auditor discovers something wrong and tells you, your boss or other people?
Proving compliance is not necessarily fun. I have yet to meet children who say they want to audit organizations for compliance violations when they grow up. However, your experience with the auditor does not have to be on par with a trip to the dentist, either. Follow the above steps and you can make your next audit a fast, efficient and potentially rewarding experience.