1

INTRODUCTION
A hospital is an institution for health care providing
treatment by specialized staff and equipments. Modernday hospitals are largely staffed by professional
physicians, surgeons and nurses.
Hospitals are set up to deal with many kinds of disease
and injury, and typically has an emergency ward to deal
with immediate threats to health and the capacity to
dispatch emergency medical services. A hospital is
typically the major health care facility in its region, with
large numbers of beds for intensive care and long-term
care; and specialized facilities for various surgeries.
Some hospitals are affiliated with universities for medical
research and the training of medical personnel and on the
other hand Clinics generally provide only outpatient
services.
A hospital may be a single building or a campus which
includes various wards classified as:
(a) A standard ward;
(b) A semi-private ward; or
(c) A private ward;
As the case may be, and in accordance with the
accommodation provided by the hospital and the
requirements in respect thereof set out in the
regulations. The rated bed capacity of any hospital
established for wards of each of the classes should be
appropriately examined and approved by the cost and
financial management department.

Laws Applicable to Audit of Hospitals:

Laws play a very vital role for smooth and
disciplinary functions followed by an enterprise. Also from
an audit point of view proper application of Laws in a
business/ professional environment sets a clean
impression about clients work which brings consistency
in the management as well. Besides, its very important
to keep a track of new amendments for not getting into
any discrepancy henceforth. However, further defaults (if
any) would lead to harsh consequences.
Operational standards for hospitals are to hold a
subsisting license as per law enacted for License
Registration.
Hospital rules and regulations.
The operator of a hospital shall enact and put into force
suitable general hospital by-laws and medical staff bylaws for example:
Indian Medicine Council Act 1956,
Consumer Protection Act,
Labour laws,
Drugs and Magic Remedies Act 1953,

License fees Act,

Act in relation to Waste Management

Supreme Court Judges (Salaries and Condition

of
services)
Act
1958
etc

Regulations and rules shall comply with any model

by-laws, regulations and rules, and directions or
guidelines, provided or approved as per prescribed
amendments.
The above Laws are enacted for:
(a) Prescribing the method and terms of admission
to the hospital;
(b) Setting out the duties and authority of the
officers and employees engaged in the operation or
administration of the hospital;
(c) Prescribing the scales of salaries and wages
payable to persons to whom clause (b) refers; and
Where the operator of a hospital is a corporation, the
by-laws, regulations, or rules shall be made by by-law
of the board of directors or other such managing
board or committee thereof.

Special Steps Involved in the Audit of a Hospital:

(1) Vouch the Register of patients with copies of bills
issued to them. Verify bills for a selected period with the
patients attendance record to see that the bills have
been correctly prepared. Also see that bills have been

issued to all patients from whom an amount was

recoverable according to the rules of the hospital.
(2) Check cash collections as entered in the Cash Book
with the receipts, counterfoils and other evidence for
example, copies of patients bills, counterfoils of dividend
and other interest warrants, copies of rent bills, etc.
(3) See by reference to the property and Investment
Register that all income that should have been received
by way of rent on properties, dividends, and interest on
securities settled on the hospital has been collected.
(4) Ascertain that legacies and donations received for a
specific purpose have been applied in the manner agreed
upon.
(5) Trace all collections of subscription and donations
from the Cash Book to the respective registers. Reconcile
the total subscription due (as shown by the Subscription
Register and the amount collected and that still
outstanding).
(6) Vouch all purchases and expenses and verify that the
capital expenditure was incurred only with the prior
sanction of the Trustees of the Managing Committee and
that appointments and increments to staff have been
duly authorised.
(7) Verify that grants, if any, received from the
government or local authority have been duly accounted
for. Also, that refund in respect of taxes deducted at
source has been claimed.

(8) Compare the totals of various items of expenditure

and income with the amount budgeted for them and
report to the Trustees or the Managing Committee
significant variations which have taken place.
(9) Examine the internal check as regards the receipt and
issue of stores: medicines, linen, apparatus, clothing,
instruments, etc. so as to insure that purchases have
been properly recorded in the Stock Register and that
issues have been made only against proper authorisation.
(10) See that depreciation has been written off against all
the assets at the appropriate rates.

INTERNAL CONTROL
Internal control is defined as a process effected by an
organization's structure, work and authority flows, people
and management information systems, designed to help

the organization accomplish specific goals or objectives.

It is a means by which an organization's resources are
directed, monitored, and measured. It plays an important
role in preventing and detecting fraud and protecting the
organization's resources, both physical (e.g., machinery
and property) and intangible (e.g., reputation or
intellectual property such as trademarks). At the
organizational level, internal control objectives relate to
the reliability of financial reporting, timely feedback on
the achievement of operational or strategic goals, and
compliance with laws and regulations. At the specific
transaction level, internal control refers to the actions
taken to achieve a specific objective (e.g., how to ensure
the organization's payments to third parties are for valid
services rendered.) Internal control procedures reduce
process variation, leading to more predictable outcomes.
AAS-6 issued by the ICAI deals with the study and
evaluation of Internal Control in connection with an Audit.
It defines Internal Control as All the policies and
procedures adopted by the management of a concern to
ensure the orderly and efficient conduct of its business.
The internal auditors and external auditors of the
organization also measure the effectiveness of internal
control through their efforts. They assess whether the
controls are properly designed, implemented and working
effectively, and make recommendations on how to
improve internal control. They may also review
Information technology controls, which relate to the IT
systems of the organization.

The system of internal control is the plan of the

organisation and all the methods and procedures adopted
by the management of an enterprise to accomplish the
following objectives:
a) Execution of transactions in accordance with
managements general or specific authorisation;
b)prompt and correct recording of all transactions so as
to enable preparation of financial information as per
recognised accounting policies and practices and
relevant legal requirements, if any, and to maintain
accountability of assets;
c) safeguarding of assets from unauthorised access,
use or disposition;
d)comparison of recorded assets with the existing
assets at reasonable intervals so as to enable
appropriate action in the case of any difference.

The effectiveness of internal control procedures

depends on the environment in which the internal control
system operates. But a strong environment with effective
budgetary and internal audit system may not necessarily
ensure an effective internal control system. The internal
control environment may be affected by the following
factors
a) Organisation structure, i.e., delegation of authority
and assignment of functions so as to facilitate the
working of the internal control system.

b)Management supervision, i.e., a regular review of the

adequacy of the internal control system with a view
to ensuring effective operation of all significant
controls. Internal audit system can also take care of
such review.
c) Personnel, i.e., competence and integrity of the
persons who are responsible for establishment and
operation of the internal control system.

Important Points to be Considered by an Auditor with

regard to Internal Control:
The auditor should review the accounting system and the
related internal controls to understand the flow of
transactions and the specific control procedures to
identify the controls which could be relied upon during
the audit, keeping in view the size of the enterprise and
the extent of controls. The review will be mainly by way
of enquiries addressed to personnel at various levels in
the enterprise, together with reference to documentation,
e.g., procedure manuals, flow charts, job descriptions,
etc. In a continuing engagement, knowledge about the
control procedures should be regularly updated.
A certain number of representative transactions should
be traced through the accounting system so as to

understand the system and the related internal controls.

Information relating to the internal controls may be
recorded by way of narrative descriptions, questionnaires
and flow charts, as the auditor deems appropriate.
Preliminary review should be based on the assumption
that the controls operate generally as described, and they
function effectively throughout the period of intended
reliance. The purpose of the review is only to identify the
specific controls which can continue to be relied upon.
The auditor may decide not to rely on any particular
controls because of their defective design or because the
effort required to test whether they are being complied
with, will not be commensurate with the reduction in
effort to be achieved by placing reliance on them.

Internal Control in a Hospital:

10

The two panels on the left represent the hospital

administration. The right-hand panel represents the
medical staff. For clarity, only a few of the many
departmental entries have been labeled in each panel.
Although the administration's exact departmental
grouping varies considerably with the size and type of
hospital, it basically consists of patient care services
(e.g., pharmacy), depicted in the middle panel, and
support services (e.g., accounting), depicted in the lefthand panel. As indicated in the right-hand panel, the
medical staff is usually divided into clinical services
according to the specialty branches of its member
physicians (e.g. cardiology).
INTERNAL CHECK / AUDIT
Internal auditing is a profession and activity involved in
advising organizations regarding how to better achieve
their objectives. Internal auditing involves the utilization

11

of a systematic methodology for analyzing business

processes or organizational problems and recommending
solutions. Professionals called internal auditors are
employed by organizations to perform the internal
auditing activity. The scope of internal auditing within an
organization is broad and may involve internal control
topics such as the efficacy of operations, the reliability of
financial reporting, deterring and investigating fraud,
safeguarding assets, and compliance with laws and
regulations.
Internal
auditing
frequently
involves
measuring compliance with the entity's policies and
procedures.
A hospital's internal audits increasingly should focus on
the clinical aspects of cost and payment. This scrutiny
can provide a better look at the efficiency of clinical
operations control and bottom line effect.
Four steps are involved in planning an operations audit:
First, background information (including regulations and
standards concerning pacemakers) should be obtained.
Flow charts and questionnaires can help explain various
administrative stages for acquisition handling and
charging.
Second, a set of preliminary objectives should define the
scope of an audit. An audit should review the financial
and operational issues involved in purchasing concepts,
control pricing, charging, and credit return. A hospital
audit should include justification for extended stays,
surgical management care, and protocol.
Third, an auditor should be familiar with an institution's
goals, objectives, organization, staffing, information

12

systems, performance standards, and written procedures.

A walk-through with the manager of each review area is a
good idea.
The final step is to devise a step-by-step audit program.

Performing an Audit,
For an analysis of charges and payments, a personal
computer can be used to establish databases from the
following source documents:
Accounts payable files by manufacturer;
Medical records and billing files by patient; and
Operational and surgical logs for implanting and
explanting.
The analysis should include sufficient data to draw
reasonable conclusions.
A hospital's medicine charges, found in its billing files,
can be compared to its medicine purchases, listed by
manufacturer or serial number. Bills should be separated
into charges versus payments received and recorded as
either profit or loss per patient.
Bill review computation or electronic method of
transmitting pacemaker data to third-party payers for
accuracy and timeliness of payments also should be
analyzed.

13

The next step involves determining whether surgical

implant charges are based on time, procedure, or both.
Charges should be consistent from patient to patient.
Price changes should be verified, and unadjusted profit
margin on price changes should be identified.
The unit price the hospital is paying should be examined
against the manufacturer's list price, with particular
attention given to discounts and bidding agreements.
To
avoid
MediClaim
fraud
and
abuse
issues,
manufacturers can be asked whether physicians are
receiving any form of commission or rebate for using a
particular brand of medicine. While a manufacturer is
unlikely to reveal a commission arrangement, inquiring
about it can help clear a hospital of liability in the event
of fraud or abuse charges.

FINANCIAL AUDIT
A financial audit, or more accurately, an audit of financial
statements, is the examination by an independent third
party of the financial statements of a company or any
other legal entity (including governments), resulting in
the publication of an independent opinion on whether or
not those financial statements are relevant, accurate,
complete, and fairly presented.
Financial audits are typically performed by firms of
practising accountants due to the specialist financial
reporting knowledge they require. The financial audit is

14

one of many assurance or attestation functions provided

by accounting and auditing firms, whereby the firm
provides
an
independent
opinion
on
published
information.
Many organisations separately employ or hire internal
auditors, who do not attest to financial reports but focus
mainly on the internal controls of the organization.
External auditors may choose to place limited reliance on
the work of internal auditors.
Financial audits exist to add credibility to the implied
assertion by an organization's management that its
financial statements fairly represent the organization's
position and performance to the firm's stakeholders
(interested parties). The principal stakeholders of a
company are typically its shareholders, but other parties
such as tax authorities, banks, regulators, suppliers,
customers and employees may also have an interest in
ensuring that the financial statements are accurate.
The audit is designed to reduce the possibility of a
material misstatement. A misstatement is defined as
false or missing information, whether caused by fraud
(including deliberate misstatement) or error. Material is
very broadly defined as being large enough or important
enough to cause stakeholders to alter their decisions.
The exact 'audit opinion' will vary between countries,
firms and audited organisations.

Stages of a Financial Audit:

15

A financial audit is performed before the release of the

financial statements (typically on an annual basis), and
will overlap the 'year-end' (the date which the financial
statements relate to).
The following are the stages of a typical financial audit:
Planning and risk assessment
Timing: before year-end
Purpose:

to understand the business of the company and the

environment in which it operates.
to determine the major audit risks (i.e. the chance
that the auditor will issue the wrong opinion). For
example, if sales representatives stand to gain
bonuses based on their sales, and they account for
the sales they generate, they have both the incentive
and the ability to overstate their sales figures, thus
leading to overstated revenue. In response, the
auditor would typically plan to increase the rigour of
their procedures for checking the sales figures.

Internal controls testing

Timing: before and/or after year-end
Purpose:

to assess the internal control procedures (e.g. by

checking computer security, account reconciliations,
segregation of duties). If internal controls are
assessed as strong, this will reduce (but not entirely

16

eliminate) the amount of 'substantive' work the

auditor needs to do (see below).

Substantive procedures
Timing: after year-end (see note regarding hard/fast close
below)
Purpose:

to collect audit evidence that the management

assertions (actual figures and disclosures) made in
the Financial Statements are reliable and in
accordance with required standards and legislation.

Methods:

where internal controls are strong, auditors typically

rely more on Substantive Analytical Procedures
(the comparison of sets of financial information, and
financial with non-financial information, to see if the
numbers 'make sense' and that unexpected
movements can be explained)
where internal controls are weak, auditors typically
rely more on Substantive Tests of Detail
(selecting a sample of items from the major account
balances, and finding hard evidence (e.g. invoices,
bank statements) for those items)

Finalization
Timing: at the end of the audit

17

Purpose:

to compile a report to management regarding any

important matters that came to the auditor's
attention during performance of the audit,
to evaluate and review the audit evidence obtained,
ensuring sufficient appropriate evidence was
obtained for every material assertion and
to consider the type of audit opinion that should be
reported based on the audit evidence obtained.

NON FINANCIAL AUDIT

Cost Audit:
Cost audit is defined as the verification of correctness of
cost records and check in the adherence to the cost
accounting plan. It is the audit of cost records. It is an
audit process for verification of the cost of manufacture
to utilization of material, labour and other items of cost
maintained by the company with the accepted principles
of cost accounting. Thus, cost audit is an audit of
efficiency. It is mainly a preventive measure, a guide for
management policy and decision, in addition to being a
barometer of performance of a company.
Management Audit:
Management Audit is The comprehensive examination of
an enterprise to appraise its organizational structure,

18

policies and procedures in order to determine whether

sound management exists at all levels, ensure effective
relationship with the outside world and internal
efficiency. Management Audit is concerned with review
of the past performance to ascertain whether it is in tune
with the objective, policies and procedures. It is a method
used to evaluate the efficiency of management at all
levels through the organization. Therefore, it is also called
an efficiency audit. It comprises the investigation of a
business by an independent body from the highest
executive levels downwards in order to ascertain whether
sounds management prevails throughout and to report as
to its efficiency.
Environment Audit:
Environment Audit is concerned with the verification of
performance of environment management systems to
control pollution and their efficiency to conserve the
environment. Conservation of environment extends not
only to control pollution of air and water, but also control
of noise level, prevention of denudation of forests and
maintenance of ecological balance.

Proprietary Audit:
Proprietary means that which meets the test of public
interest, commonly accepted customs and standard of
contract and particularly as applied to professional
performance, requirement of Government regulations and
professional codes. Proprietary audit would therefore

19

mean whether the transactions have been done in

conformity with established rules, principles, some
established standards, statutory regulations which meets
the tests of public interest.
Social Audit:
Social Audit is a technique for monitoring, appraising and
measuring the social contribution of business. It is a new
concept. It is a technique of finding out how the social
responsibilities are being discharged by a business unit. It
evaluates the performance of an enterprise in relation to
environment, consumer protection and community
services.