Audit Division

The IG Audit Division conducts risk-based performance, provider, and information technology audits related to (a) services delivered through medical providers and contractors and (b) programs, functions, processes, and systems within the Health and Human Services (HHS) System, to help identify and reduce fraud, waste, abuse, and mismanagement.  While there are sometimes variations in which audit type is performed for a given entity being audited, the categories are generally defined as follows.

  • Performance Audits:  Review the effectiveness and efficiency of HHS System program performance and operations.  The IG Audit Division makes recommendations to mitigate performance gaps and risks that could prevent HHS System programs from achieving their goals and objectives.  These audits may make recommendations that funds be put to better use.
  • Provider Audits:  Assess contractor or medical service provider compliance with criteria contained in legislation, rules, guidance, or contracts, and to determine whether funds were used as intended.  These audits may identify questioned costs or unsupported costs.
  • Information Technology Audits: Assess compliance with applicable information technology requirements and examine the effectiveness of general and application controls for systems that support HHS System programs or are used by contractors or  business partners who process and store information on behalf of HHS programs.  These audits may make recommendations for information technology control improvements and to mitigate security vulnerabilities.

For more information about the Audit Division, please visit our Providers page.

Two-Year Rolling Audit Plan. Updated April 26.

Overview of the Audit Process.

Audit Division Risk Assessment.

Read the opinion letter issued by the team that performed our external quality assurance review, issued in January 2017.