How to Avoid FDR Oversight Issues in a CMS CPE Audit

First Tier, Downstream or Related Entity (FDR) Oversight continues to be a hot topic for the Centers for Medicare and Medicaid Services (CMS) and plan sponsors. CMS auditors annually find deficiencies in FDR oversight and monitoring activities in program audits, with poor oversight of FDRs trending as a common condition in yearly audits.

Many plan sponsors consider an FDR as a risk only if a problem materializes. This is a mistake. All FDRs are operational and compliance risks. The extent of the risk exists in the type of functions the FDR performs, potential and actual member impact, and FDR issues.

Common Mistakes

Lack of proper identification and documentation of FDR activities and the plan’s own oversight activities are habitual issues we see during Compliance Program Effectiveness (CPE) audits. There seems to be confusion within FDR documentation where sponsors fail to do the following:

  • List and rank all their FDRs on risk assessments
  • List all audits of FDRs in their audit workplans
  • List all FDR monitoring activities in their monitoring workplans
  • Identify proper first tier entities in the First-Tier Entity Auditing and Monitoring (FTEAM) record layout
  • Identify auditing and monitoring activities of FDRs in the audit and monitoring record layouts

Auditors will crosswalk the above information to determine if plan sponsors have a firm understanding of their responsibility for their FDRs. If the plan sponsor does not connect the dots between the data, then auditors will assume there is a problem and go on a hunt to find it.

How to Successfully Manage FDRs

Successfully managing the data requirements for these documents as part of everyday operations helps plan sponsors succeed in a CPE audit. The audit record layouts are an output of the audit and are not normally viewed as operational management tools. However, we suggest that plan sponsors do just that.

For example, if you list a monitoring activity in the monitoring workplan, then that activity should be documented in the monitoring record layout (given universe timeframes). We often find that this is not the case. We also find it true in the reverse, where the monitoring activity is reported in the audit record layout but not listed as a monitoring activity in the monitoring workplan.

While the mistake may be a documentation error, it signals to auditors a deeper issue where the veracity of the monitoring activity is questioned.

As a simple rule, whatever is in the risk assessment and the monitoring and auditing workplans will also be included in the CPE record layouts. Cross-checking the operational documents to the audit documents on a regular schedule will keep you organized and sane during an audit.

For help enhancing the effectiveness of your health plan’s compliance program, contact us today for a consultation.