Deloitte Flash for Construction

THE ISSUE:

Many health care organizations are investing heavily in capital projects, spending more than $69 billion annually in the US on construction and related capital programs.¹ These projects often involve building new hospitals, renovating aging facilities, and retrofitting spaces to meet evolving regulatory and clinical needs. However, health care construction projects are uniquely complex. They often involve:

• Multiple stakeholders with competing priorities (e.g., executives, clinicians, construction teams). 
• Complex contractual relationships between owners, architects, contractors, and third-party vendors. 
• Specialized equipment and systems requiring tight integration. 
• Disruptions to ongoing clinical operations that need to be managed, including noise, vibration, and restricted access for staff. 
• Infection control challenges and patient safety risks during construction in active health care environments. 
• Aggressive schedules, budget pressures, and heightened regulatory requirements.

This complexity increases exposure to risks including cost overruns, delayed schedules, and compliance lapses. The risk of fraud, waste, and abuse is also significant: The median loss from construction fraud is $250,000 and mean loss amount is nearly $1.5 million, according to the Association of Certified Fraud Examiners,²  with corruption and billing fraud the most common schemes.

For health care organizations, every dollar lost to mismanagement or fraud represents resources not available for patient care, staffing, and other mission-critical investments. Internal audit functions have a unique opportunity to bring clarity, transparency, and assurance to these capital projects.

INSIGHTS:

Internal audit functions can add value throughout the entire construction life cycle, from planning and procurement through closeout and post-completion review.

• A key area of focus is contracting and delivery risks. The choice of contracting method—whether fixed price, cost-plus, or guaranteed maximum price (GMP)—determines how risk is shared between the owner and contractor. While GMP contracts are common in health care, they require careful oversight of labor rates, subcontractor procurement, and change orders. Without strong governance and monitoring, misaligned contracting strategies can easily lead to cost leakage and disputes. 
• Another significant area of concern is fraud and compliance. Fraud may occur at both the project and individual levels, ranging from contractors manipulating data to obtain additional funds, to employees submitting false invoices or exploiting vendor relationships. High-profile examples show how fraud schemes can derail multi-hundred-million-dollar hospital redevelopments, creating financial losses, reputational damage, and regulatory exposure. 
• Health care construction also presents a unique opportunity for process and control gaps. Strict oversight of governance, procurement, quality, and safety is required. Warning signs such as excessive change orders, frequent schedule delays, poor documentation, or repeated reliance on the same vendors should alert internal audit functions to elevated risk. These gaps, if unaddressed, can lead to operational disruption and financial inefficiency.

To address these risks, internal audit functions can tailor their approaches to the needs of each project through various auditing approaches including conducting process, cost, and forensic audits. Process audits may focus on governance, readiness, or lessons learned. Cost audits validate invoices, labor rates, subcontractor procurement, and insurance. Forensic audits go deeper, examining claims, payment reconciliations, or unapproved scope additions.

Finally, the timing of an audit is critical. Pre-construction reviews of contract language and expectations help mitigate risks before they become entrenched. During construction, audits enable real-time monitoring of invoicing and compliance. At closeout, audits help confirm that costs are reconciled and accurately reported. Early and ongoing involvement positions health care organizations for greater financial discipline, stronger project outcomes, and lasting value.

HOW DELOITTE CAN HELP:

Deloitte’s Infrastructure & Real Estate team has deep experience assisting health care organizations through capital project challenges. Our professionals bring knowledge across project controls, construction auditing, and fraud risk assessment. We help internal audit functions add tangible value.

Deloitte can:

• Enhance governance: Assess decision-making structures, board reporting, and escalation protocols. 
• Strengthen controls: Review procurement practices, contracting approaches, and cost monitoring frameworks. 
• Uncover fraud and abuse: Leverage forensic audits and advanced analytics to detect anomalies and safeguard capital. 
• Apply analytics and generative artificial intelligence (GenAI): Automate invoice and change order reviews, provide continuous monitoring dashboards, and highlight outliers for early intervention. 
• Enhance audit timing: Advise on where and when audit procedures can most effectively prevent or detect risk. 
• Facilitate continuous improvement: Capture lessons learned and build audit frameworks that strengthen future projects. 
• Apply analytics and automation: Leverage advanced data analysis, GenAI-enabled invoice and change order reviews, and real-time monitoring dashboards to uncover risks early and strengthen construction audit oversight.

With the right mix of health care experience, audit rigor, and data-enabled tools, Deloitte assists health care organizations to transform construction risk into a strategic opportunity for cost savings, transparency, and operational resilience. For more information, please contact one of our leaders. We look forward to assisting you with these important issues.

¹ US Census Bureau, “Total construction spending: Health care in the United States (Series TLHLTHCONS),” Federal Reserve Bank of St. Louis (FRED), September 2, 2025.

² Association of Certified Fraud Examiners (ACFE), Occupational Fraud 2024: A report to the nations, 2024.

Previous I&CP Editions