Information Technology (IT) Audits and Regulatory team is responsible for working with external and internal auditors to ensure IT compliance with regulatory requirements. This team is also responsible for management of IT audits being requested by Federal and State Regulators, software vendors, Compliance and Finance; and to support new partnership requirements for the IS organization, including all products and lines of business.
The primary responsibility of the IS Audit and Compliance Specialist Lead is to support audit activities that impact the IT organization and ensure the IT organization remains compliant with IT policies, standards, systems development methodology and other applicable industry accepted computing practices. This includes the coordination of testing, documenting, evaluating, remediating, and improving internal controls for effectiveness and operational efficiency. The IS Audit and Compliance Specialist Lead will fulfill these duties by collaborating with internal and external audit teams, IT management, consultants, and other stakeholders to ensure compliance project deliverables are met.
The IS Audit and Compliance Specialist Lead is also responsible for responding to RFPs/Performance Guarantees/Security Questionnaires with input from Subject Matter Experts (SMEs) and IT Management for the IS organization.
KEY RESPONSIBILITIES/ESSENTIAL FUNCTIONS* (in order of importance)
State and Federal audits include the Mass DOI, Model Audit Rule (MAR), CMS Audits of our Medicaid and Medicare plans (CMS Program Audit, Data Validation , EQRO, CMS Financial Audit, Denial Letter Monitoring, HEDIS), NIST Compliance and Attestation for the Defense Health Agency (DHA).
* Functions as Project leader on all assignments related to audits that impact the IT organization. Identifies and procures required resources from IT and business areas.
* Facilitates and monitors the audit activities.
* Educates and prepares SME's (subject matter experts) for audit interviews, sets expectations
* Develops and obtains audit populations, samples, and other evidence from SMEs
* Leads auditors and business through testing and walkthrough procedures to determine company compliance
* Collaborate with IT SMEs and Management to provide evidence of IT Controls in place, or demonstrate compensating controls.
* Evaluates the adequacy and timeliness of management's responses, corrective action plans, and audit reports
* Provide information and make recommendations to upper management in areas of IT Controls and compliance thereof.
* Provide leadership support to IT SMEs and IT Management in the design, development and implementation of mitigation strategies as needed.
* Monitors audit activity, including any related IT development work such as Universe Development and merging of business, IT and vendor data.
RFPs/Performance Guarantees/Security Questionnaires:
RFPs (Request for Proposal) are received from prospective and existing clients.
Activities include: :
* Gather responses from IT Subject Matter Experts and Management for all IT and Security related RFPs, RFIs, Security Questionnaires, and Performance Guarantees as requested by the RFP Team, Sales or other department
* Constructs or solicits RFP responses for validation by IT management
* Provides responses timely and consistently
* Works with key stakeholders to validate security responses.
* Updates IT responses for RFP Database
The Information Systems department follows the SEI CMMI framework. The CMMI model provides guidance for applying CMMI best practices in a development organization. Best practices in the model focus on activities for developing quality products and services to meet the needs of customers and end users.
Tufts Health Plan has defined and documented the Quality Review process to comply with the Product and Project Quality Assurance (PPQA) process area within SEI CMMI.
IS Audit and Compliance Lead responsibilities include:
* Develops the Quality Review Audit Plan
* Leads Quality Audits
* Verify that audit personnel have the experience or training required to address the scope, complexity or special nature of the activities to audit
* Executes the audit; conducts interviews , documents findings,, recommends process improvements.
* Issues Audit Report and follows up on any needed process improvements.
* Maintains metrics and trend reporting