Lead Auditor — IDR Entity Audit (CMS)

About The Position

Requirements

• Minimum of seven (7) years of relevant work experience managing performance audits or programs involving enrollment data, as well as the audit of financial information and payments.
• Current CFE (Certified Fraud Examiner) and/or CPA (Certified Public Accountant) credential — mandatory.
• Demonstrated experience reviewing the work of junior auditors and leading multi-member audit teams.
• Working knowledge of GAAP, Government Auditing Standards (Yellow Book), and Federal regulatory frameworks applicable to healthcare audits.
• Strong written communication skills, including the ability to author and review audit findings, workpapers, recommendations, and corrective action narratives suitable for publication on the CMS No Surprises Act website.
• Bachelor’s degree in accounting, finance, healthcare administration, or a related field; advanced degree preferred.
• Availability and commitment to serve in the Key Personnel role for the full period of performance; a signed letter of commitment will be required at proposal submission for any candidate not already employed by the prime contractor or a proposed subcontractor.
• Ability to obtain and maintain any required CMS security and privacy clearances and to complete CMS-required training.

Nice To Haves

• Experience managing data and program integrity-related projects or programs.
• Prior healthcare audit, compliance, or program integrity experience with CMS, HHS, other Federal or State agencies, payers, providers, facilities, or arbitration/dispute resolution programs.
• Familiarity with the Federal IDR process, certified IDR entity operations, and the interplay between Federal requirements and specified State laws or All-Payer Model Agreements.
• Additional credentials such as CIA (Certified Internal Auditor), CISA, CHC (Certified in Healthcare Compliance), or AHFI (Accredited Health Care Fraud Investigator).
• Experience designing statistically representative sampling plans for audits of variable-volume case populations.

Responsibilities

• Ensure audits are performed in a consistent, impartial, and objective manner across all certified IDR entities.
• Supervise project audit teams, including assignment of work, mentoring, and review of junior auditors’ output.
• Manage and execute completion of assigned tasks within established timelines for standard and expedited audits.
• Provide quality control over audit workpapers, evidence, findings, and recommendations to ensure each audit is well-documented and defensible.
• Review the project team’s audit work, including documentation supporting eligibility and payment determination findings, and the rationale documented in draft audit reports.
• Provide technical assistance to CMS and project staff on audit methodology, including statistically representative sampling design, treatment of single vs. batched disputes, handling of reopened determinations, and assessment of clerical, procedural, or jurisdictional errors.
• Review audit reports and other deliverables and interact with the client on program and technical issues, including the Audit Strategy, individual audit reports, and the Preliminary and Final Annual Audit Reports.
• Apply knowledge of Generally Accepted Accounting Principles (GAAP), Government Auditing Standards (GAS), and applicable Federal regulations — including guidelines, standards, and concepts — and other relevant industry practices to each engagement.
• Assess certified IDR entity compliance with eligibility determination requirements (including batching, State All-Payer Model Agreements, and specified State law applicability), payment determination procedures, recordkeeping, and reporting timeframes.
• Identify recurring issues, emerging trends, and “red flags” for escalation; support calculation of financial impact (e.g., collected but unremitted administrative fees) where applicable.
• Safeguard sensitive healthcare information and ensure audit execution complies with the No Surprises Act, 45 CFR 149.510, and all contract security and privacy requirements.