May 8, 2025
Five Steps to Build an Audit Plan That Actually Works
- by Shannon DeConda, Partner, Founder and President of NAMAS
It’s Not an Audit Plan If It Never Changes
Are you still using the same audit plan year after year? If so, you’re probably getting the same results—and honestly, you should be. Repeating the same process and expecting something different isn’t strategy, it’s just routine. The point of an audit isn’t to chase a perfect score and move on. It’s about finding opportunities to improve. So, if your audit plan isn’t setting you up to uncover new compliance risks or reflect the changes happening in your practice, then it’s not doing its job. That’s why updating your audit plan annually is critical.
Let’s break this down into five easy steps to update your audit plan. Whether you’re just getting started or trying to shake off an outdated routine, these steps will help you refocus your efforts, respond to real-time risks, and stay ahead of compliance challenges.
Step 1: Review Your Past Audit Data and Look for Patterns, Not Just Scores
Trend your audits over time and ask yourself a few key questions:
✦ Are there any providers who consistently stand out, for better or worse?
✦ Are you seeing the same coding or documentation errors over and over?
✦ Are your accuracy scores trending up, down, or just floating around randomly?
✦ Are particular codes, like high-level E/M or common modifiers (25, 59), always popping up?
This isn’t just about identifying what went wrong, it’s about understanding what needs your focus next. Trends over time are your best signal for risk areas that need attention.
Step 2: Consider Your Previous Audit Focus and Audit What’s Changed
Your audit plan should evolve with your practice. What’s changed since your last plan? Consider:
✦ New Service Lines: Have you started offering CCM, remote monitoring, or telehealth? If so, those need to be part of your audit scope. And don’t forget documentation must support medical necessity, especially when you’re billing new codes.
✦ High-Volume or High-Risk Services: What do you bill the most? What’s most likely to raise flags with payers? Services with known compliance risks, like high-level visits or common modifiers (24, 25, or 59), deserve regular review.
✦ Known Problem Areas: If a provider or service line has been problematic before, keep it on the radar. This isn’t about punishment, but it is about making sure you’re actually improving, not just moving on.
Your audit plan isn’t a one-and-done project. It should evolve with your practice, your services, and what payers are paying attention to. Keep it current and keep it relevant.
Step 3: Sample Size Matters—Match It to Your Services
Let’s talk about what everyone’s thinking about budget. No one wants to drain resources, and that’s fair. But here’s the hard truth: your budget becomes a much bigger issue when compliance lapses lead to repayments, penalties, or a formal corrective action plan.
You don’t need to overspend, but you do need to spend wisely. Your audit sample should be sized to reflect your actual billing risks, not just what’s cheapest or easiest.
Make your sample size count.
✦ For an E/M-heavy practice, 10 encounters per provider might be reasonable.
✦ But if you’re dealing with surgical procedures, advanced care management, or multiple service lines, your sample should reflect that complexity.
CMS mentions a floor of 5 encounters per provider. That’s the minimum necessary, but not a gold standard. If you want real insight, aim for 10 to 20 per provider, just remember, that’s a starting point, not a ceiling.
Bottom line: audit what you bill. Match your sample size to your services—not your headcount. Sampling based on staff numbers might be simple, but it won’t tell the full story. Your sample should align with what you actually do because that’s where risk lives.
Step 4: Use the Results Because That’s Where the Value Is
Going through the audit process isn’t the goal. What happens after you pull the charts, that’s where the real value begins.
Quick, targeted education goes a long way toward keeping everyone on the same page. Get your findings in front of the right people—providers, coders, auditors—and be ready to clarify what needs to change and why.
Next, if you’re seeing patterns or systemic issues, you’ve got to fix them. That might mean updating your documentation templates, cleaning up your coding processes, or doing more hands-on training. Whatever it takes, don’t let those issues sit.
Sometimes it might be necessary to develop a formal corrective action plan (CAP). Start by clearly identifying the problem, outlining the corrective steps, assigning responsibility, and defining the process for resolution. When appropriate, consider consulting a health law attorney or even our litigation support team at DoctorsManagement to make sure your bases are covered, and your plan is defensible. This is about protecting your compliance posture and proactively managing risk.
Step 5: Document Everything—Seriously, Everything
Documentation is your audit trail. If it’s not captured, it’s as if it never occurred, at least from a compliance perspective. That record validates the steps you’ve taken to educate, correct, and improve. It’s the evidence that shows your organization didn’t just identify a problem; it acted on it.
Document:
✦ The audit results
✦ The education you provided
✦ Any policy updates or system changes you made in response
And if you found errors? Correct them. Letting known issues continue unchecked moves you from “oversight” to “exposure.” Compliance isn’t optional, especially when you’ve got proof something was wrong.
Strategy Over Routine
So, let’s circle back—do you have an audit plan, or just a habit?
An effective audit plan is strategic, documented, and adaptable. It’s a tool you reference, not a mental checklist you occasionally think about. Whether you’re protecting your revenue or your peace of mind, your audit plan should be a source of clarity and confidence.
Need a Little Help?
If you’re ready to take the next step, join us this May for a free interactive workshop where we dig into real strategies for building better audit plans. Or, if your audit process needs a full reboot, reach out. The DoctorsManagement team is here to help you build something that works for your practice.
