Thanks to visit codestin.com
Credit goes to www.scribd.com

0% found this document useful (0 votes)
38 views8 pages

ERP Concepts Assignment

MIDWEST HEALTH SYSTEM: INFORMATION SYSTEM RISKS AND CONTROLS

Uploaded by

Ehsan Danish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
38 views8 pages

ERP Concepts Assignment

MIDWEST HEALTH SYSTEM: INFORMATION SYSTEM RISKS AND CONTROLS

Uploaded by

Ehsan Danish
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Course Title: Corporate Information System

Module 1: ERP Concepts


Submitted to: Dr. Ammar Aftab
Assignment No. 1
Submitted by: Group No. 6
 Hummad Ahmed Usmani F2022374005
 Komal Irshad F2022374004
 Raviha Maham F2022374007
 Ahmer Shabbir F2022374008
 Aqsa Sial F2022374021
 Ambreen F202237015
 Ehsan Danish F202237024

MIDWEST HEALTH SYSTEM: INFORMATION SYSTEM RISKS AND CONTROLS


Quiz 1:
Identify all IT General Control (ITGC) Risks as well as possible control to
mitigate those risks. Use the completed rows in case Exhibit 7 as a guide.
Add as many rows in each section as necessary. Please include a
completed version of case Exhibit 7 with your submission?

Area, Activity or Risks of Errors or Possible Controls to


Process Fraud Mitigate Risks
Registration of Patient in Outstanding/ Pending
If there is a pending
McKesson STAR System invoices on part of patient
payment against any
on account of previous
patient on account of
treatment charges which
Midwest Health System
are required to be
then an alarm/flag need
recovered from
to be trigger/generated.
Public/Private Insurance
First claim against
Company or from patient
pending payment need to
himself/herself. be recovered prior to
entry of new service
codes.
Also, penalty need to be
imposed on such delayed
payments.
Hence through this,
Midwest Health System
will prevent Theft/fraud
and increase its
revenues.
Regulations and Second biggest concern For that an IT Solution
Compliance weekly audit of Midwest Health System need to developed which
is ensuring Health will continuously ensure
Insurance Portability and the HIPAA Compliance
Accountability (HIPAA) requirements. Penalty
Act, however no IT will be imposed on
Control exist for such department/section
confirmation. Further it violating or bypassing the
needs to be checked regulations.
continuously that Midwest While developing this IT
Health System practices Solution all the HIPPA
meet federal, state and compliance requirements
industry regulations. & State regulations will
be fed into the Software
and then after
implementing proper
checks it will be ready for
use.
Charging of Insurance Insurance companies are Insurance Companies
Companies doing its Marketing need to be charged as
(explaining benefits to they are advertising and
Midwest’s patient) free of are getting profit based
cost. on this advertisement.
Financial IT System need
to be installed for
necessary deductions.
Utilization plan of Financial Counselling HR Information System
Financial Counselling Personnel’s utilization need to be developed for
Personnel plan need to be optimized better utilization plan of
to minimize the total Financial Counselling
number of Human personnel.
Resource creating burden
on revenue of Midwest
Health System

Quiz 2:
Identify all application risks and possible application controls related to
the billing and collection cycle. Add as many rows as necessary. Use case
Exhibit 7 as a guide. Please include a completed version of case Exhibit 7
with your submission.

Area, Activity or Risks of Errors or Possible Controls to


Process Fraud Mitigate Risks
Entry of Health Care When Health Care Verification need to be
Services in CCPOE & Services were entered in done after entry of
McKesson Star System CCPOE & McKesson Start Service Codes, this can
System, there is a be done by IT Verification
probability of missing an System which will
entry resulting into a loss compare services
of revenue for Midwest rendered with its
Health System. allocated codes. For that
service master data sheet
need to be prepared.
Regular Maintenance of Changes in applications/ All modifications in
Change Log system are not recorded application / system need
which result in to be recorded and this
uncertainty in the mind of information/notices of
users. modification need to be
circulated to Users so
they may not suffer from
any hindrance while
working after any change
in Information System.
Insurance/Service If the Service Charges are Cross Verification is
Charges Variance exceeding the Insurance also required to check for
Analysis Covered then an Advance any mismatch in value
Beneficiary Notice is which need to be paid by
generated for patient patient on account of
which need to be paid by non-covering of Service
him but there is a risk charges of Health System
that amount mentioned in by Insurance Company.
Beneficiary Notice is not
correct.

Quiz 3:
Identify at least three residual risks and a possible control for each.

Area, Activity or Risks of Errors or Possible Controls to


Process Fraud Mitigate Risks
Registration/ Service code Majority of patients are A Scanner can be
entry of Emergency emergency instead of in installed at Emergency
patient patients and out patients.
room as every emergency
Hence, due diligence is patient is entering
required in recording of through Emergency
entry/rendered services
Room. This Scanner will
against Emergencyscan the patients and will
patients as there might generate a serial
be a possibility, they may
number against each
left un-charged. patient. This serial
number will be eliminated
once dues are paid
against this serial
number.
Standardized and legible There is a possibility that Before communicating
entry of Health Care because of illegible drugs, doses, routes and
Services in CPOE handwriting of Physician, frequencies to Pharmacy,
Data Entry Operator Laboratory or radiology
might add different Physician need to
transcription/doses/test in verify this
Cerner computerized communication with e-
physician order entry signature.
CPOE which may cause
harmful effect on patient
as well as loss of revenue
for Midwest Health
System.
Transparency in Charity There might be a chance IT Audit System need to
that patient not qualified be developed which
for charity/financial should properly assess
support was able to the financial condition of
secure such grant. patient.

Quiz 4:
For each recommended control, list at least one test of operating
effectiveness. Use the completed rows in case Exhibit 8 as a guide. Please
include a completed version of case Exhibit 8 with your submission.

Area, Activity or Possible Controls to Possible Test of


Process Mitigate Risks Control
Registration of Patient in If there is a pending We can take one patient
McKesson STAR System payment against anywhose dues are pending
patient on account of and other patient who
Midwest Health System have no outstanding dues
then an alarm/flag need and will run a test and
to be trigger/generated. will check that whether
First claim against
an alarm is generated for
pending payment need to patient whose dues were
be recovered prior to pending or not. And
entry of new service similarly, we will observe
codes. the case for a patient
whose dues were already
cleared. In that case no
alarm need to be
generated.
Entry of Health Care Verification need to be We will make wrong
Services in CCPOE & done after entry of entries and then check
McKesson Star System Service Codes, this can whether the system is
be done by IT Verification able to capture this or
System which will not.
compare services
rendered with its
allocated codes. For that
service master data sheet
need to be prepared.
Insurance/Service Cross Verification is also A case in which
Charges Variance required to check for any differential need to be
Analysis mismatch in value which paid by patient will be a
need to be paid by test run to check that
patient on account of whether the exact
non-covering of Service differential that need to
charges of Health System be paid by patient is
by Insurance Company. captured or not.
Registration/ Service code A Scanner can be For a trial large number
entry of Emergency installed at Emergency of Emergency patients
patient room as every emergency will be entered in the
patient is entering Emergency Room and it
through Emergency will be checked that
Room. This Scanner will whether scanner will be
scan the patients and will able to generate serial
generate a serial number number against each
against each patient. patient or not.
This serial number will be
eliminated once dues are
paid against this serial
number.

Quiz 5:
Do you agree with the Audit team’s conclusion that the only significant
areas of concern in ITGCs are access security and change management?
Please explain why other areas of general controls do or do not present
significant risks. Explanation should include a discussion of strength and
weakness of existing controls.
Access Security & Change Management are significant risks that need to
be area of concern:
Access Security:
Digitalized healthcare solutions have enhanced efficiency as well as increased the
survival rate of a human being In Covid 2019, Heath care unit shifted their services,
operations and patient’s consultancy over the mobile applications in real time.
Heath care applications contain important data of patients which may leads security
threat as many people don’t have an authentic software available in their mobile
devices. It gives an edge for hackers to stole the necessary data. Private and
government hospitals used digital machines for different purposes. These machines
are a prominent asset to detect the diseases and procedures. Those machines
contain personal and financial data. Which can attract the potential cyberhackers.
To prevent these types of issues hospitals should use updated software’s and
regular maintenance need to be taken.
Change Management:
IT transformation always carries a set of challenges that proactively need to be
addressed:
 Misalignment on ambitions: Unrealistic, non-syndicated target setting (e.g.,
synergies/savings to be achieved) result in disappointment and loss of trust.
 Fear of the unknown: Employees are typically resistant to change and tend to
reject any alterations to their comfort zone and current modus operandi or
slow it down.
 Lack of visibility: Failing to communicate changes invites confusion,
frustration, rumors and increase disruptions. Managers are generally weary of
new solutions as they fear of losing power or even their positions.
Five-stage approach to integrate change management activities seamlessly during
transformation are: (Initiate, Understand & set the strategy, Design change solution,
implement change solution, Assess change management approach).

Other areas of general controls which present significant risks are:


Alignment of IT Goals with Strategic Goals:
IT always has a strategic position in any organization. There must be an IT Steering
Committee in every organization which must review Feasibility Study Reports, Pre-
Implementation Project Review Report & Post Implementation Project Review Report
of any small or mega IT Project.
Disaster Recovery Plan:
For timely recovery of its processing capability in case of system failure or a
catastrophic event there must be some Disaster Recovery Plan (off site storage of
both plan and data files).
Quiz 6:
Access the overall risk of the billing and collection process, taking into
consideration your answers to the previous questions. In your report’s
concluding section, you must include a statement explicitly stating your
overall risk assessment. Please attach your complete version of case
Exhibit 7.

OVERALL RISK ASSESSMENT


It has been observed that different applications/systems are in use instead of one
single Integrated Software Solution. Patient information for registration purpose is
entered into the McKesson STAR System, however Health Care services provided to
the patient are entered in Cerner Computerized Physician Order Entry (CPOE) which
is a separate system. Physicians are entering their financial side of medical record
in Professional Electric Health Record and Professional Management which are
separate IT Systems. Diagnosis Related Group (DRG) is classifying various hospital
services which is a different software. For Contract Management Pro-Con Module is
being used. For radiation oncology services Varian is used and PeopleSoft is being
used for general ledger, payroll and inventory management. Hence instead of one
Integrated Solution different software/application are being used which is making
the system less reliable, more complex, error prone, less costly (as maintenance
license is being paid for multiple software) and is creating the redundant work
(duplication of entries).
Conclusion:
All desired controls and their risks including but not limited to registration of Patient
in McKesson STAR System and separate Entry of Health Care Services in CCPOE &
McKesson Star System, nonadherence to Regulations and Compliance, non-
utilization of Insurance Companies profit, resource allocation plan of Financial
Counselling Personnel, loss of revenue linked with wrong entries in
Insurance/Service Charges is because of usage of different applications/system
instead of one Integrated Software Solution.

Quiz 7:
What course (s) of action do you recommend Nelson take, based on your
analysis of identified risks and suggested controls?
Nelson, Chief Information Officer (CIO) of Midwest Health System is making his team
to use multiple applications/software which includes McKesson Star System for
patient’s registration, entry of patient’s service codes and it has an EC200 Module
which function as a claim administrator. As some of the charges (Room Charges,
Physical Therapy Charges, Manually Priced Item Charges, Surgery Implant Charges)
are added in McKesson Star System. Direct Charges, Pharmacy Charges, Lab
Charges, Surgery Charges are added in Cerner Computerized Physician Order Entry
(CCPOE). ProCon is used for Contract Management, Nebo Passport is used for
Financial and Insurance Analysis, Varian is used for Radiation
Treatment/Documentation & PeopleSoft is used for Supply Chain & General Ledge.
Despite presence of all these software, Physicians are entering their financial data
in Profession Electronic Health Record and Professional Management.
Because of too many software/applications presences there might be a possibility of
loss of track of pending invoices, duplication of service charges or missing an entry
of service charges, loss of track of charity, mismatch in differential amount which
need to be paid by patient as insurance Company has limitations, ambiguity
regarding payment by patient in emergency and many others.
Mr. Nelson need to employ an Integrated Software Solution instead of
sticking to a web of complex software applications for different tasks.
Further not bringing on an integrated software application can be a
hindrance to the company’s growth. Integrated Software Solution can
provide following advantages:
1. Simplified decision making
2. Reduction in IT Cost
3. Increased productivity
4. More reliable data
5. Enhanced analysis
6. Improved data security

One of Integrated Software solution is ERP (Enterprise resource planning). ERP


is a type of software system that helps organizations automate and manage core
business processes for optimal performance. ERP Integrates all business process
into single system to provide analytic and efficiency for better decision making. SAP
(System Application & Product) is a software development corporation that provides
ERP software solutions in the market. Following SAP ERP Functional Modules can be
used instead of above-mentioned multiple applications:

Existing Software Applications SAP ERP Modules


McKesson Star System Financial Accounting & Controlling (SAP
Cerner Computerized Physician Order FICO)
Entry (CCPOE).
Nebo Passport
ProCon Material Management (SAP MM)
PeopleSoft Sales & Distribution (SAP SD)
Varian Quality Management (SAP QM)

Additional Benefits:

1. Midwest Health System is a system of 6,000 team members and volunteers


staffed by nearly 1,000 physicians and is providing a stable job to majority of
them. Human Capital Management (HCM) Module of ERP can be
implemented for recruitment, payroll, training Management & organization
management of Midwest Health System. Further issue of utilization of
Financial Councill Personnel can be resolved by this ERP Module.

2. Midwest Health System comprises of 1,000 hospital beds, hence Plant


Maintenance Module (SAP PM) can be used for its Asset Management.

You might also like