May 8, 2025
Five Steps to Build an Audit Plan That Actually Works
- by Shannon DeConda, Partner, Founder and President of NAMAS
Itâs Not an Audit Plan If It Never Changes
Are you still using the same audit plan year after year? If so, youâre probably getting the same resultsâand honestly, you should be. Repeating the same process and expecting something different isnât strategy, itâs just routine. The point of an audit isnât to chase a perfect score and move on. Itâs about finding opportunities to improve. So, if your audit plan isnât setting you up to uncover new compliance risks or reflect the changes happening in your practice, then itâs not doing its job. Thatâs why updating your audit plan annually is critical.
Letâs break this down into five easy steps to update your audit plan. Whether youâre just getting started or trying to shake off an outdated routine, these steps will help you refocus your efforts, respond to real-time risks, and stay ahead of compliance challenges.
Step 1: Review Your Past Audit Data and Look for Patterns, Not Just Scores
Trend your audits over time and ask yourself a few key questions:
⊠Are there any providers who consistently stand out, for better or worse?
⊠Are you seeing the same coding or documentation errors over and over?
⊠Are your accuracy scores trending up, down, or just floating around randomly?
⊠Are particular codes, like high-level E/M or common modifiers (25, 59), always popping up?
This isnât just about identifying what went wrong, itâs about understanding what needs your focus next. Trends over time are your best signal for risk areas that need attention.
Step 2: Consider Your Previous Audit Focus and Audit Whatâs Changed
Your audit plan should evolve with your practice. Whatâs changed since your last plan? Consider:
⊠New Service Lines: Have you started offering CCM, remote monitoring, or telehealth? If so, those need to be part of your audit scope. And donât forget documentation must support medical necessity, especially when youâre billing new codes.
⊠High-Volume or High-Risk Services: What do you bill the most? Whatâs most likely to raise flags with payers? Services with known compliance risks, like high-level visits or common modifiers (24, 25, or 59), deserve regular review.
⊠Known Problem Areas: If a provider or service line has been problematic before, keep it on the radar. This isnât about punishment, but it is about making sure youâre actually improving, not just moving on.
Your audit plan isnât a one-and-done project. It should evolve with your practice, your services, and what payers are paying attention to. Keep it current and keep it relevant.
Step 3: Sample Size MattersâMatch It to Your Services
Letâs talk about what everyoneâs thinking about budget. No one wants to drain resources, and thatâs fair. But hereâs the hard truth: your budget becomes a much bigger issue when compliance lapses lead to repayments, penalties, or a formal corrective action plan.
You donât need to overspend, but you do need to spend wisely. Your audit sample should be sized to reflect your actual billing risks, not just whatâs cheapest or easiest.
Make your sample size count.
⊠For an E/M-heavy practice, 10 encounters per provider might be reasonable.
⊠But if youâre dealing with surgical procedures, advanced care management, or multiple service lines, your sample should reflect that complexity.
CMS mentions a floor of 5 encounters per provider. Thatâs the minimum necessary, but not a gold standard. If you want real insight, aim for 10 to 20 per provider, just remember, thatâs a starting point, not a ceiling.
Bottom line: audit what you bill. Match your sample size to your servicesânot your headcount. Sampling based on staff numbers might be simple, but it wonât tell the full story. Your sample should align with what you actually do because thatâs where risk lives.
Step 4: Use the Results Because Thatâs Where the Value Is
Going through the audit process isnât the goal. What happens after you pull the charts, thatâs where the real value begins.
Quick, targeted education goes a long way toward keeping everyone on the same page. Get your findings in front of the right peopleâproviders, coders, auditorsâand be ready to clarify what needs to change and why.
Next, if youâre seeing patterns or systemic issues, youâve got to fix them. That might mean updating your documentation templates, cleaning up your coding processes, or doing more hands-on training. Whatever it takes, donât let those issues sit.
Sometimes it might be necessary to develop a formal corrective action plan (CAP). Start by clearly identifying the problem, outlining the corrective steps, assigning responsibility, and defining the process for resolution. When appropriate, consider consulting a health law attorney or even our litigation support team at DoctorsManagement to make sure your bases are covered, and your plan is defensible. This is about protecting your compliance posture and proactively managing risk.
Step 5: Document EverythingâSeriously, Everything
Documentation is your audit trail. If itâs not captured, itâs as if it never occurred, at least from a compliance perspective. That record validates the steps youâve taken to educate, correct, and improve. Itâs the evidence that shows your organization didnât just identify a problem; it acted on it.
Document:
⊠The audit results
⊠The education you provided
⊠Any policy updates or system changes you made in response
And if you found errors? Correct them. Letting known issues continue unchecked moves you from âoversightâ to âexposure.â Compliance isnât optional, especially when youâve got proof something was wrong.
Strategy Over Routine
So, letâs circle backâdo you have an audit plan, or just a habit?
An effective audit plan is strategic, documented, and adaptable. Itâs a tool you reference, not a mental checklist you occasionally think about. Whether youâre protecting your revenue or your peace of mind, your audit plan should be a source of clarity and confidence.
Need a Little Help?
If youâre ready to take the next step, join us this May for a free interactive workshop where we dig into real strategies for building better audit plans. Or, if your audit process needs a full reboot, reach out. The DoctorsManagement team is here to help you build something that works for your practice.
