Changing regulation in Dutch health care institutions: the problems identified

(1)

Name: Dijkstra, J.

Word count: 11993

Changing regulation in Dutch health care

institutions: the problems identified

(2)

1

Abstract

The Dutch regulation regarding hospitals is changing and has not only effect on the hospital itself, but also on the external auditors of hospitals. This study aims to map the uncertainties and problems, during the audit, in relation to the DOT-system which is implemented in 2012. Hereby the focus will be on the internal control of hospitals. A qualitative research approach is used whereby face-to-face interviews are taken with 7 auditors of one of the big 4 audit companies in the Netherlands. The results indicate that most of the uncertainties nowadays are still the same as in 2012, however, these uncertainties are not material anymore because of experience and clearer regulation. Although hospitals are considered as high risk clients by the big 4 audit company, their overall risk profile is perceived the same as that of other companies. The auditors did not perceive a specific fraud- or going concern risk in hospitals. They also mentioned that the administrative organization and internal control of hospitals did improve since the implementation of the DOT-system. However, auditors were still not always able to rely on these systems, thus improvements are still needed. Especially when looking at upcoming developments like horizontal supervision.

(3)

2

1. Introduction:

In recent years there have been several changes in the Dutch funding system of hospitals with the aim to simplify the funding system, controlling health care costs and to continue

improving quality (NVZ, 2016). Before 2005, all costs incurred by hospitals were reimbursed by a function-oriented budgeting system. In 2005, this system was replaced by the new introduced diagnosis treatment combinations (hereafter: DBC) (NVZ, 2016). In 2008, this system has been further developed into the ‘DBC’s towards transparency’ system (hereafter: DOT-system) with the aim to improve the overall declaration system (NVZ, 2016). In 2012, this system has been fully implemented. The implementation of the DOT-system caused that the total revenues of hospitals are now based on negotiations with health insurers. Based on these negotiations, the incurred costs are invoiced to the health insurer. The registration and invoicing process has therefore become very important. The legislation regarding these declarations is introduced by the Dutch healthcare authority (hereafter: NZA). While some of these regulations are detailed, other rules are ambiguous (NVZ, 2016).

Due to this ambiguity, hospitals experienced problems with the implementation of this new system. Rijken (2006) explained that the objective of the DBC-system was to increase transparency and efficiency in the health care sector by regulating the competition between health care providers. However, the DBC-system had several disadvantages. Oostenbrink and Rutten (2006) noticed that the DBC-system is perceived as very time consuming for medical specialists, the system is very complex and the costs are deemed to be high because there are high transaction costs between individual health care providers and insurers. They concluded that the question remained whether the implementation of DBC’s actually led to increased transparency and efficiency. Westerdijk and Linker (2008) mentioned also disadvantages of the DBC-system. They noticed that this system increased the financial risks of hospitals which should gain special attention from a risk management perspective. To overcome these problems, the DBC-system was further developed into the DOT-system in the period between 2008-2012. The first year of the implementation served as a transition year to test the new system by providing a so called ‘shadow budget’. In this transition year, all hospitals worked according the new system, but this had no financial implications for hospitals (NVZ, 2016). After implementation of the DOT-system, some difficulties remained and new ones were

(5)

4

created: an example is that only one out of five hospitals were able to invoice their costs to the health insurers in 2012 (van Loghum, 2012).

The reforms in health care funding also impacted the accounting profession. Auditors must now critically look at the declarations of hospitals when assessing the financial statements (NvZ, 2016). However, because of the sometimes ambiguous regulation, auditors face some problems when assessing the financial reports. In 2013, the Dutch professional organization for accountants (hereafter: NBA) reported that due to uncertainties regarding new rules and regulation, auditors considered to issue a qualified auditors opinion for annual reports of hospitals over the year 2012. One year later, comparable problems were reported (Financieel Dagblad, 2014). In response to these problems, the NBA issued a NBA-alert in both 2013 and 2014 (NBA, 2013; NBA, 2014), which included several instructions for the audit. Due to these NBA-alerts, all annual reports of hospitals contained an explanatory paragraph which explained the overall uncertainties in the health care sector. Despite these explanatory

paragraphs, some hospitals still received a qualified auditors opinion. In response to all these uncertainties and problems, the NBA sent an open letter to the health care sector (consisting of all institutions who deliver health care) which mentioned the various underlying problems (NBA, 2015). These problems included the plethora of regulations which are unclear,

unworkable and sometimes even contradictory. This resulted in high costs and a messy administration in hospitals (van Ark, 2015). The NBA not only described the problems, but also made some recommendations for the healthcare sector. One of these recommendations included that the health care sector should pay more attention to feasibility and alignment. This could be accomplished by the following three actions: (1) do not implement rules on a retroactive basis, (2) involve different parties like auditors, health care institutions and industry associations to improve accountability, and (3) ensure uniform agreements on how to control health care institutions (NBA, 2015). Due to these NBA alerts and the open letter, the Dutch Minister of Health, Welfare and Sports introduced a new method to perform the audit (de Accountant, 2015). After introducing this new method, the annual reports of hospitals all received an unqualified auditors opinion and there were no explanatory paragraphs anymore which explained the overall uncertainties in the health care sector. However, a Dutch newspaper reported in 2016, that hospitals still had their annual reports badly organized, and that there is still much uncertainty among physicians how they define treatments appropriately (Financieel dagblad, 2016).

(6)

5

The auditor has several responsibilities during the audit. One of these is that the auditor should obtain an understanding of the relevant internal controls for the audit. This

understanding helps the auditor to design audit procedures that are appropriate in different circumstances (IAASB, 2016). With the implementation of the DOT-system, the registration process became very important for hospitals and is now one of the key processes. To ensure the reliability of this registration process, it is important to have a good administrative organization and internal control system (hereafter: AO/IC). The AO/IC systems of hospitals changed with the implementation of the DBC and DOT-system as well as the regulation regarding these systems. When DBC’s were introduced, the NZA concluded that hospitals had insufficient incentives for a correct DBC registration. As a consequence, the NZA issued special regulation relating the AO/IC of hospitals (Donker, 2011). With the implementation of the DOT-system in 2012, the NZA concluded that hospitals were sufficiently transparent and had enough incentives to establish an adequate AO/IC. Since then, there was no direct supervision of the NZA anymore and the responsibility for agreements on the establishments of DOT accounts and relevant AO/IC became the responsibility of hospitals and health insurers. However, to maintain the DOT-system, new guidelines were introduced regarding the registration and declaration of DOT’s in hospitals (NZA, 2011). These guidelines renewed in 2014, because of uncertainties in the audit of hospitals (Algemene rekenkamer, 2014). These uncertainties included that auditors could not assess the validity of declarations. As a response, the NVZ (the Dutch hospitals association), the NFU (the Dutch federation of university medical centres) and the ZN (Dutch association of health insurers) signed a covenant in 2014. With this covenant hospitals and health insurers accepted their

responsibility to prevent unlawful and improper declarations. This covenant was a first step towards horizontal supervision (hereafter: HS) whereby the hospital will prevent improper declarations, and the insurers will provide a validity check (NFU, 2015). Although this covenant is signed to overcome the difficulties regarding the validity of declarations, not all problems are solved. Wijnker and Kok (2015) argue that every insurer uses another approach to control declarations. Besides that, the auditor assesses the financial statements in a short period of time, whereas the insurer may use more time to check the declarations in more detail. Both issues lead to uncertainties in the DOT revenues of hospitals, which can have consequences for the auditor’s opinion.

Taken all these changes into consideration, a first quick look reveals that the implementation of the DOT-system is properly done, and there are few problems anymore. However, a closer

(7)

6

look reveals new problems. Not only the hospital, but also the auditor has to deal with these new problems. This inconsistency leads to questions like: what problems do auditors

experience nowadays during the audit of a hospital? Are there specific difficulties relating the internal control systems? And how do they deal with these problems? All these questions lead to the following research question: Which internal control challenges do auditors face when

performing the external audit of hospitals?

In the next section the theory will be explained, based on this theory an interview guide is formed (See appendices). Thereafter the results will be presented and the last section includes the discussion and conclusion.

2. Literature and background

This section consists of four subsections. Firstly, the changes in hospital funding over the years is discussed. Secondly, an overview of the changing regulation regarding the AO/IC of hospitals is given. Thirdly, the problems for hospitals are discussed. Lastly, the problems for auditors are discussed. Hereby, the relevant auditing standards will be linked to the problems.

2.1 - The funding of hospitals over the years

The changes in the regulation of Dutch hospitals began in 1988, with the introduction of the function oriented budgeting system. A budget was established for each hospital, which was based on a fixed set of parameters. Declarations were carried out against national tariffs to the health insurer. When the total amount of claims did not match the predetermined budget, the differences were paid by insurers and/or paid back to the insurer. In this way, the

predetermined budget was always paid fully to hospitals and there were no financial risks.

This function oriented budgeting system maintained until 2005, when this system was

replaced by diagnosis treatment combinations (DBC) (NVZ, 2016). A DBC is defined as “the whole set of activities and interventions of the hospital and medical specialists resulting from the first consultation and diagnosis of the medical specialists in the hospital” (Oostenbrink & Rutten, 2006, p.288).

(8)

7

Overall there were approximately 30.000 DBC-treatment combinations, which were divided into an A- and B-segment. The A-segment contained treatment combinations for which standard prices were set by the NZA. The B-segment contained treatment combinations for which prices were dependent on the negotiation between health insurers and the hospital. In 2005, a small part of all DBC’s were placed in the B-segment and the other part was placed in the A-segment.

Because of the complexity, the DBC-system was further developed into the DOT-system in the period between 2008-2012 (NVZ, 2016). The objective of this DOT-system was to improve the declaration system of hospitals. To accomplish this objective, the 30.000 DBC’s were reduced to 4.400 DOT’s. The B-segment expanded to almost 70% of all the treatment combinations and the A-segment contained only highly specific health care.

The implementation of the DOT-system fully replaced the old function oriented budgeting system. From then on, the revenues of hospitals were fully based on their declarations.

2.2 - Regulation regarding internal control

The introduction of the DBC-system had several consequences for the structure of the AO/IC of hospitals. The administrative organization is defined as “the systematic collection,

recording and processing of data to control, manage and operate the organization” (van Os et al., 2004, p.37). Internal controls are in place to ensure that the risks associated with the business processes are controlled. To ensure the reliability of the registration and billing of DBC’s, the NZA introduced the framework: ‘administrative organization and internal control on DBC registration and billing’. This framework was valid for hospitals since 2005 (Donker, 2011). It provided minimum requirements for hospitals in order to achieve a reliable

recording and billing of DBC’s. Hereby, the primary purpose was to guarantee the quality of information within a health care organization (van Os et al., 2004). To measure the degree of compliance with this framework, a baseline measurement was done in 2004. Concluded was that most of the hospitals did not comply with these minimum requirements, and thus were not ready to implement the DBC-system (van Os et al., 2004). Another examination in 2005, indicated that still only few hospitals met the requirements of this framework (van Loghum, 2005). With effect from January 1, 2007, the framework had undergone significant changes (Houwen, 2007). Notably, the design and configuration of the framework changed. These

(9)

8

changes and strict supervision by the NZA resulted in 43% compliance in 2007, and 82% compliance in 2009 (Donker, 2011). Thus, along with the implementation of the DBC-system, a framework for a correct AO/IC was introduced. However, the DBC-system resulted in several problems for the AO/IC of hospitals. As a consequence, not all hospitals did comply with the minimum requirements of the framework. To overcome these problems, the DOT-system was implemented. Due to this implementation, the NZA concluded that hospitals met the minimum requirements for a correct AO/IC (NZA, 2011). These minimum requirements included that there was a sufficiently transparent DBC product structure (like the

DOT-system) and that health care providers were sufficiently risk bearing. The overall goal was that hospitals needed to have enough incentives to establish an adequate AO/IC (Donker, 2011). The implementation of the DOT-system fulfilled these requirements and therefore, the old framework was abolished in 2012. As a consequence, agreements on establishment of the DOT’s and relevant AO/IC became the responsibility of health insurance companies and healthcare providers. There was no direct supervision of the NZA anymore (NZA, 2011). However, to maintain the DOT-system, new guidelines were introduced regarding the

performance and rates for medical care. These guidelines included rules about the registration and declaration of DOT’s (NZA, 2011). Although these guidelines were implemented, they did not provide the expected clarity to auditors. The legality of declarations could for example not always be established by auditors (algemene rekenkamer, 2014). This led to uncertainties for the auditor’s opinion. Therefore, the guidelines have been renewed for 2014 to include provisions for carrying out the audit with more accuracy (NVZ, 2013). In this so called ‘recovery-program’, rules are clarified and hospitals themselves have investigated whether their invoices were correct. This is the so called self-assessment of hospitals. Although these guidelines led to more clarity, new problems were mentioned. One of these problems was that auditors still experienced uncertainties regarding the audit. These uncertainties were caused by the notion that no independent third party assessed the accuracy of declarations. Auditors thought this was a problem because health insurers had insufficient incentives to properly check the DOT-claims (algemene rekenkamer, 2014).

So, although there were a lot of changes, new problems arose.

In order to solve these uncertainties for auditors, the NVZ, NFU and ZN signed a covenant in 2014. With this covenant hospitals and health insurance companies accepted their

(10)

9

hospitals and health insurers jointly agree on the nature and timing of the checks performed on the declarations. As a result, the quality of the declarations will be improved (NFU, 2015).

2.3 - The problems for hospitals

The introduction of the DBC-system led to opportunities for entrepreneurship. Due to these introduced market forces, the health care sector needed to understand their risks. Therefore, special attention must be given to risk management (Westerdijk & Linker, 2008). One new risk for hospitals was their financial risk. This risk was caused by contracts between health insurers and hospitals. While the prices of treatments combinations were set before the healthcare was delivered, the costs were determined afterwards. The accuracy of the prices involved in the contracts depended on the amount of treatments expected. This led to an estimation of the costs for a treatment. In the case that the costs of the delivered health care were higher than estimated in the contract, the difference was at the expense of the hospital (Westerdijk & Linker, 2008). Thus, due to the introduction of the DBC-system, hospitals experienced higher business risks. In order to mitigate these risks, the AO/IC systems gained importance in hospitals. As already explained, the NZA facilitated the introduction of a correct AO/IC system by providing a framework and by monitoring hospital’s compliance. However, in 2012, new problems were reported. Hospitals struggled with the new DOT-system and as a result, only one out of five hospitals were able to invoice DOT’s to the health insurer. Fortunately, liquidity problems could be prevented because of prepayment

arrangements between the health insurer and the hospital (van Loghum, 2012). Although problems could be prevented, it raises awareness about the complexity of the DOT-system and that improvements of the system are still needed. A few years later, de Vos (2015) argued that hospitals still struggled to deal with the complex system. He argued that there is often little insight in the actual costs of a treatment. In 2016, these problems were still not solved. A Dutch newspaper reported that hospitals still have their annual reports badly organized, and that there is still much uncertainty among physicians how they define treatments appropriately (Financieel dagblad, 2016). They also reported that systems do not always work properly and that there is often no clear vision on what, when and how something should be invoiced. This lack of administrative processes can lead to different problems such as mistakes and/or fraud. This is exactly what happened. Van Aartsen (2016) concluded that in the past years, health institutions claimed high unjustified amounts of money for surgeries which were regarded as

(11)

10

fraud by the NZA. To respond to these new risks, the hospital is forced to improve its AO/IC system. New developments are that the NVZ, NFU and ZN signed a covenant in 2014, which was a first step towards HS. Hereby, hospitals and health insurance companies are responsible to prevent unlawful and improper claims. The overall goal is to improve the quality of

declarations

2.4 - The problems for auditors

In this section the role, responsibilities and possible problems of auditors during the audit will be explained. These possible problems will raise some questions. The interview guide will be based on these questions. An explanation of which relevant problems led to which questions, as well as the full interview guide can be found in the appendices.

2.4.1 - The auditors’ overall responsibilities

According to the International Standards on Auditing (ISA) 200, the purpose of an audit is “to enhance the degree of confidence of intended users in the financial statements” (IAASB, 2016, p.80). The degree of confidence is assured when the financial statements as a whole are free from material misstatements, whether due to fraud or error. This is accomplished by obtaining sufficient and appropriate audit evidence. When having obtained sufficient audit evidence, the auditor is responsible for the reporting of the findings. Hereby an auditor’s forms its opinion. This opinion can be an unqualified opinion, a qualified opinion, an adverse opinion or a disclaimer of opinion.

2.4.2 - DOT problems then and now

In 2013 and 2014, auditors considered to issue a qualified auditors opinion for annual reports of hospitals over the years 2012 and 2013 (NBA, 2013; Financieel Dagblad, 2014). The auditor is allowed to give this kind of opinion if he concludes that there are misstatements which are material, but not pervasive to the financial statements. Another valid reason for this opinion is when the auditor is unable to obtain sufficient appropriate audit evidence on which to base an opinion, but he concludes that the possible effects of an undetected misstatement could be material but not pervasive to the financial statements (ISA 705).

(12)

11

When looking at the qualified opinions for several hospitals in the years 2013 and 2014, all the explanations agreed in content. The explanations mentioned for the qualified opinions were that the new funding system was subject to national risks and limitations. These risks and limitations were related to the registration and billing provisions, which included several open standards. These open standards were further interpreted by the regulator after the end of the financial year. Hereby, most interpretations were retroactive so that fully compliance was impossible, and the consequences of these new interpretations could not be estimated reliably by the auditor. As a consequence, the auditor was not able to gather enough and appropriate audit evidence. The biggest problem was that auditors could not determine if the invoiced declarations were valid, and this led to high uncertainties in the revenues of hospitals (algemene rekenkamer, 2014).

Some auditors were able to give an unqualified auditors opinion for a hospital in 2013 and 2014, however, these opinions included all an explanatory paragraph which emphasized the ambiguities in the legislation. Since 2015, no explanatory paragraphs were included in the annual report and no qualified opinions were given for this reason. This assumes that there are no problems anymore relating the funding system and that auditors are able to gather enough and appropriate audit evidence. However, repetition of these problems was expected in 2014. The validity check on declarations became the responsibility of hospitals and health insurers. Thus, there is no independent third party who checks these declarations. Auditors assumed that health insurers had insufficient incentives to check the declarations on validity (algemene rekenkamer, 2014).

The question rises if all problems are solved nowadays, or that they do still exist. How do auditors nowadays think about the uncertainties regarding the revenues of hospitals?

In the following subsections, possible problems will be linked to International Standards of Auditing (hereafter: ISA’s).

2.4.3 - Audit quality and methodologies

The degree to which financial statement users can rely on an auditor’s opinion depends on the quality of the audit performed (Christensen et al., 2016). The responsibility for performing a qualitative audit rests with auditors. This audit quality is dependent on its input, process and output (IAASB 2016-2017). Inputs consist of the values, ethics, attitudes, knowledge, skills

(13)

12

and experience of the auditor. Input is also the time allocated to perform the audit. The process consists of the rigor of the audit process which influences the audit quality. Outputs consist of the reports and information that are formally prepared and presented by one party to another, as well as the outputs that arise from the auditing process (IAASB, 2016-2017). The audit procedures used to gather enough audit evidence consist of analytical procedures and substantive procedures (ISA 330). The types of procedures used will depend on the specific company.

So when doing the audit of a hospital, the audit procedures will depend on what the auditor thinks will be necessary to obtain sufficient and appropriate audit evidence. This process starts with the risk examination of auditors during the interim phase of the audit. The question rises how auditors determine the audit risks and what kind of procedures they use for this. It is also interesting to map these risks. Another question is if this risk examination is more time consuming compared to other companies.

2.4.4 - Internal control

During the interim phase of the audit, auditors also take a look at the AO/IC of the relevant company. With the introduction of the DOT-system, the AO/IC of a hospital is one of its key processes. These systems are in place to reduce business risks. According to ISA 315, the auditor has to perform audit procedures to gather audit evidence. In order to obtain enough audit evidence, the auditor needs to understand the internal control systems that are in place which are relevant to the audit. The auditor shall evaluate the design of those controls and determine whether they have been implemented and are operating effective. The auditor shall also design and perform substantive procedures for each material class of transactions,

account balances and disclosures (ISA 330).

Internal control is defined as “a process developed by an entity’s board of trustees, management, and other personnel, which is designed to provide reasonable assurance regarding the achievement of management objectives” (Cooper & Cornett, 2004, p37) . An objective of internal control is the reliability of financial reporting. Hospitals also have an internal control system in place to assure the achievement of objectives. However, in 2016, a Dutch newspaper (Financieel Dagblad, 2016) reported that systems usually did not work properly in hospitals and that medical specialists do not always have a clear vision on what,

(14)

13

when and how something should be declared. This has implications for the revenues because all revenues are now based on the declarations of hospitals to the insurer (Oostenbrink & Rutten, 2006).

The registration process of a hospital consists of three parts: register, validate and invoice (van Os et al., 2004). The first step is to register all data of the delivered care. This is the responsibility of the medical specialist. This data involves for example the personal data of the patient, the opening- and closing date and the type of care delivered. After the closing date, the correct DOT has to be linked to the provided care activities. This is realized by a national web-service called ‘the grouper’. This web-service links all the care activities to the correct DOT. This DOT is send back to the medical specialist who determines the correctness. When the DOT is correct, it can be invoiced to the health insurer (NZA, 2017). The hospital needs to have correct internal controls in place to minimize the possibility of an incorrect invoice. One way of doing this is the self-assessment of hospitals which is implemented in 2014 when the covenant was signed. With this self-assessment, hospitals control whether they meet the requirements of health insurers. When the DOT is invoiced, the health insurer needs to check the correctness of these DOT’s. During the audit, the auditors needs to perform audit procedures to control the revenues for a hospital during the audit. However, in 2014, there was a concern that no independent third party checked these declarations and auditors assumed that health insurers had insufficient incentives to check the declarations on validity (algemene rekenkamer, 2014). It was assumed that this would also be the case in the

upcoming years. The question rises if auditors are able to rely on the internal controls of hospitals and how auditors determine the effectiveness of these internal control systems. Another interesting question is if they use both the self-assessment and the control of health insurers during the audit. It is also interesting to ask whether auditors nowadays still perceive that health insurers have insufficient incentives to check the declarations on validity.

2.4.5 - Going concern

ISA 570 says that the financial statements are prepared on the assumption that the entity is a going concern and will continue its operations for the foreseeable future unless those financial statements are indicated as special purpose financial statements. The responsibility for

assessing the entity’s ability to continue as a going concern lays with the management of that entity. The auditor is responsible for obtaining appropriate audit evidence regarding the

(15)

14

appropriateness of management’s use of the going concern basis of accounting in the preparation of the financial statements. The auditor also has to conclude, based on the audit evidence obtained, whether a material uncertainty exists about the entity’s ability to continue as a going concern.

For hospitals it is a challenge to deal with all the reforms of the past years. In 2013 and in 2014 there were two hospitals which went bankrupt. This could be a signal that bankruptcies are inevitable. However, in that same year the revenues of hospitals increased with 5,6% which indicated a better financial position (Marselis & Van de Poel, 2015). So, on the one hand there were failures and on the other hand the reforms resulted in a better financial position for some hospitals. The question arises if these bankruptcies also have implications for the audit. First of all, there is a higher financial risk for hospitals because the chance of a liquidity problem is bigger than before. Previously, all the money was paid in advance to hospitals, but with the new regulation, the health insurers will not pay in advance (PWC, 2011). As a consequence, a hospital needs more cash on hand. As a result of this higher risk profile, it is harder for a hospital to obtain a loan from a bank. So, on the one hand there is more money needed, but on the other hand this is harder to obtain. This can result in liquidity problems. Another financial risk is that of care activities which cannot be invoiced. All care activities are registered in the system. After the closing date, the correct DOT is linked to these activities. Thereafter, the DOT is invoiced to the health insurer (NZA, 2017). It could be that there are a lot of care activities provided, which are not included in the standard DOT’s. As a result, it might be that certain care activities are not invoiced, while these activities have a cost. This is a financial risk for hospitals. In order to mitigate these financial risks, the hospital needs to have internal controls in place. The auditor should take these systems into account to form an opinion on whether the hospital is able to continue its activities for the foreseeable future. The question rises how they determine if a hospital is a going concern. Another question is whether auditors perceive that hospitals still have going concern issues and if this can influence the auditors opinion.

2.4.6 - Fraud errors

In ISA 240 it is stated that misstatements in the financial statements can arise from either fraud or error. Fraud is a form of deception (Siering et al., 2016) which is defined as “an intentional scheme aimed to create a false impression or conclusion, often for gaining an

(16)

15

unjust advantage over another party” (Burgoon et al., 1996). Fraud thus involves an intention, while an error does not. Hereby, errors involve human mistakes, while fraud can occur due to insufficient procedures or internal controls.

The auditor is responsible for detecting all material misstatements whether due to fraud or error. It is also expected that auditors find errors, which are not material, but are due to fraud. If an auditor believes a misstatement can be due to fraud, then the ISA’s recommend very different audit responses than in the case of an error (Hamilton, 2016). Love (2012) argued that audit procedures are needed to detect the material misstatements which are due to fraud, but also recognizes that auditors could not unfailingly detect all frauds, regardless of how sophisticated the fraudulent scheme; there are always inherent limitations.

The management is responsible for the implementation of internal controls to prevent that financial statements contain significant misrepresentations due to fraud or errors (Tak, 2014). When performing the audit, auditors need to assess the efficiency of these internal controls to assess the fraud risks involved.

Linking this to the declaration systems of hospitals, there is a chance for fraud. This fraud risk occurs from the risk of upcoding. Upcoding is defined as scaling treatments higher than originally needed so as to obtain a higher amount of money from the insurer (de Winter, 2014). The DOT-system contains sometimes ambiguous rules so that the possibility for upcoding increases. This is also what happened in the past years, health institutions then had high unjustified claims which were regarded by the NZA as fraud (van Aartsen, 2016). The question arises how auditors make sure they gain enough information concerning this fraudulent behavior, and if they are capable to distinguish errors and fraud.

The interview guide is based on the before mentioned topics and the practical guide of King et al. (1994) which will be described in the methodology section. A detailed explanation of how the interview guide is compiled, is attached in appendix A1. The full interview guide is attached in appendix A2.

(17)

16

3. Methodology

3.1 - Research method

This study aims to discover the problems which auditors face during the audit of hospitals. This is an explorative study that will systematically collect and analyze data to discover new facts and potential relationships. The subject of the research is relevant, because the

perspective of auditors in relation to the DOT-system is not yet studied. Data will be collected by face-to-face interviews with auditors of one of the big-4 audit companies in the

Netherlands. These auditors are assessing or having assessed the financial statements of health care institutions in recent years (2013-2016). These years are considered as being relevant because the DOT-system is implemented in 2012 and from 2013 on, there was no transition model anymore for auditors (NvZ, 2016). The interviews are semi-structured, which means that there is a format with questions, but these questions do not need to be asked in the same fixed order (Smith, 2015).

3.2 - Sample selection

Due to an internship, one of the big-4 audit companies in the Netherlands was willing to cooperate with this research. To select appropriate interviewees, a list of all the auditors and their functions, who are involved in the audit of a hospital, was obtained. This list contained 19 possible interviewees. The first selection criteria was the function of the auditor. The aim was to have at least one interview with a partner, a manager and a senior/junior auditor

because it is likely that different people at different levels are facing different problems during the audit. By interviewing auditors at different levels, a complete overview can be given of the problems. The number of auditors and their functions are shown in table 1.

(18)

17

The second selection criteria would be if the auditor was providing the audit for a general hospital or an UMC. However, this information was not provided beforehand, so it was decided to approach different auditors with different functions and to ask them during the interview for what kind of hospitals they provided the audit. Most of them audited one or more hospitals which, most of the time, were general hospitals. The interviewees were asked to focus on the general hospitals during the interview because the processes in an UMC are more complicated. However, sometimes a question was asked about an UMC to show the differences between the two types of hospitals.

In total, 16 out of 19 auditors were approached by mail to cooperate with this research. All of them responded. Eight of them were not willing to cooperate because they had insufficient experience and/or did not have the time to cooperate. The other eight were willing to cooperate with this research and a date was set for an interview. Ultimately, one of the auditors cancelled the interview due to limited time. Three senior auditors were not

approached because during the mailings with other seniors, it became clear that they had less experience and could not provide sufficient useful information to this research. They only fulfilled general auditing activities and did no activities in relation to hospital-specific journal entries. The final sample consisted of seven auditors. These auditors and their functions are shown in table 2.

(19)

18

According to Marshall et al. (2013) a qualitative research should contain approximately 15 to 30 interviews. However, the amount of time and resources available are also critical factors (King et al. 1994). Due to time limitations, limited accessibility to auditors and in-depth interviews, seven interviews are considered to be appropriate for this research. The number of interviews will be enough to discover the overall problems in the auditing profession. All interviewees allowed to record the interview. Thereafter the interviews were written out. Lastly, a content analysis is conducted to identify the key problems during the audit regarding the DOT-system.

3.3 - Interview guide

The practical guide of King et al. (1994) was used to form the interview guide. King et al. (1994) argued that participants must be assured of confidentiality. They should also be

informed for whom the research is being carried out, what the research hopes to achieve, what kind of feedback of the study he/she will receive and approximately when this will happen. They also acknowledge that permission to tape-record the interview must always be obtained.

King et al. (1994) also pay attention to the sequence of the questions. They argue that it is best to open with questions which are easily to answer for the interviewee. Difficult questions should be saved until later in the interview so that both interviewer and interviewee can get to know each other and get comfortable. The interview should not end with a difficult,

threatening or painful topic but should steer the interview towards positive experiences. When finishing the interview, the interviewee should have the opportunity to make any further comments.

(20)

19

The interview guide (Appendix A2) is formed in line with the above mentioned guidelines. For a detailed explanation, see appendix A1.

3.4 - Reliability and validity

Reliability involves that measures should produce the same results when applied to the same subjects by different researchers (King et al. 1994). In a qualitative research this means that there is no researcher bias: the findings are not a product of researchers’ prejudices and prior expectations. To overcome this bias, all the interviews were held with the help of another researcher. One researcher was interviewing, while the other researcher checked whether all questions were being asked. After a couple of interviews these roles changed. Another method to overcome this researcher bias is to pilot test the interview guide. However, due to a limited number of possible interviewees, the method of “interviewing the investigator” (Chenail, 2011) is used. The interview guide was tested by the researcher by asking and answering the questions of the guide to find questions which were not well defined. After taking a couple of interviews, still not all the interview questions were well defined, these questions were changed during the interview period.

A qualitative research is valid if it truly examines the topic which it claims to have examined (King et al. 1994). There are three types of validity which are relevant for qualitative research; descriptive, interpretive and theoretical validity (Burke, 1997). Descriptive validity refers to the accuracy in reporting descriptive information. To overcome this validity problem, all interviewees were asked for permission to record the interview. All agreed. This made it possible to reproduce the whole interview. Interpretive validity refers to accurately portraying meaning to attached participants to what is being studied by the researcher. The method of ‘member checking’ (Burke, 1997) is used to overcome this problem. The transcription of the interview was send to the interviewees. In case of any miscommunications they could indicate improvements. Two interviewees indicated improvements. These suggestions were corrected in the used document. Lastly, theoretical validity refers to the theory which is used to explain certain relationships. This validity concern is less relevant in this study because there are no relationships hypothesized. Therefore, it is not further explained.

(21)

20

4. Results

4.1 - General information

Table 3 shows information of the interviews and interviewees. All interviewees received a pseudonym. This name is used to refer to the interviewees. The interview time was on average 66,14 minutes. The interview sample consisted of 4 males and 3 females. The average total auditing work experience was 10,14 years. The average work experience in the hospital sector was 6,43 years. Each interviewee provided the audit for 2,42 hospitals on average. Three of the interviewees were also providing the audit for an UMC. Only partner Dan has other functions in the health care sector. He is also regional chairman and participant of a branch group in healthcare. Lastly, four of the auditors did not experience the change to the DOT-system in 2012, three of them did. There were no significant differences in answers among interviewees, some auditors only had more experience and thus could explain things better.

(22)

21

4.2 - DOT problems then and now

Three of the interviewees experienced the DOT change in 2012. The interviewees experienced this change as either fascinating or interesting.

“As an auditor, I have experienced the change as fascinating. There was a lot of change in the playing field and it was fascinating to see how organizations deal with this.” – Partner

Dan

“Personally, I found it interesting. I attached myself to it and I wanted to understand it, even though it was difficult for me and my client.” – Manager Stef

The change to the DOT-system was also considered as an improvement because the former DBC-system had difficulties with the legitimacy of DBC’s and upcoding.

“In the DBC-system, the medical specialist knew exactly which DBC generated the highest turnover and thereby increased the doctor’s fee. So there was a wrong incentive. With the

arrival of the DOT-system, the possibility disappeared because the DOT’s are determined outside the hospital (by the grouper).” – Partner Dan

While auditors had a quite positive view on the change, manager Stef indicated that hospitals experienced the change as unnecessary, unbelievable and as a ballast.

The interviewees experienced different problems during the implementation of the DOT. First of all, there were problems relating the administrative processing of DOT’s, especially in relation to the work in progress and the allocation of claims in the correct financial year.

“It was totally unclear which revenues belonged to which financial year” … “There were actually two things happening. First of all, there was a system change and secondly, the NZA invaded a number of hospitals where they concluded that they invoiced wrongly. This

resulted in a forbidden product list whereby a discussion came up of how the auditor should deal with this.” – Partner Dan

These problems resulted in a further discussion about the legitimacy, accuracy and completeness of revenues. As a result of this discussion, the annual report of 2012 was ultimately delayed until 2014. This happened for two years in a row. A reason for the problems in the administrative processing of DOT’s is that:

“The government implemented many changes retroactively, making it impossible for hospitals to correct the declarations. As a result, hospitals had to do some sort of shadow

(23)

22

Another problem mentioned was that rules relating to the declarations of DOT’s were very unclear. It was also mentioned that the invoices of DOT’s of hospitals, most of the time, did not match the payments of health insurers.

When asking the interviewees how they experience the audit of a hospital nowadays, they answered that the system is now stable and that hospitals have mastered the declaration system. They also mentioned that the AO/IC of hospitals improved and that hospitals provide the needed information for the audit. This all makes hospitals easier to audit. Another reason is that auditors as well as hospitals gained experience over the years, besides that, rules are more clarified. One example of this is mentioned by assistant manager Kim:

“As of January 1, 2015, the lead time of DOT’s is shortened to 120 days (was 365 before)” ... “When looking at the compensation claims, we can now compare the claims in the annual report with what is invoiced in the new year” ... “As a consequence uncertainty

declined.”

Although regulation is clearer than before, supervisor Josh mentioned that the regulation in the health care sector is a lot. So it is difficult to know all the details and keep track of all the little changes. There are also still uncertainties which mainly relate to the revenues of

hospitals. Assistant manager Ton mentioned that there are still uncertainties relating the allocation of claims in the correct financial year. For example: when a patient enters the hospital with a broken foot on 31 December ’16, then the hospital has to estimate the total treatment of this person because these revenues belong to the financial year 2016. This estimation leads to uncertainty in both the revenues and work in progress. However, assistant manager Kim argued that this uncertainty is not material anymore because, due to the changed rule regarding the DOT’s lead time, the work in progress can be checked with the invoiced DOT’s in 2017 during the audit. Partner Dan also mentioned that there are still errors which are retroactively corrected afterwards. However, due to the self-assessment of hospitals and the experience of the auditors, this uncertainty is not material anymore. A follow up question was if the interviewees still experience uncertainties that could influence the auditors opinion. They all answered that there were no material uncertainties anymore which could influence the auditors opinion. Supervisor Josh mentioned that this was due to experience and data-analysis. Senior manager Nina explained that there still are uncertainties that might lead to changes in the annual report, but that these changes are not material for the auditors opinion.

“Uncertainties stayed the same, however, these can now be estimated more accurately and thus the uncertainty is not material anymore.” – Senior manager Nina

(24)

23

4.3 - Audit quality and methodologies

During the interim phase of the audit, the relevant risks are estimated. Interviewees responded that they meet with the audit team and approach the hospital with a blanc mind regarding risks. They do not use the risk assessment of the hospital itself, but they do take relevant general risks in the health care sector into consideration. Interviewees responded that there is a standard procedure for determining risks.

“We first have the customer acceptance process. In a particular program we need to answer a number of questions about the customer. This forms a risk profile of the relevant company. It also determines whether an additional quality partner is needed,

this is still the case.” – Assistant manager Ton

Interviewees responded that this standard procedure is followed during the audit of all types of organizations. This risk procedure does not take specifically more time for hospitals than other organizations.

Interviewees were also asked to identify which specific risks they perceive during the audit of a hospital. Interviewees agreed that the revenues of hospitals are a significant risk area. They mentioned the following risks:

- Compliance risk due to the complexity of regulation - Estimation risk regarding work in progress

- Allocation risk of DOT’s to the correct financial year - Compliance risk with property and bank covenants

- Estimation risk of errors in the self-assessment of hospitals and the periodic controls on registration and invoicing

- Risks in IT controls

- Ceiling risk in contractual agreements

When asking about the amount of risks of hospitals, all interviewees agreed that hospitals do not have a higher amount of risks than other companies.

“Hospitals have been pulled out of their safe and comfortable life by the change of the system, they now have a risk profile that is in accordance with other companies.” –

Partner Dan

“I think the overall risk profile of a hospital is basically the same as that of for example a trading company, despite that the causes of these risks may be different.” - Assistant

(25)

24

However, hospitals are considered to be more risky than before 2012. The interviewees mentioned that their accounting firm nowadays considered hospitals as a high risk firm. This means that there are always two partners involved at the audit of a hospital. Another

complementary risk was mentioned by Partner Dan. He argued that, due to technological and other developments, complex care will shift towards larger medical centers and non-complex care will shift to private clinics or homes. This will ultimately lead to a lower production in smaller regional hospitals. This might cause risks in the future.

The standard risk procedure explained in the beginning of this section involves different work programs which are specific for hospitals. These are dependent on relevant regulation.

Interviewees indicated that there are still a lot of minor changes in regulations relating DOT’s.

“Regulations are very changeable, new rules are added each year.” – Supervisor Josh “There are some minor changes, but compared with a couple of years ago there are no

rigorous changes like the DOT.” – Senior Mary

Manager Stef mentioned bigger changes like horizontal supervision and WNT (Law of remuneration of top executives). A special department keeps track of all the relevant changes in the health care sector. This department also keeps the work programs up-to-date. Thus, when there is a change in regulations, these work programs will also be changed. The work programs are used for the audit, but are health care specific. This means that auditors should make this work program specific for the relevant client. This requires judgement.

Ultimately, interviewees indicated that when the amount of uncertainty is not material anymore, they perceived that they gathered enough audit evidence to provide an opinion of the financial statements. This audit evidence is for example gathered by estimating the revenues with help of the self-assessment, reducing significant risks and checking the sample on DOT invoices.

4.4 - Internal control

In order to reduce the above mentioned risks, hospitals implemented internal controls. The following internal controls were mentioned by the interviewees:

- Checks and balances in the system. For example a link with a personal number to prevent surgeries for fake persons

(26)

25

- An internal control function that provides a sample on DOT’s to check the accuracy and amount of invoiced DOT’s

- Investments in IT

- Monitoring contractual agreements - Making a liquidity analysis

- Doing a self-assessment

- A control on invoices provided by health insurers - Assuring segregation of duties

When asking interviewees if they could rely on these systems during the audit the answer was mainly ‘no’.

“During the risk analysis we do rely on some systems of hospitals for example: the sample on DOT’s, the self-examination of hospitals and checks which are implemented in the

system.” – Senior manager Nina

“From an efficiency perspective it is not always useful to rely on the internal control of a hospital.” – Supervisor Josh

“Ideally, we would like to audit everything on the basis of automation, but often general IT controls are ineffective.” … “ In that case we cannot rely on the application controls.” –

Assistant manager Ton

“The extent to which we can rely on the systems is very different. The appointment of an internal control function is usually clear and we can observe and check it. Other controls

are less/not visible, so we cannot rely on these.” – Senior Mary

“We notice that hospitals invest millions of Euros in IT, but they cannot rely on these systems. This is different compared to other organizations which only invest in IT if they can rely on these. There are however hospitals where we can rely on the IT systems, but

there are also hospitals where we cannot rely on the systems at all. – Partner Dan

Summarizing, it turns out that there are some systems on which auditors can rely during the audit of a hospital. However, there are also systems on which they cannot rely due to

efficiency, inefficient general IT-controls and non-visibility of controls. The extent to which auditors can rely on IT systems also differs per hospital. This difference might be due to complexity.

“The general hospital for which I am providing the audit has a specific software tool whereby there are a lot of checks in the process. We can rely on this tool more compared

to the UMC, but this is also because a general hospital is less complex than an UMC.” – Senior manager Nina

(27)

26

To further analyze the internal control of hospitals, it was expected that the controller of a hospital judged the legitimacy of declarations. However, the interviewees answered that this was not the function of the controller, but that of the internal control function. This internal control function provides the sample on DOT’s and checks its accuracy. When asking the interviewees if the internal audit function was capable of doing this, they agreed. However, three of the interviewees responded that there is a mismatch between the medical specialists on the work floor and the financial department.

“There is a mismatch in interests between the workplace and the financial department. The people on the work floor just want to make the patient better. For these people, the

registration of DOT’s is not priority number one, it is about helping people. This might cause frustrations because people of the financial department are suffering from it. When

for example a DOT is registered a couple of months after the surgery is provided, and this DOT involves a lot of money, then the intermediate positions of these DOT’s are not

correct anymore.” – Supervisor Josh

The interviewees were also asked about the self-assessment of the hospitals and the checks provided by the health insurer. Interviewees answered that they give a special statement of factual findings of the self-assessment. This assignment is separate from the audit and is no assurance assignment. This special statement has no influence on the audit. During the audit, auditors only estimate the outcomes of the self-assessment. This helps to estimate the amount of error which needs to be corrected during/after the audit. This amount of error will form a provision on the balance sheet. When this amount of error is estimated, the revenues can also be estimated more accurately. Auditors also make an estimation of the outcomes of the assessment provided by health insurers. These outcomes may also influence the revenues of the hospitals, therefore there is also a provision on the balance sheet regarding the assessment of health insurers. Auditors also perceived that hospitals as well as health insurers are capable to check these declarations. Health insurers have incentives to check the invoices, because this is important for them.

Ultimately, the self-assessment and the check of health insurers will be replaced by HS. The interviewees were asked how they see this development. All the interviewees agreed that, if HS succeeds, there will be less administrative burden. Nowadays the administrative burden for hospitals is very high. They spent a lot of time on the self-assessment. Auditors have to assess whether the hospital used the right procedures and thereafter the health insurer will check the invoices in detail. Manager Stef explained that when there is HS, an assessment of the auditor about the right procedures is not necessary anymore. Besides that, he expects that

(28)

27

hospitals and health insurers will earlier agree on the invoiced DOT’s. This leads to a lower liquidity risk because DOT’s can be invoiced earlier. There will also be fewer errors because these will be corrected before invoicing. The self-assessment, as well as the assessment of details by the health insurer won’t be needed anymore.

“There is now a lot of administrative burden that will decline with HS. However, a good foundation of trust and commitment is needed. So, I think that if the implementation of HS is performed well, it will be a big improvement. The question remains whether it is

going to succeed, but we will try our best.” – Senior manager Nina

4.5 - Going concern issues

Interviewees were specifically asked if they experience a higher financial risk for hospitals compared with other clients, because these can lead to going concern issues. Answers were different among interviewees. Supervisor Josh mentioned that he did not experience this risk. He explained that there are both business and audit risks.

“When a hospital for example has 0 Euro on its bank account, this is not necessarily a risk for the audit, but this might have impact on business operations.” – Supervisor Josh

Assistant manager Kim agreed. Hereby she explained that hospitals make their own liquidity prognosis which is being analyzed by the auditors. She did not experience a liquidity risk because there was no reason to assume that her hospitals had any liquidity problems. Other interviewees did experience a liquidity risk.

“There is always a liquidity risk for a hospital, because they can invoice their DOT’s much later than when they have performed the surgeries. Some hospitals control this better than others. For example, one of the hospitals I audit has a lot of cash on hand, another hospital chose for a tight redemption scheme. Due to these high repayments, there is less

cash on hand which, of course, results in a higher liquidity risk.” – manager Stef

Other financial risks mentioned were contract agreements with health insurers and contractual funds. Even though not all interviewees experienced a higher financial risk, they

acknowledged that the risk could have impact on the continuity of the organization. However, Supervisor Josh mentioned that they do not look specifically at continuity unless there is a reason to suspect problems. Manager Stef explained that if they suspect a continuity problem, they become more critical and ask more critical questions. When the continuity is really uncertain, then there must be an uncertainty paragraph involved in the annual report.

(29)

28

However, all interviewees did not experience this risk to be material, and thus does not influence the auditor’s opinion.

4.6 - Errors and fraud

When asking about the declaration system, most of the auditors indicated that the declaration system is complex and not fully clear. They also indicated that they do not need to understand every detail of it, only the relevant aspects for the audit.

“My overall picture is that the declaration system is quite complex. We do not have to audit the whole system, so we do not need to know all the details, but I certainly believe

that there is ambiguity.” - Assistant manager Kim

When asking the interviewees about errors, it appeared that the chance for errors is high.

“There are enough chances in the declaration system to make a mistake.” … “ If there were no mistakes, this self-assessment would not be needed.” – Senior manager Nina

However, the chance for a material error is low.

“The chance for a material error is not that big. Some wrong DOT’s do not cause a material error, then it must be a structural mistake. Controllers should not see these

errors in their monthly reports and the errors should not be revealed by the self-examination and the control of the health insurer. The chance that there are material

errors passing through all these controls is very small.” – Supervisor Josh

Assistant managers Kim and Ton agreed and indicated that an error would be discovered by the self-assessment or by the internal control function of the hospital. Hereby, manager Stef argued that hospitals are increasingly benefiting from good control. This will lead to better invoices and higher revenues.

The interviewees also explained that if an error occurred, the hospital will correct these so that the DOT can still be invoiced. If it is not possible to correct the error, than the DOT is not invoiced.

When asking about fraud risks, only assistant manager Ton indicated the risk of upcoding.

“A medical specialist could increase certain activities that are not performed. For example: the number of meetings with a patient.”

Other interviewees mentioned general fraud risks like purchasing or the risk of science fraud at an UMC.

(30)

29

When asking specifically for the chance for upcoding, most of the interviewees did not experience an incentive for this fraud risk.

“I think there might be an incentive, but this is real fraudulent behavior. Medical specialists are educated somewhat differently, also in moral ethics. Overall, I estimate the

chance for upcoding low. Would a medical specialist who earns 400.000 Euro’s a year, put everything at stake for it?” – Assistant manager Ton

Manager Stef agreed, he thought there was no trigger for this type of fraud although he indicated that this fraud risk is considered during the interim phase of the audit. Other interviewees explained that with effect from 1 January 2015, there was one integrated tariff for both the fee for the medical specialist and the costs for the hospital. The fee for the medical specialist is thus not separated anymore and reduces the risk of upcoding. Another reason mentioned was that the risk of upcoding depends on whether the medical specialist has a partnership with the hospital or is on payroll.

“In the hospital that I audit, the medical specialists are on payroll. Thus, the medical specialists will not become any better from upcoding.” – Senior manager Nina

Assistant manager Ton indicated that the biggest part of medical specialists are on payroll nowadays. Thus, there are little incentives.

Another reason is that to commit upcoding, the medical specialist should understand the full declaration process in its finest details.

“They need to be well-informed about what needs to be upcoded to receive a higher payment. They also should know what the extra payment would be” … “I think we are not

there yet” – senior manager Nina

However, she also indicated that:

“The bigger and better the regulation becomes, the greater the risk” … “because if margins get tighter, the more medical specialists will try. That is a normal effect” – Senior

manager Nina

Lastly, interviewees indicated that the internal controls mentioned in section 4.4 were sufficient to reduce the risk of upcoding and errors.

(31)

30

5. Discussion

5.1 - DOT problems then and now

The literature mentioned that there were different problems when implementing the DOT-system in 2012. One of the biggest problems was that auditors gave qualified opinions for the annual reports of 2012 and 2013 due to uncertainties. Interviewees acknowledged that there were a lot of problems back then. These uncertainties were mainly related to the

administrative processing of DOT’s. When looking back at the DOT-implementation, auditors experienced this change as either fascinating or interesting and also as an improvement of the previous system. However, auditors think hospitals experienced this change as unnecessary, unbelievable and as a ballast. This suggests that the implementation of the DOT-system had more implications for hospitals than for auditors. This is also very likely. Hospitals had to implement the new system and get comfortable with the new system. Auditors only check if the financial statements are correct and thus do not need to know every detail of the new system.

Nowadays, uncertainties are a lot less. Auditors experience the audit of a hospital as easier than before because the system is now stable and hospitals have mastered the declaration system. The AO/IC of hospitals did also improve. However, there are still some uncertainties. These uncertainties include that regulation is a lot and it is difficult to keep track of all the details. There are still errors which are retroactively corrected and there are still uncertainties in the allocation of claims in the correct financial year and the estimation of work in progress. These uncertainties are more or less the same as during the introduction of the DOT-system, but these are not material anymore due to experience. This is a straightforward reason because the more time passes by, the more experienced both the hospital and the auditor will become. There is also more information available, which makes it possible to use data-analysis during the audit. Rules are also more clarified than before, which have caused the ambiguity of rules to decline. So, because there are no material uncertainties anymore, the uncertainty paragraph in the annual report is not needed anymore.

(32)

31

5.2 - Audit quality and methodologies

According the ISA’s, the auditor should obtain sufficient and appropriate audit evidence to reduce the audit risk to an acceptably low level. These procedures are dependent on the company and what the auditor thinks will be necessary to obtain sufficient and appropriate audit evidence.

Auditors stated that hospitals are seen as high risk clients by their auditing organization. This means that there are always two partners involved at the audit of a hospital to provide more certainty. Especially the revenues are perceived as a significant risk. However, the amount of risks in hospitals is not higher than that of other organizations. They do have other risk areas, but the total risk profile is more or less the same. This is a contradictory, because if hospitals have the same risk profile as other companies, they should not been seen as a standard high risk client. An explanation might be that hospitals at first had no financial risks at all. They do have financial risks now. This might cause the accounting organization to be more careful during the audit, because a mistake can have big consequences for the accounting

organization as well as for the hospital. Another reason could be that regulation is still changing every year. It is very important to keep up with this regulation. A last reason could be that there are new technological developments in the health care sector. This will cause complex care shifting away from smaller hospitals to larger medical centers and non-complex care to private clinics and homes. This will create future risks for general hospitals.

To conclude: risk are determined with the help of standard procedures. These standard procedures are applicable to every company. Although there are work programs which are health care specific, these need to be made specific for the relevant company with the help of judgement. The overall risk profile and the time to determine relevant risks is more or less the same as that of another organization.

5.3 - Internal control

Due to the implementation of the DOT-system, the AO/IC of hospitals became more important. These internal control systems should be taken into account by the auditor. Auditors mentioned that there were different internal control systems implemented by hospitals for example: segregation of duties, checks and balances in the system, investments in IT and the self-assessment. Auditors take these systems into consideration during the

Changing regulation in Dutch health care institutions: the problems identified