How a fast-growing collection agency with 800+ employees restructures their vendor audits and risk management for better complianceCompliance Management


A renowned collection agency with 800+ employees specializing in healthcare receivables and account resolution in the US partnered with Provana to improve vendor oversight, risk management, and internal compliance by switching from a manual environment to a fully managed and automated solution.


Working in the healthcare services industry where regulatory requirements and urgency are of utmost importance, the collection agency had a tough time manually managing vendor onboarding and ongoing annual audits. 

Prior to using Provana’s audit and compliance services, managing vendor oversight and risks was administratively intense. The agency used Excel and spreadsheets to keep track of vendor audit questionnaires and shared drives for audit evidence. Whether for due diligence and risk assessments to onboard a new vendor or scheduled annual audits for the existing vendors, they would need a lot of following up over emails with the vendors to get the required documents and feedback on the questionnaires. They struggled to make their audit procedures efficient without a centralized system to house all the documents they would need to submit for different compliance certifications like PCI-DSS, High Trust, Data security requirements from State regulatory bodies, and SOC 2. They also needed to streamline their policies and processes to be ready for due diligence from a business prospect, risk assessment at the time of new business placement, and ongoing client audits.

The agency was using a learning management system (LMS) which was limited in many ways. They could only upload content in PowerPoint, and updating just a particular document section at any given time was not possible. They would need to update the whole document. The system was not interactive and did not provide training analytics to measure the training results. There needed to be more than the basic reporting capabilities to create different reports for various stakeholders.

They were looking for a fully managed and automated compliance solution to address their vendor management audit program, audit policy and procedure management, vendor oversight, non-conformities, training management, and seamless reporting across the organization.


Provana’s fully managed Audit and Compliance services and IPACS, the automated compliance solution, helps the collection agency unify all the documents and questionnaires in one place, monitor and administer the risk assessments and vendor audits, breaking down silos across the organization and vendor network.

Leveraging Provana’s years of expertise in audit and compliance services, the agency can identify, assess, and address the risks and knowledge gaps in their existing vendor audit processes. Provana has recategorized their vendor compliance program with a curated vendor audit questionnaire based on the risk assessments. The agency has reduced multiple follow-ups to different vendors by requesting evidence and questionnaire feedback across the vendor network through Provana’s centralized system.

Mapping risks and controls across standards, including PCI-DSS, SOC 2, High Trust, and more, has become easier with the automated system. All these enhancements help the agency prepare for annual audits and manage their compliance better and more efficiently.

With IPACS, the agency can manage their training content more seamlessly. They can upload multiple content formats, update the required document section at any time, and track the training results meticulously with built-in analytics. They can easily pull various reports, filter the data, and create customized reports with templates for multiple stakeholders using the robust reporting capabilities of IPACS.


Partnering with Provana helped the collection agency streamline their vendor compliance processes and bring more control and efficiency by finding the process gaps and measuring the risks through qualified assessments. Some of the impacts are the following:

  • Improved vendor onboarding and vendor oversight with recategorized compliance program
  • Ease of access and centralized audit evidence saved time and increased efficiency during annual audits and certifications
  • Centralized dashboard ensured better visibility of operations for multiple stakeholders across the organization


Policy management & internal compliance


Vendor oversight and risk management for external audits


Operational efficiency within the organization

“Our team has experienced an elevation in efficiency and organization with IPACS, we continue to find ways to customize it to our needs and the analytics provides us with a better picture of our status in training vendor management and other compliance areas.”

mcCarthy logo
David Owen
Chief Administrative Officer, McCarthy Holthus