North Carolina’s Medicaid Control Environment, Risk Management Practices, and Governing Processes Were Assessed as Moderate Risk

Why OIG Did This Audit

• The OIG has identified improving outcomes in Medicaid as a top management and performance challenge facing the Department of HHS.
• States’ management of Medicaid impacts the ability of HHS to effectively manage risk.
• The OIG has previously conducted numerous audits of the North Carolina Medicaid program and reported significant findings in several areas.
• Using an enterprise risk management approach, we assessed North Carolina’s control environment, risk management practices, and processes governing its Medicaid program.

What OIG Found

We assessed the risk associated with North Carolina’s control environment, risk management practices, and processes governing its Medicaid program as moderate. We found that North Carolina designed and implemented numerous internal controls and risk management practices to administer its Medicaid program. However, for the six risk areas we assessed, we rated three as moderate risk and three as high risk. For the 25 sub-risk areas we assessed, we rated 2 as low risk, 15 as moderate risk, 8 as high risk, and 0 as critical risk.

What OIG Recommends

We recommend that North Carolina develop mitigating controls and strategies to lower risk within the high- and moderate-rated risk areas we identified. We also identified 22 best practices for North Carolina’s consideration in taking actions to mitigate risk within high and moderate risk areas.

North Carolina generally agreed with our recommendation and described actions it plans to take in response to the recommendation.