On April 25, 2024, CMS released a major update to its audit protocols, confirming that all Medicare Advantage (MA) plans will now face annual audits focused on fraud, waste, abuse (FWA), and overpayments.
April 2024
“CMS will now conduct Risk Adjustment Data Validation (RADV) audits on an annual basis to ensure accuracy in payments and compliance with program integrity rules.”
CMS is scaling audit enforcement with tech
This isn’t just a policy update, it’s an operational overhaul. CMS isn’t increasing audits on paper alone; it’s scaling its entire audit infrastructure, using technology to expand its reach and precision:
- CMS plans to increase the number of Medicare Advantage (MA) plan audits from ~60 per year to over 550, covering nearly every eligible contract.
- The number of records reviewed per plan will rise from 35 to up to 200, depending on plan size.
- To support this, CMS is expanding its team of medical coders from 40 to 2,000 by September 1, who will manually verify flagged diagnoses.
- CMS will also coordinate with the HHS Office of Inspector General to actively pursue recovery of overpayments from prior audits.
This is a powerful shift, from sampling and spot checks to full-spectrum oversight. This isn’t a temporary enforcement spike, it’s a shift in how CMS expects plans to operate.
This is no longer a matter of if an audit will happen, it’s when. The message is loud and clear: oversight is no longer episodic; it’s continuous.
For payers, this means audit readiness is no longer a compliance team’s seasonal task, it’s a full-time enterprise priority. Your systems, data, documentation, and controls must be aligned and defensible year-round.
Three intertwined factors drive CMS’s decision:
- Escalating payment errors and growing FWA concerns: Improper payment rates in Medicare Advantage are estimated to be above 9%, translating to billions in recoveries and disputes annually. CMS is under pressure to plug these leaks. #Datacheck: In FY 2024, the CMS reported that the Medicare Advantage (Part C) program had an estimated improper payment rate of 5.61%, amounting to approximately $19.07 billion in improper payments.
- Systemic data inconsistencies and lagging modernization: Many health plans still rely on siloed, legacy systems that lack traceability, audit trails, and standardized validations, making it hard to detect, report, or correct errors in time.
- A broader push for payer accountability: With growing scrutiny from GAO, OIG, and Congress, CMS is now shifting from reactive enforcement to proactive oversight.
Why this isn’t bad news, it’s a catalyst for transformation
While it may feel like pressure, this change is an opportunity to:
- Clean up internal processes
- Establish trust-based partnerships with CMS and regulators
- Build member confidence through transparency
- Streamline administrative costs through automation and standardization
Here’s the mindset shift payers must adopt: Annual audits are not a compliance burden; they’re a governance benchmar
Where to begin: A practical roadmap to year-round audit readiness
So, where do you start when audits are no longer a one-time event but a constant expectation?
It doesn’t have to be overwhelming. Here’s how to break it down:
- Get your internal controls in shape: Start by mapping where the risks are, claims processing, payment accuracy, vendor contracts, and delegated entities. Anywhere there’s manual handling or policy interpretation, there’s room for error. Set up automated checks and alerts to catch issues early. And make sure your internal policies actually reflect what CMS expects today, not five years ago.
- Ditch the spreadsheets and manual logs: Spreadsheets can’t scale. Especially not when you’re managing complex audits or large delegated networks. You need tools that help you generate CMS universes automatically, scrub the data for accuracy, track audit findings, and manage corrective actions, all in one place. It saves time, reduces errors, and keeps your team from scrambling when the audit letter lands. It’s time to modernize.
- #DataCheck: In its 2024 announcement of enhanced Medicare Advantage audit strategies, CMS clearly reinforced the need for robust, automated audit tracking systems that support accurate billing and timely reporting.
- Treat your data like a compliance asset, not an afterthought: Clean, consistent, and audit-ready data isn’t a luxury anymore; it’s a necessity. Start putting systems in place that validate your data at the source, flag formatting issues, and create a single source of truth across teams. If CMS finds inconsistencies before you do, it’s already too late.
- #DataCheck: A recent OIG audit of 12 MA plans found that about 40% of encounter data had errors or inconsistencies impacting payment accuracy.
- Let AI do the heavy lifting: Use GenAI and automation to make your teams smarter and faster. From summarizing new CMS guidance and pulling out key impacts to helping fill in audit templates or identify policy mismatches, AI can take on a lot of the grunt work. Free up your people for higher-value work like issue resolution and trend analysis.
- #DataCheck: AI-powered automation tools have reduced audit processing time by up to 30% in payer pilots, according to a 2023 McKinsey report.
- Don’t forget your vendors and delegated entities: Some of your biggest audit risks come from outside your four walls. Make sure you’re actively monitoring performance, compliance status, and data accuracy across your partners. And yes, you need more than quarterly check-ins and PDFs, they’re not going to cut it anymore.
- #DataCheck: A 2023 CMS Program Audit Trends Report found that over 55% of compliance issues originated from third-party vendors or delegated entities.
Zooming out: This isn’t just a compliance problem, it’s an enterprise imperative
Let’s be clear: this new audit cadence may begin in compliance, but its ripple effects go far beyond.
- Operations will need to revisit workflows and reduce rework from failed audits.
- IT must break down data silos and ensure system interoperability across platforms.
- Finance will face pressure to quantify the cost of overpayments and recovery disputes, and fund the tools needed to fix them.
This is the moment for payers to adopt an enterprise-wide approach to audit readiness. Not another band-aid, not another department-level workaround. But a strategic reset, powered by unified systems, clean data, and shared accountability.
That requires a platform mindset, not just tools for compliance, but a foundation that aligns technology, processes, and people across the enterprise.
And the good news is, payers don’t need to build this from scratch. Inovaare has spent years engineering an audit-first, compliance-smart Health Cloud Platform, built with CMS expectations in mind.
RADV Audit today, Program Audit tomorrow, payers just need to be data-ready
CMS’ new directive isn’t a passing storm, it’s the new climate. Whether the trigger is RADV, a program audit, or an OIG investigation, plans that resist or delay modernization will be buried in corrective actions, reputational damage, and recoveries.
But those that invest now in automation, data quality, internal alignment, and AI augmentation will be the ones trusted to lead.
“We believe compliance shouldn’t be an afterthought or a last-minute scramble. It should be continuous, supported by tools that make reporting, tracking, and oversight part of the daily workflow, not a separate project. That’s how we help plans stay ready, not just react.”
Chief Compliance Officer, Inovaare
Connect with our experts to start building year-round audit readiness, before CMS calls.