Jun 14, 2018
Handling thousands of security audit questions per month while also conducting routine internal audits is a daunting and tiring task. Audit fatigue is real! However, meeting security audit requests has become a standard for doing business in the healthcare industry. This CyberPHIx episode examines successful approaches to handling security audits from a vendor’s perspective. Hear from Chris Risley, Executive Director Enterprise Risk Management of NASCO, an exclusive provider of claims processing and other services to Blue Cross / Blue Shield Plans across the country. This discussion addresses some of the following questions:
- How do you help your organization to combat audit fatigue?
- What standards do you have in place to improve responsiveness and drive efficiencies in the audit process?
- How do you handle capacity constraints in managing a portfolio of audits with limited bandwidth and staff?
- How does effective security risk management correlate to business value and how is that value communicated to leadership and the marketplace?
Show Notes:
- 1:04 Intro
- 2:11 Increase volume for various audit plans
- 3:07 Organizing to respond to audits
- 5:39 What are the common frame works for audit questions
- 7:41 Can you be proactive in response to eliminate fatigue
- 10:35 How far should organization go with being transparent
- 12:49 Are more resources going to be needed for responding to audits
- 15:33 How to prioritize internal risk management
- 18:03 How flexible does your internal audit plan need to be
- 19:49 What are the common pitfalls for creating a plan
- 23:45 How to combat audit fatigue
- 26:25 How to communicate risk to leadership
- 33:12 Use of analogies to help communicate
- 36:16 How to manage the organization change within the business
- 42:05 Key Findings
- 42:54 Introduction for next podcast