Staff Series – R4 M1: Internal Controls and Your Role in Them
RCM FOUNDATION SERIES · ROUND 4
Module 1 of 3

Internal Controls and Your Role in Them

Round 4 — Module 1 · Protecting the practice and yourself
Your name will appear on your certificate when you complete this round.
Round 4 Progress
1
Internal Controls
2
Technology & Rework
3
Payment Model Changes

What Internal Controls Actually Are

Internal controls are simply the checks built into a process so that one person's mistake — or one person's bad intent — can't go unnoticed. They're not about distrust. They're about making sure money and patient information move through the practice safely, every time, regardless of who's working that day.

Controls You Interact With

Separation of Duties

The person who posts a payment usually isn't the same person who processes a refund on that same account. This isn't a comment on trustworthiness — it's a safeguard that protects everyone, including the person doing the work.

Reconciliation

Regularly matching what was collected against what was deposited, and what was posted against what the system shows. Small mismatches caught early are easy to explain. Mismatches caught months later are not.

Access Limits

Not everyone needs access to every function — refunds, adjustments, and account write-offs are often restricted to specific roles. This limits how far an error, or a bad decision, can travel.

Why This Protects You, Not Just the Practice

Good controls mean no one person carries all the risk. If a mistake happens inside a well-controlled process, it's caught by the process itself — not blamed on one individual after the fact.

Where Controls Get Skipped

Common shortcuts to avoid: processing a refund on an account you also manage day-to-day without a second signoff, skipping reconciliation when things get busy, and sharing login credentials so someone can "just fix something quickly." Each of these removes the safeguard the control was built to provide.

Check Your Understanding

1. What is the purpose of separation of duties?
Correct. Separation of duties keeps any single action from going unchecked.
Not quite. The goal is to make sure no single person's action goes unchecked.
2. Why does reconciliation matter?
Correct. Catching mismatches early keeps them small and explainable.
Not quite. Reconciliation matters because early mismatches are far easier to resolve than old ones.
3. Why shouldn't login credentials be shared, even to help someone quickly?
Correct. Sharing credentials bypasses the access limits designed to protect everyone.
Not quite. Sharing credentials undoes the protection that access limits are meant to provide, regardless of trust.

Nice work — continue to Module 2.

Continue to Module 2