Preparing for a Financial Statement Audit in Healthcare

A first-time financial statement audit is a significant milestone for any organization – and can be especially daunting for healthcare companies, which often must deal with additional regulatory requirements, entity structure and consolidation complexities, and other complicated accounting matters. Moreover, the results of an audit can have significant implications for a healthcare company’s reputation, funding, and stakeholder relationships. To aid an efficient audit and minimize the risk of unforeseen and costly overages, it’s essential for healthcare companies to know what to expect and how best to prepare.

Plan with future milestones in mind

A healthcare company with a first-time audit on the horizon might see audit completion as the end goal. In reality, events that give rise to an audit requirement often bring about many more obligations further down the road. A company going through an audit to satisfy lender requirements often must adhere to additional covenants such as satisfying certain financial ratio requirements or providing cash flow forecasts and other financial reports.

While a company prepares to meet the conditions of an audit, it also should be preparing for more rigorous future requirements. As management invests time and resources into preparing for and executing the audit, it also should think about the organizational infrastructure and processes needed to support covenant requirements – often a condition of obtaining financing – and further growth. A disorganized accounting system requiring significant manual intervention is unlikely to be sustainable long term – and issues will only become magnified as a company continues to scale up.

Don't delay readiness

Even if an audit isn’t imminent, companies should consider investing in the accounting function to help drive operational efficiencies and higher-quality financial reporting – in turn allowing management to make better decisions based on more accurate data. On the other hand, poor accounting practices and inaccurate data could prematurely close doors if a company is undervalued, or they might lead to unpleasant surprises if it is overvalued.

Exit opportunities likely will hinge on the completion of an audit, often within a tight time frame. Proactive preparation can help companies quickly pivot and take advantage of any opportunities that might come their way.

Consider entity structures and consolidation

Different entity structures give rise to different reporting conclusions. Management should carefully consider the organization’s reporting structure given a significant deal structure and tax implications.

It’s common for healthcare entities – specifically, practice entities – to use a “friendly doctor” structure to meet regulatory ownership requirements. As part of an acquisition, a management services organization (MSO) might get involved to facilitate ownership. Different state-level regulations governing the corporate practice of medicine can present additional complexities if an entity has a physical presence or conducts telemedicine operations in multiple states.

Companies should consider the implications of how a transaction is structured, as the ownership can influence the ultimate consolidation and tax filings, even if the MSO does not have legal ownership but otherwise has control of the organization.

Get accounting up to standard

A healthcare organization undergoing a first-time audit might need to make significant changes to ensure that its teams are prepared and its processes are robust enough to produce the necessary deliverables. Instead of relying on substantial manual intervention and adjustments just to produce a trial balance that balances, an organization with strong processes will be able to quickly and efficiently generate the necessary reports alongside complete and accurate underlying data. In order to develop these processes, it can be helpful to start building toward a tighter month-end close deadline with smaller quantifiable changes.

The road to a more automated close and a tighter close timeline begins with small, quantifiable changes. Healthcare organizations can start this journey by thinking about implementing the following changes.

1. Build out the close calendar. Maintain a detailed schedule for the close process, compiling a list of each expected set of journal entries, estimated completion time, entry owner, and dependencies both within and outside of the finance functions. Establish key preparation and review deadlines to facilitate close completion. As the organization matures, consider implementing additional processes and tasks to improve the sophistication of the month-end close. For example, the implementation of postclose account reconciliations and uniform required documentation can help support a higher-quality close process. In addition, an early close for certain transactional systems – such as accounts payable or fixed assets – can allow for an earlier start on other key accounts and entries.
2. Focus on accrual accounting. Instead of waiting for all information to be finalized to close the books, use accruals to estimate current-period values. This can expedite the close process with minimal impact to accuracy and allow for earlier completion of challenging entries. Establish a uniform methodology – including where information will come from, how the estimated accrual will be calculated and documented, and how accruals will be tracked for reversals or true-ups. For regular vendors, consider tracking regular billings, potentially with the assistance of individuals who manage specific vendor services outside of the finance function.
3. Gather feedback and focus on continual improvement. Schedule postclose meetings so the team can debrief and discuss what went well and what might be improved. Identify specific points of improvement and develop an action plan and an expected timeline for each.
4. Strengthen relationships outside of the finance function. As a company scales, it becomes even more important to build relationships outside of the finance team to facilitate stronger financial reporting and create an overall culture of compliance throughout the organization. Weak relationships with key individuals outside of the finance function can lead to surprise expenses and inaccurate forecasts if these individuals don’t recognize the importance of proactive communication with the finance team. Finance personnel can help facilitate these relationships by positioning themselves as trusted advisers within the organization.



Align with the auditor on schedule and expectations

Audit preparation typically must be completed in a limited time window, with hard deadlines often driven by lender reporting requirements or partnership tax return deadlines. It’s critical for a healthcare organization and its auditor to commit to a realistic but efficient timeline that works for both the organization and the auditor.

Depending on the ultimate purpose of the audit, its objectives and timeline might not align. Organizations should ensure that they clearly discuss and agree with their auditor on scope, objectives, and expectations of the audit as well as deliverables and deadlines.

Organizations undergoing an audit should be aware of the services that an audit firm may, and may not, provide. A firm’s role in providing assurance services limits its ability to assist in certain matters, such as helping with purchase accounting and related valuation work, due to independence requirements.

Ensure the team has the capacity to accommodate audit activities – and evolving day-to-day responsibilities

An audit can be time-consuming and highly demanding, requiring a significant time investment and collaboration from members of an organization’s finance, accounting, and operational teams. Once the timeline and objectives of an audit have been established, management should assign clear roles and responsibilities to each team member and provide them with the necessary training and guidance. Management also should plan for any potential disruptions or delays that might affect normal operations during the audit period.

In addition, accounting teams will need to prepare for the increased accounting complexity that private equity investment often brings. Management might want to consider engaging a third party to assist or advise on technical accounting matters that could arise from private equity investment, such as acquisitions, variable interest entities, and profits interests.

A lack of audit readiness can have significant consequences for a company seeking new investors or an acquirer. Ineffective processes and a lackluster control environment can lead to a disconnect between the company’s operations and its financial representation. Poor accounting practices could give rise to inaccurate quality of earnings or assets analyses, which would in turn misrepresent a company’s financial position to potential investors or acquirers.

Effective and well-established controls and processes are crucial to facilitating a smooth due diligence process and avoiding legal and financial complications. Management shouldn’t assume that the process of an audit will resolve any issues uncovered. Unwelcome surprises during due diligence can cause overruns of costs to test, verify, and resolve issues – and might cause a deal to fall through.

Maintain transparent and regular communication about audit inquiries, updates, questions, and issues

Throughout the audit, management will need to balance fulfilling day-to-day responsibilities with responding to an auditor’s requests for information and documentation in a timely and accurate manner. One way to contribute to efficient communications is to assign a designated point of contact for the auditor. This person can help the auditor coordinate on-site visits or communications, funnel requests, and facilitate access to any relevant data and records.

While an audit might be daunting, especially for an entity undergoing the process for the first time, management should remember that it’s best to call attention to any issues that could potentially raise questions or concerns from an auditor well in advance, to allow for as much time as possible to address and remediate issues. Withholding key information can negatively affect the outcome of an audit.

Responding to audit requests and inquiries can take substantial time away from day-to-day activities at a time when the right accounting is more crucial than ever. If available staffing and resources are limited, management should consider engaging third-party specialists to assist with purchase accounting work and other transition activities. In addition, outside of working on one-time purchase and audit readiness work, a third-party firm can serve as a co-source for regular month-end-close activities to supplement an existing team.

Healthcare companies undergoing an audit also must have an effective method for sharing information with an auditor while remaining in compliance with all applicable regulations – including confidential patient data protected by HIPAA regulations. If a company lacks its own internal platform, a third-party platform – such as the auditor’s – designed for sharing and tracking audit requests might be an option.

A healthcare organization undergoing an audit for the first time might not yet have formally documented controls or processes – or even any formal controls or processes at all. However, developing internal controls and processes and their documentation is a critical component in the journey to becoming a more sophisticated healthcare entity – not just a one-time to-do in preparation for a first audit.

As part of the audit, the auditor likely will evaluate the effectiveness of the control environment and identify any deficiencies or weaknesses that might increase the risk of material misstatements. To prepare for this, management should prepare and maintain comprehensive documentation of the control environment, including flowcharts, narratives, risk assessments, and test results. Management also should review and update internal controls periodically, addressing any gaps or issues that could compromise the control environment.