1. Audit of Health Insurance Operations ABSTRACT
The City has outsourced the administration of
health insurance claims. Further monitoring of the
Third-Party Administrator would provide further
assurance that claims are adjudicated efficiently. In
addition, the City has generally established
adequate controls over benefits plan management
NG� and participant enrollment.
�NSVRP
NE Internal Audit Department
City Auditor
Madison Rorschach, CIA, CGAP
Audit Staff
AUDIT OF HEALTH Neeraj Sama, MBA
INSURANCE OPERATIONS
IIT crry
DENTON
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Table of Contents
Auditat a Glance .................................................................................................................................3
Introduction.........................................................................................................................................4
ManagementResponsibility.....................................................................................................................4
Audit Objectives, Scope, and Methodology..............................................................................................4
Findings&Analysis..............................................................................................................................6
Medical Benefits Plans are Appropriately Monitoried for Compliance & Utilization...............................7
Plan Enrollment is Adequately Managed; Dependent Monitoring Could Lower Costs............................8
Claim Administration Controls Appear Adequate but Should be Regularly Reviewed ..........................10
Claims Funding Process Should be Clarified ...........................................................................................14
Periodic Verification of the TPA's Performance Would Increase Assurance..........................................15
Appendix A: Management Response Summary.................................................................................. 18
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Audit at a Glance
Why we did this Audit: What we Found:
As a self-funded health insurance The City has outsourced the administration of health
provider,the City has a fiduciary duty insurance claims to a Third-Party Administrator;
to its residents and employees to however, it is responsible for managing the benefits
ensure health care services are being plans offered to employees as well as participant
provided economically. Annually, the enrollment. Findings for each of these processes are
City pays over $25 million in health summarized below:
insurance claims for City employees
and their dependents. This audit was Benefits Plan Management. The City has developed
included on the City's fiscal year two health insurance plans with the assistance of an
2019-20 Audit Plan as approved by Employee Benefits Consultant who negotiates with
the City Council. health care providers and facilitates plan compliance
with applicable regulations. The Consultant also
provides regular reports on plan and network
What we Recommend: utilization, which adequately allows the City to
monitor health insurance operations funding levels.
Recommendation 1
Periodically identify and remove Participant Enrollment. The City has developed
ineligible dependents who are not adequate controls to ensure changes in health
removed by employees in a timely insurance plan enrollment are communicated to the
manner. Third-Party Administrator. In addition, the City is
adequately verifying that employees' dependents are
Recommendations 2, 3, &4 eligible for coverage when enrolled; however,there is
Regularly review the Third-Party no process to periodically verify that dependents are
Administrator's claims processing still eligible for coverage.
controls and report results to City
Management. Claims Administration. The City's Third-Party
Administrator appears to have developed adequate
Recommendation 5 controls over claims administration; however,the City
Annually verify that all individuals should regularly review available independent audit
with access to the City's health and performance reports to ensure this continues. In
insurance portal are authorized. addition, conducting an independent review of
adjudicated claims could help identify claim
Recommendations 6 processing & plan implementation errors and verify
Clarify the claims reimbursement that performance guarantees are met.
reconciliation process.
Finally, the City has an effective process for funding
Recommendation 7 health insurance claims. Still, updating this process
Implement procedures to verify that documentation to include Finance's responsibility
the Third-Party Administrator is would facilitate consistency and provide clarity on
meeting performance guarantees. funding authorization levels4(I01
ry
m
DENTON
Audit report translations may be requested by emailing InternalAudit@CityofDenton.com.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Introduction
The Internal Audit Department is responsible for providing: (a) an independent appraisal' of City
operations to ensure policies and procedures are in place and complied with, inclusive of
purchasing and contracting; (b) information that is accurate and reliable; (c) assurance that assets
are properly recorded and safeguarded; (d) assurance that risks are identified and minimized; and
(e) assurance that resources are used economically and efficiently and that the City's objectives
are being achieved.
The Internal Audit Department has completed a performance audit of health insurance operations.
We conducted this performance audit in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit to obtain sufficient,
appropriate evidence to provide a reasonable basis for our findings and conclusions based on our
audit objectives.We believe that the evidence obtained provides a reasonable basis for ourfindings
and conclusions based on our audit objectives.
Management Responsibility
City management is responsible for ensuring that resources are managed properly and used in
compliance with applicable regulations; programs are achieving their objectives; and services are
being provided efficiently, effectively, and economically.
Audit Objectives, Scope, and Methodology
The Internal Audit Department has completed an audit of health insurance operations including
benefits plan management, participant enrollment, and claims administration. This report is
intended to provide assurance that City management has established adequate processes and
procedures to ensure health insurance operations are effective, efficient, and economical.
Audit fieldwork was conducted during September and October of 2020.The scope of review varied
depending on the procedure being performed. The following list summarizes major procedures
performed during this time:
• Reviewed documentation to develop criteria including industry standards, best practices,
policies, and procedures;
• Developed process narratives to identify current control activities in the participant enrollment
and claim funding processes that was certified by Risk Management and Finance staff;
• Interviewed Risk Management and Finance staff as well as representatives from the City's
Employee Benefits Consultant firm;
• Inspected a statistical sample of 78 dependentS2 eligibility documentation to ensure they were
verified according to the City's requirements and reviewed the 2019 Dependent Eligibility Audit
results;
v
CLO
r
1 The City of Denton Internal Auditor's Office is considered structurally independent as defined by generally accepted government auditing
standard 3.56.
2 This sample size provides with 95%confidence that the true sample mean is within±15%of the sample estimate.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
• Reviewed contracts entered with the Third-Party Administrator and Employee Benefits
Consultant;
• Assessed the Third-Party Administrator's 2019 Service Organization Control Report and the
2017, 2018, and 2019 Performance Guarantee Reports; and
• Examined supporting documentation for payments made to the Third-Party Administrator for
administrative fees and claims reimbursement.
v
nA
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Findings & Analysis
Health insurance operations have three functional parts that must work together to ensure health
care services are provided effectively.The City of Denton is a self-funded health insurance provider,
meaning that it is ultimately responsible for all three parts including the sole responsibility for
paying all health insurance claims.'These parts and associated processes are shown in Figure 1.
Figure 1: Health Insurance Operations
Benefits
_ •Plan & Network Development -
*Utilization Monitoring
Enrollment •Coverage Change Management
*Participant Eligibility
*Processing
•Payment funding
In general, the Risk Management Division of the Human Resources Department is responsible for
directing the City's health insurance operations.The City has contracted with two outside vendors
to provide the following services:
➢ The Employee Benefits Consultant assists in developing the benefits plan and provider
network as well as monitoring plan utilization; and
➢ The Third-Party Administrator processes health insurance claims including receipt and
adjudication.'
The City of Denton accounts for its health insurance plan contributions and claim payments in a
separate Health Insurance Fund.6 Figure 2 illustrates the associated revenues and expenses.
Figure 2: Health Insurance Contributions & Payments Summary
$30,000,000
$25,000,000
$20,000,000
$15,000,000
$10,000,000
$5,000,000
$0
FY15-16 FY16-17 FY17-18 FY18-19 FY19-20
iiiiiiiiiiiiiiim Employee Contributions iiiiiiiiiiiiiiim City Contributions Health Insurance Payments a)
W
M
a
3 A Self-Funded Health Insurance Plan is different than a Traditional Health Insurance Plan,in which the City would pay a Health Insurance
provider administration fees and premiums to manage all aspects of the health insurance operations.
4 The Health Insurance Third-Party Administrator is not responsible for processing workers'compensation claims.
s Health insurance claim adjudication encompasses determining how a benefits plan applies to a claim.
6 The Health Insurance Fund also accounts for dental,vision,and disability coverage contributions and payments as well as the costs to operate
a City health clinic.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
This audit generally evaluated all parts of the City's health insurance operations including benefits
plan management, participant enrollment, ' and claims administration. The City also operates a
health clinic for its employees; however, clinic operations were not evaluated as part of this audit.
Medical Benefits Plans are Appropriately Monitoried for Compliance & Utilization
As a self-funded health insurance provider,the City is responsible for developing and managing its
own health insurance plan including:
➢ Deciding what benefits employees will receive;
➢ Establishing a health care provider network;
➢ Monitoring plan utilization and projecting funding needs; and
➢ Ensuring compliance with applicable regulations.
What We Found
• The City has contracted with McGriff, Seibels & Williams, Inc. (McGriff) to assist its Risk
Management staff in these efforts as an Employee Benefits Consultant.
o McGriff generally appears to be complying with its contract conditions and is
adequately assisting with the administration of the City's benefits plans.
• McGriff assists the City in creating and administering its health insurance plans and contracting
with health care providers and Third-Party Administrators as needed.
• McGriff periodically provides claims analysis reports to the City which cover the City's benefits
plans'expenses, plan and network utilization,claim trends,and other information enabling City
staff to effectively manage and report on health insurance claims.
• Monthly, the City holds Employee Insurance Committee meetings to review claim payments
and plan and network utilization. McGriff representatives attend the meetings to provide
advice on current issues, if needed.
• The City manages compliance with health insurance benefits related rules and regulations with
McGriff's assistance.
o McGriff tracks the City's compliance with ERISA, COBRA, HIPAA, the Affordable Care
Act, and other applicable rules and regulations and provides regular compliance
deadline updates, City-specific compliance checklists, and legal disclosure guides to
the City staff for proper compliance.
Why It Matters
As a self-funded health insurance provider, the City has a fiduciary duty to its employees and
residents to ensure it is appropriately monitoring plan utilization and compliance. The City has
established effective monitoring procedures to ensure its health insurance plan is adequately
utilized. In addition, information and guides provided by McGriff provide further assurance that
7 Enrolled City employees and their dependents are considered participants.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
the City is complying with all applicable regulations— including its fiduciary duty. These processes
help the City lower costs and avoid potential non-compliance penalties.
Recommendation: None
Plan Enrollment is Adequately Managed; Dependent Monitoring Could Lower Costs
The City is required to pay its Third-Party Administrator an administration fee for each participant
enrolled in its health insurance plans. Similar to other organizations, the City offers health
insurance coverage to its employees and their dependents; the City considers the following
individuals dependents:
• An employee's legal spouse • An employee's natural child, stepchild, or adopted child
• An employee's common law spouse • A child under the employee's legal guardianship
The City offers its employees and their dependents Gold and Silver health insurance plans, which
have differing levels of coverage. Employees may choose either plan or may elect to not enroll in a
City health insurance plan.At the end of fiscal year 2019-20 the City had a total of 1,326 employees
enrolled with an additional 2,207 dependents as illustrated in Figure 3.
Figure 3: City Health Insurance Plans Enrollment (FY19-20 Year End)
900
800
700
v) 600
500 ■Employees
72
400 ■Spouses
300 Children
200
100
0
Gold Plan Silver Plan
What We Found
• Weekly, the City's benefits system automatically communicates plan enrollment changes to
the Third-Party Administrator.
o Enrollment is verified monthly as part of the Third-Party Administrator's administration
fee invoicing. Based on a review of three sample invoices paid during the past three
fiscal years, all bills were accurately paid based on the contracted price per enrollee
and the number of enrollees per health insurance plan as of the billing date.
• The City requires new and existing employees to submit dependent eligibility documentation
when new dependents are added to their health insurance plan. In order to verify eligibility, an 00
employee must complete a Dependent Verification Form and submit certain legal documents a,
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
that support the relationship between the employee and dependent. These documents
typically include the following:
o Marriage certificate;
o Birth certificate; and
o Court document that establishes the relationship between the employee, or their
spouse, and the child.
• Prior to fiscal year 2019-20,there was no process to verify new dependents' eligibility. During
2019, the City hired an outside consultant to conduct a dependent eligibility audit. This audit
found that about 98 percent of the City's dependents were eligible for coverage as shown in
Table 1.
Table 1: Dependent Audit Results (Oct. 2019)
Audit Status Dependents Percentage
Passed 2,299 97.9%
No Response 26 1.1%
Incomplete 18 0.8%
Ineligible 5 0.2%
Total: 2,348 100.0%
o Of the 49 employees who did not pass the 2019 Dependent Eligibility Audit, 17 were
still covered by the City's health insurance at the end of fiscal year 2019-20. Based on
discussions with Risk Management staff, two of these dependents had not been
adequately verified since completion of the audit. These two dependents have since
been adequately verified and remain covered by the City's health insurance plans.
• Based on a statistical sample of employees whose coverage began after Oct. 2019 and before
Oct. 2020, about 96 percent of dependents' eligibility was verified as per the City's
requirements.These sample results are shown in Table 2.
Table 2: Dependent Verification Sample Results (FY19-20 Year End)
Verification Method No.of Dependents Percentage
Dependent Audit 42 53.85%
Submitted Documentation 33 42.31%
Process Exception$ 2 2.56%
Not Verified 1 1.28%
Total: 78 100.00%
o Only one dependent reviewed as part of the sample was not verified prior to
enrollment. This dependent was enrolled in coverage after the 2019 Dependent
Eligibility Audit began, but before the new dependent eligibility verification process
was implemented. Based on a review of current dependent coverage dates,there may
be about 20 additional dependents who were not verified when their coverage was a,
initiated. ro
n0
Cl-
These dependents were not enrolled per the City's stated eligibility verification process;however,both appeared to be eligible upon review.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
• The City's benefits system automatically removes dependent children who age out of coverage
from the City's health insurance.
o Of a judgement sample of 47 dependents who aged out of the City's health insurance
plan between Oct. 2019 and Oct. 2020, all were appropriately removed.
o Other than this automatic removal process, there is no process to periodically verify
that dependents are still eligible for coverage, which increases the risk that
dependents such as spouses and stepchildren may remain covered inappropriately.
• For the plan year 2021 open enrollment process, employees are required to attest that their
enrolled dependents are eligible per the City's requirements.This practice should help remind
employees of their responsibility to remove ineligible dependents.
Why It Matters
The number of participants enrolled in a health insurance plan is the most critical cost driver. For
that reason, it is critical to ensure that the Third-Party Administrator receives accurate enrollment
information and that any changes are promptly communicated. The City has established adequate
processes to communicate and confirm enrollment changes with the Third-Party Administrator.
Similarly, ensuring that only eligible dependents are enrolled demonstrates that the City meets its
fiduciary duty and ultimately reduces costs to City employees and Denton residents. While
performing this verification before enrollment decreases this risk, periodically verifying that
dependents remain eligible would provide further assurance that these savings are realized.
Recommendation:
1. Develop and formalize a process for periodically identifying and removing ineligible
dependents who are not removed by employees in a timely manner. It may be appropriate to
focus these monitoring efforts on spouses and stepchildren who are at a higher risk of
becoming ineligible than other dependents.
Risk Management Comments: The Risk Management department concurs. Because the City
relies on the employee to notify when a change in familial status occurs annually within six
months of the close of open enrollment, a report will be run to identify dependents who are on
the Plan. A sample of the dependents will be identified, and dependents' eligibility will be
verified through a review of eligibility documents previously provided and by contacting the
employee to verify that the dependent is still eligible to be on the Plan.
Claim Administration Controls Appear Adequate but Should be Regularly Reviewed
The City has entered into a contract with United Healthcare to act as a Third-Party Administrator
for its health insurance plans. As Third-Party Administrator, United Healthcare is responsible for
the claims administration process, which is outlined in Figure 4:
O
v
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Figure 4: Claim Administration Process
Receive • ValidateAdjudicate Claims By Payment to Health
Claims Calculating Care Provider
Reimbursement Amount
Annually, this process is evaluated by an independent public accounting firm in accordance with
the American Institute of Certified Public Accountants Statement on Standards for Attestation
Engagements No. 18. The results of this evaluation are communicated in a Service Organization
Control (SOC) Report, which describes the reviewed process, reports on any material control
weaknesses,and recommends controls that user entities should employ in their own organizations.
What We Found
• The City does not conduct any independent review of adjudicated claims to verify that the
Third-Party Provider is implementing the City's health insurance plans as intended. Based on
discussions with Risk Management staff,this is due to concerns that such review would violate
the Health Insurance Portability and Accountability Act (HIPAA).
• United Healthcare is required to provide the most recent SOC report to the City upon request
by contract; however, the City does not have a process to regularly obtain and review this
report.
• The 2019 SOC Report found that United Healthcare's claims administration process controls
were suitably designed to provide reasonable assurance if complementary user controls were
operating effectively.
o Based on a review of the controls described within the 2019 SOC Report, there do not
appear to be any control weaknesses that should concern the City.
• The 2019 SOC Report recommends several complementary controls that a user entity —such
as the City—should implement.These controls are outlined in Table 3.The City should ensure
these controls are implemented to most effectively use United Healthcare's services.
o In general, the City appears to have adequately implemented City processes that align
with the recommended controls; however, improvement is needed in two processes9
to adequately address associated risks.
v
9 The claim payment funding authorization process is addressed in the next section.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Table 3: Complementary City Process Assessment
Recommended Control Assessment Result10
The user's customer benefit plan is complete,authorized, Adequate
and furnished to United Healthcare promptly.
Enrollment files are complete, accurate,and timely when Adequate
submitted.
Only authorized users have access to the United Improvement Needed
Healthcare information available on the eServices Portal.
Available claim payment funds are authorized. Improvement Needed
Claim charges are funded completely and timely. Adequate
User reconciles monthly invoices using the number of Adequate
enrollees and contracted rates.
Relevant financial performance reports are obtained and Adequate
used appropriately.
User completes any needed actuarial analysis. Not Reviewed"
• Specifically,the City does not have a process to periodically review user access to the eServices
Portal. While access is generally managed by Risk Management staff, periodically requesting a
user report from United Healthcare would provide further assurance that only authorized users
have access to sensitive health insurance information.
o In response to the audit, Risk Management reviewed user access to the eServices
Portal and removed three individuals' access.
Why It Matters
Due to HIPAA regulations, the City is unable to perform its own review of adjudicated claims. Still,
conducting an outside review could help identify any health insurance plan implementation errors
and provide further assurance that claim administration controls are effective—potentially saving
money in future years.
Similarly, regular review of controls implemented by the Third-Party Administrator for its claim
administration activities is essential for quickly identifying any material control weaknesses or
exceptions that could increase the risk of errors or irregularities when adjudicating claims.
Additionally,the Third-Party Administrator's controls,as assessed in the SOC Report,are developed
based on the assumption that the recommended complementary controls are functioning in the
user entity. Establishing a procedure to regularly review and report on the claims administration
controls—including the City's complementary controls—would increase assurance that claims are
processed efficiently and further demonstrate the City's commitment to fulfilling its fiduciary duty.
Finally, periodically reviewing user access to the City's eServices Internet Portal provides increased
assurance that unauthorized users do not have access to sensitive health insurance claim
information. N
a�
a
10 Assessment results are generally detailed in other sections of this report.
11 According to Risk Management staff,the City's Employee Benefits Consultant conducts actuarial analysis as needed;however,this analysis
was not examined as part of this audit.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Recommendations:
2. Periodically conduct a review of adjudicated health insurance claims to verify plan
implementation and identify claim processing errors. Best practices suggest that the period
between Third-Party Administrator audits be based on previous audit results and changes to
the benefits plan design. In addition, performance guarantees could be verified as part of this
process.
Risk Management Comments: The Risk Management department concurs with this
recommendation. In response to this recommendation, the Risk and Compliance Manager has
requested price quotes for an external claims audit. When quotes are received, a determination
will be made regarding funds availability in this year's budget.
3. Develop a process to report to City Management any control weaknesses identified in the
Third-Party Administrator's Service Organization Control Report. If weaknesses are identified,
City Management should develop a plan to appropriately address these weaknesses.
Risk Management Comments: The Risk Management department concurs with this
recommendation. The department obtained the current report during the audit process and
requested that moving forward, McGriff provide the report on an annual basis as part of our
Plan mid-year review.At the mid-year review, the report will be reviewed, and we will work with
McGriff and the TPA to address any areas of concern.Should any areas of concern be identified,
the Risk and Compliance Manager will notify City leadership about the concerns and the
processes put in place to address the concerns on an ongoing basis.
4. Annually verify that the City has adequate complementary user organization controls based on
the Third-Party Administrator's Service Organization Control Report.
Risk Management Comments: The Risk Management department concurs with this
recommendation. Based on the SOC report received and reviewed at our Plan mid-year review
as described above, the department will review and work with McGriff and the TPA to put in
place any additional complementary controls needed to address any concerns.
5. Periodically request the Third-Party Administrator provide a list of individuals who have access
to the City's eServices Internet Portal and verify that only authorized individuals are included.
Risk Management Comments: The Risk Management department concurs with this
recommendation. The Benefits Supervisor will request a user report from the TPA at the end of
each Plan Year and when an employee begins work with the Benefits Team (on a temporary or
permanent basis) to ensure only authorized individuals are permitted access to the employer
services portal. Additionally, when any team member departs the Benefits Team, the Benefits
Supervisor will ensure the team member's access is removed on or before their last day with the
team.
m
v
to
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Claims Funding Process Should be Clarified
As a self-funded insurer, the City is solely responsible for paying all health insurance costs for its
participants.Overthe past three fiscal years,the City has paid approximately$65.3 million in health
insurance claims,or about$85,000 in claims a day. Figure 5 generally outlines the claim submission
and payment process.
Figure 5: Health Insurance Claim Payment Process
Provider
Selects Health •Pays claim per
Care Provider *Submits City's Health *Reimburses
and receives insurance claim Insurance Plans Third-Party
service for provided Admin. for
Participant servicesThird-Party Claim
Administrator
What We Found
• The City has setup an escrow account from which the Third-Party Administrator is able to
reimburse themselves for each day's health insurance claims. Notification of these withdrawals
are sent to Risk Management staff each business day.
o The City's bank automatically refunds this account each day to ensure that a balance
of$206,000 is maintained.
o Any withdrawals greater than $700,000 must be approved by the Treasury Manager
prior to transfer.
• Each week, Risk Management staff prepare an Outgoing ACH Confirmation Form, which
includes a copy of each withdrawal notification and that week's Paid Claims Report. Based on
a judgement sample, an average of about $421,000 was authorized each week over the past
twelve months via this process.
o Based on a review of documentation, health insurance claim funding has been
authorized inconsistently over the past twelve months. In particular, a sample of
twelve reconciliations were always approved by the Risk & Compliance Manager;
however, only five reconciliations were approved by the Finance Director and one
additional reconciliation was approved by an Asst. Finance Director.
o Risk Management has created a Standard Operating Procedure to guide staff in
preparing the ACH Confirmation Form; however, this document does not include Tzt
information about Finance's role in the process. Similarly,there does not appear to be
written guidance on who should authorize health insurance claim funding; however,
the City generally requires the following authorizations for outside funding transfers: 0-
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Table 4:Transfer Authorization Thresholds
Employee Role Min.Amount
Supervisor $0
Dept. Director $5,000
Asst. Finance Director $50,000
Finance Director $100,000
• Accounting staff records the daily withdrawals weekly in the City's Health Insurance Fund
based on this reconciliation process.
Why It Matters
Documented policies and procedures help an organization retain institutional knowledge, navigate
emergency situations, and facilitate consistency. This is particularly important when a process
involves multiple departments and has a relatively high volume of transactions. The City has
developed a claim funding reconciliation process that ensures the following:
➢ Adequate funds for claim payments are available when needed; and
➢ Claim payments are recorded in the City's ledger promptly.
Steps involved in this process have been documented to some extent; however, it does not include
information about Finance's role in the process, which has made it difficult for Risk Management
and Finance staff to understand each others' responsibilities. Likewise, it is unclear at what level of
the organization health insurance claims funding should be authorized. Updating this
documentation would facilitate clear understanding and potentially increase efficiency.
Recommendation:
6. Clarify the weekly health insurance claim funding reconciliation process in consultation with
the Finance Department. This documentation should clearly identify roles and responsibilities
in the process as well as clarify funding authority levels.
Risk Management Comments: The Risk Management department concurs with this
recommendation. The Benefits Team has the claims funding reconciliation process documented
up to the point where the process transitions to the Finance department. The Benefits
Supervisor and Benefits and HRIS Specialist will work with Finance to document the full process
in one complete document.
Periodic Verification of the TPA's Performance Would Increase Assurance
United Healthcare is obligated to maintain certain performance standards as agreed upon in its
contract. Best practices on monitoring a Third-Party Administrator's performance recommend
requiring and monitoring performance guarantees.
What We Found
Ll)
• The City's contract with United Healthcare—the Third-Party Administrator—generally contains
provisions that align with best practices including: stated performance guarantees, a right to
M
0-
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
audit clause, record retention requirements, access to data,and access to Service Organization
Control Reports and other information to administer the plan.
• The City does not have a procedure to obtain and review United Healthcare's annual
Performance Guarantee reports.
o While the City's Employee Benefits Consultant does annually review the Performance
Guarantee reports, there was no documentation indicating that the Consultant
provides these Reports or a summary of the results to the City.
• United Healthcare appears to be 100 percent compliant with claims administration
performance guarantees, as shown in Table 5. In addition, performance guarantees for
customer service and satisfaction were fully achieved for the 2018 and 2019 plan years.
o It should be noted that Performance Guarantee Results are self reported by United
Healthcare and are not verified by the City or the Employee Benefits Consultant.
Without an independent verification process, there is risk that performance
guarantees are reported inaccurately.
Table 5: United Healthcare's Performance Guarantee Results (2018 & 2019)
Performance Standard Guaranteed Actual Percentage
Percentage 2018 2019
Claims Processed within 10 Business Days 94% 98.80% 98.80%
Dollar Accuracy 99% 99.89% 99.92%
Procedural Accuracy 97% 99.84% 99.77%
• The Performance Guarantee Report also reconciles the administration fees and stop loss
premiuMS12 earned by the Third-Party Administrator to those paid by the City. During this
reconciliation process, United Healthcare also calculates performance guarantee
noncompliance penalties, prescription discount and rebate credits, and stop loss insurance
adjustments.
o During the past three plan years United Healthcare reported that they owed the City
$35,276 and $72,705 for prescription discount rate guarantees for 2017 and 2019
respectively. These amounts were appropriately credited to the City as part of the
administrative fee payment process.
Why It Matters
The City has appropriately established performance standards that its Third-Party Administrator
must meet along with corresponding penalties for noncompliance. Despite United Healthcare
producing annual performance reports, Risk Management staff does not appear to be reviewing
these reports to verify compliance.
Regular monitoring of the Third-Party Administrator's performance guarantees would assure the
City that it duly achieves performance standards for claims administration as agreed and would
allow for timely follow up of performance guarantee penalty payments. In addition, an Q
12 The City separately has contracted with United Healthcare to provide Stop Loss insurance for the City's self-funded health insurance plan.
Stop Loss insurance protects against catastrophic or unpredictable losses.
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
independent review, as described in Recommendation 2, would also provide an opportunity to
verify that Performance Guarantees are being met as reported.
Recommendation:
7. Implement monitoring procedures for performance guarantees. The City staff should also
ensure that United Healthcare duly pays the penalties for non-performance, if any, relating to
claims processing and other agreed performance guarantees.
Risk Management Comments: The Risk Management department concurs with this
recommendation. The Risk Management department will request that McGriff provide the
Performance Guarantee report annually as part of our Plan year-end review. Upon review of
the report, we will work with McGriff and the TPA to address any concerns.
rl
v
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
Appendix A: Management Response Summary
The following summarizes the recommendations issued throughout this report. The auditors found that
staff and the Department were receptive and willing to make improvements to controls where needed.
Management has provided their response to each recommendation.
Develop and formalize a process for periodically identifying Expected
1 and removing ineligible dependents who are not removed by Concur Completion:
employees in a timely manner. Q4 2021
Comments:The Risk Management department concurs. Because the City relies on the Responsibility:
employee to notify when a change in familial status occurs annually within six months Benefits &
of the close of open enrollment, a report will be run to identify dependents who are HRIS
on the Plan. A sample of the dependents will be identified, and dependents' eligibility Spec/Benefits
will be verified through a review of eligibility documents previously provided and by Supervisor
contacting the employee to verify that the dependent is still eligible to be on the Plan.
Periodically conduct a review of adjudicated health insurance Expected
2 claims to verify plan implementation and identify claim Concur Completion:
processing errors. Q3 2021
Comments:The Risk Management department concurs with this recommendation. In Responsibility:
response to this recommendation,the Risk and Compliance Manager has requested Risk&
price quotes for an external claims audit. When quotes are received, a determination Compliance
will be made regarding funds availability in this year's budget. Mgr
Develop a process to report to City Management any control Expected
3 weaknesses identified in the Third-Party Administrator's Concur Completion:
Service Organization Control Report. Q4 2021
Comments:The Risk Management department concurs with this recommendation. Responsibility:
The department obtained the current report during the audit process and requested Benefits
that moving forward, McGriff provide the report on an annual basis as part of our Plan Supervisor/Risk
mid-year review.At the mid-year review, the report will be reviewed, and we will work & Compliance
with McGriff and the TPA to address any areas of concern. Should any areas of concern Mgr
be identified, the Risk and Compliance Manager will notify City leadership about the
concerns and the processes put in place to address the concerns on an ongoing basis.
Annually verify that the City has adequate complementary Expected
4 user organization controls based on the Third-Party Concur Completion:
Administrator's Service Organization Control Report. Q4 2021
Comments:The Risk Management department concurs with this recommendation. Responsibility:
Based on the SOC report received and reviewed at our Plan mid-year review as Benefits
described above,the department will review and work with McGriff and the TPA to Supervisor/Risk
put in place any additional complementary controls needed to address any concerns. & Compliance
Mgr
Periodically request the Third-Party Administrator provide a Expected
list of individuals who have access to the City's eServices Completion:
5 Internet Portal and verify that only authorized individuals are Concur January 2021
included.
Comments:The Risk Management department concurs with this recommendation. Responsibility: pQ
The Benefits Supervisor will request a user report from the TPA at the end of each Plan Benefits =1
v
Year and when an employee begins work with the Benefits Team (on a temporary or Supervisor
The City of Denton Internal Audit Report November 2020
Audit of Health Insurance Operations Process
permanent basis)to ensure only authorized individuals are permitted access to the
employer services portal. Additionally, when any team member departs the Benefits
Team,the Benefits Supervisor will ensure the team member's access is removed on or
before their last day with the team.
Clarify the weekly health insurance claim funding Expected
6 reconciliation process in consultation with the Finance Concur Completion:
Department. Q2 2021
Comments:The Risk Management department concurs with this recommendation. Responsibility:
The Benefits Team has the claims funding reconciliation process documented up to the Benefits&
point where the process transitions to the Finance department.The Benefits HRIS Specialist,
Supervisor and Benefits and HRIS Specialist will work with Finance to document the full Benefits Sup,
process in one complete document. and Finance
Implement monitoring procedures for performance Expected
7 Concur Completion:
guarantees. Q2 2021
Comments:The Risk Management department concurs with this recommendation. Responsibility:
The Risk Management department will request that McGriff provide the Performance Benefits
Guarantee report annually as part of our Plan year-end review. Upon review of the Sup/Risk&
report,we will work with McGriff and the TPA to address any concerns. Compliance
Mgr
Ol
rl
v
nA