Generic Health Care Hospital: The Road to an Integrated Risk Management System

ABSTRACT: Three related areas—Sarbanes-Oxley's requirements for control reports, COSO's Enterprise Risk Management (ERM) suggested control structure, and the enterprise risk management process—need more classroom materials to demonstrate to students the importance of a cohesive risk analysis process and control system for an organization to be successful and competitive. This case requires students to understand the importance of risk management, the implementation of an internal control structure, and a controls review in a hospital setting for compliance and administration of Medicare and Medicaid costs. Although the facts of the case are based on professionals' consulting experiences, the hospital in the case is fictional and is a composite of many client engagements. This case is appropriate for an analysis for potential fraud, a Sarbanes-Oxley Act (SOX) review of risks and internal controls, assessment of compliance with laws and regulations, and implementation of an enterprise-wide risk management s...