internal audit operational plan 2015/16 - wales.nhs.uk · internal audit operational plan 2015/16...
Post on 12-Oct-2019
11 Views
Preview:
TRANSCRIPT
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
July 2015
NHS Wales Shared Services Partnership
Audit and Assurance Services
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 2
Contents
1 Introduction
2 Developing the Operational Audit Plan
3 Audit risk assessment
4 Planned audit coverage
5 Resource needs assessment
6 Action required
AppendixA – Operational Audit Plan 2015/16
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 3
1. Introduction
The Accountable Officer is required to certify in the Annual Governance
Statement that they have reviewed the effectiveness of the organisation’s governance arrangements, including the internal control
systems, and provide confirmation that these arrangements have been effective, with any qualifications as necessary including required developments and improvement to address any issues identified.
The purpose of Internal Audit is to provide the Accountable Officer and the Board, through the Audit Committee, with an independent and
objective opinion on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control. The opinion should be used to inform the Annual Governance Statement.
Additionally, the findings and recommendations from internal audit reviews may be used by management to improve risk management,
control and governance within their operational areas.
The Public Sector Internal Audit Standards(PSIAS) require the Head of Internal Audit to develop and maintain an internal audit strategy
designed to meet the main purpose of the internal audit activity. This strategy must advocate a systematic and prioritised review, outlining the
resources required to meet the assurance needs of the Accountable Officer, Board and Audit Committee.
Accordingly this report sets out the risk based operational plan for the
period April 2015to March 2016.Internal audit activity will be provided by NHS Wales Audit & Assurance Services, a division of the NHS Wales
Shared Services Partnership.
2. Developing the Operational Audit Plan
2.1 Link to Auditing Standards
The operational plan for 2015/16 has been developed in accordance with the PSIAS 2010 – Planning - to enable the Head of Internal Audit to meet
the following key audit planning objectives:
Provision to the Accountable Officer of an overall annual opinion on
the organisation’s risk management, control and governance, which may in turn support the preparation of the Annual Governance Statement;
Audit of the organisation’s risk management, internal control and governance arrangements through periodic risk based plans which
afford suitable priority to the organisation’s objectives and risks; Improvement of the organisation’s risk management, control and
governance by providing line management with recommendations
arising from audit work;
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 4
Quantification of the audit resources required to deliver the planned audit strategy;
Effective co-operation with external auditors and other review bodies functioning in the organisation; and
Provision of both assurance and advice by internal audit.
2.2 Risk based audit planning approach
The risk based planning approach recognises the need for prioritisation of
audit cover to provide assurance to management of risk and the plan addresses these fundamental planning issues by considering the:
organisations risk assessment and maturity; coverage of the audit universe;
coverage of previous years activities; and audit resources required to provide a balanced and comprehensive
view.
Whilst some areas of risk control and governance require annual review,
the risk based planning approach recognises that it is not possible to audit every area of an organisation’s activities every year and therefore
provides a rational basis for the prioritised allocation of audit resources.
The planning approach is the same as the previous year.
2.3 Link to the system of assurance
The risk based planning approach integrates with the organisation’s system of assurance, thus we have considered the following:
A review of the Boards vision values and forward priorities as outlined in the Annual Plan and 3 year Integrated Medium Term Plan;
An assessment of the organisation’s developing governance, including
results of the recent Governancereview, and assurance arrangements and the contents of the Risk Register;
Risks identified in papers to the Board and its Committees (in particular the Audit Committee);
Key strategic risks identified within the corporate risk register and
assurance processes; Discussions with the Executive Directors regarding risks and
assurance needs in areas of corporate responsibility; Cumulative internal audit knowledge of risk management, control and
governance arrangements (including a consideration of past internal
audit opinions); New developments and service changes;
Legislative requirements to which the organisation is required to comply;
Other assurance processes including planned audit coverage of
systems and processes now provided through NHS Wales Shared Services Partnership (NWSSP);
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 5
Work undertaken by other review bodies including Wales Audit Office (WAO); and
Coverage necessary to provide reasonable assurance to the Accountable Officer in support of the Governance Statement.
The mapping of the operational audit plan to the assurance domains is designed to give balance to the overall annual audit opinion which
supports the annual governance statement.
2.4 Audit planning meetings
In developing the plan, the Head of Internal Audit has met with Executive Directors to discuss current areas of risk and related assurance needs. Discussions have been held with the following key personnel
during the planning process:
Interim Board Secretary; Risk & Assurance Coordinator; and Executive Directors.
3. Audit risk assessment
The prioritisation of each area in the audit universe is based on our assessment of audit risk in terms of inherent risk (impact and likelihood)
and mitigation (adequacy and effectiveness of internal control). Our assessment also takes into account corporate risk, materiality or
significance, system complexity, previous audit findings, potential for fraud and sensitivity.
4 Planned audit coverage
4.1Operational audit plan
The Operational Audit Plan is set out in Appendix A and identifies the
audit assignment, lead executive officer, outline scope, and proposed timing.
Where appropriate the operational plan cross refers to key strategic risks
identified within the corporate risk register and related systems of assurance together with the proposed audit response within the outline
scope.
Required audit coverage in terms of capital audit and estates assurance will be delivered by our Specialist Services Unit within the NHS Wales
Audit & Assurance Services. Given the specialist nature of this work and the assurance link with the all-Wales capital programme we will need to
refine with management the scope and coverage on specific schemes. The operational audit plan will then be updated accordingly to integrate
this tailored coverage.
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 6
The scope objectives and audit resource requirements and timing will be refined in each area when developing the audit scope in discussion with
the responsible executive director and operational management.
The scheduling takes account of the optimum timing for the performance of specific assignments in discussion with management and WAO
requirements.
The Audit Committee will be kept appraised of performance in delivery of
the Operational Audit Plan, and any required changes, through routine progress reports to each Audit Committee meeting.
4.3 Keeping the audit plan under review
Our risk assessment and audit plan is limited to matters emerging from the planning processes indicated above. We continually review and
update our risk assessment and take into account any emerging risks as the year progresses.
Regular liaison with the Wales Audit Office as your External Auditor will take place to coordinate planned coverage and ensure optimum benefit is derived from the total audit resource.
5. Resource needs assessment
The top-slice funding passed to NWSSP together with the direct billing for capital audit workis sufficient to meet the audit resource needs. The
inclusive internal provision through NWSSP Audit & Assurance Services represents best value for NHS Wales in comparison with external
commercial rates for the equivalent provision of these professional services.
The Public Sector Internal Audit Standards enable internal audit to
provide consulting and advisory services to management.
6. Action required The Audit Committee is invited to consider the proposed operational plan and:
Approve the operational audit plan for 2015/16.
John Bennett
Chief Internal Auditor Audit & Assurance Services NHS Wales Shared Services Partnership
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 7
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Corporate governance, risk and regulatory compliance
Governance &
Accountability
module
Managing our
reputation and
communicating
what we are
doing.
Mandatory To review the process
that has been adopted
and evidence supporting
the self-assessment.
Interim Board
Secretary
Jo Wilson Q4
Annual
Governance
Statement
Managing our
reputation and
communicating
what we are
doing.
Mandatory To review disclosures and
arrangements which
underpin the completion
of the statement
including compliance with
guidance
Interim Board
Secretary
Jo Wilson Q4
Risk Management
& Assurance (inc.
Risk Register
Mitigation)
Managing our
reputation and
communicating
what we are
doing.
Mandatory To review corporate risk
management
arrangements.
Interim Board
Secretary
Jo Wilson Q3/Q4
Standards for
Healthcare
Services
Optimise the
delivery of
quality health
and social care
Mandatory To review performance
against the standards for
healthcare services in
Director of Nursing &
Midwifery
Stuart Moncur Ongoing
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 8
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
in the most
appropriate
setting.
Be recognised
as Wales’
leading health
system
NHS Wales.
Welsh Risk Pool
claims
Improve the
efficiency of the
health service
and value for
money.
Managing our
reputation and
communicating
what we are
doing
In accordance with the
Welsh Risk Pool
Standards, we will review
a sample of completed
files to ensure that the
required processes have
been complied with.
Director of Nursing &
Midwifery
Louise O Connor Q4
Head of Internal
Audit Report
Managing our
reputation and
communicating
what we are
doing
Mandatory Mandatory requirement
to comply with the Public
Sector Internal Audit
Standards and Annual
Interim Board
Secretary
Jo Wilson Q4
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 9
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Governance Statement.
Health & Safety
management /
regulatory
compliance (inc.
fire safety)
Managing our
reputation and
communicating
what we are
doing
EST05 Checking governance and
accountability
arrangements are
suitably robust
Chief Operating
Officer
Stuart Moncur Q1
Medicines
regulatory
compliance
Managing our
reputation and
communicating
what we are
doing
MM10 Checking governance and
accountability
arrangements are
suitably robust
Medical Director Jenny Pugh Jones Q3
SHSW:
Governance &
Accountability
Module
Managing our
reputation and
communicating
what we are
doing
Checking governance and
accountability
arrangements are
suitably robust
Interim Board
Secretary
Jo Wilson Q4
Strategic planning performance management and reporting
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 10
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Healthcare
Planning,
monitoring &
control
Identify health
and social care
needs better
and respond
creatively.
Work closely
with partners
to ensure
delivery of
health, social
and
community
services
N/A To review the processes
around the
commissioning of
healthcare, to ensure
best value for money
Director of Primary
Care, Community,
Mental Health
Services & Clinical
Strategy
Jill Paterson Q4
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 11
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Partnership
Governance (inc.
Section 33
Agreements
throughout the
Health Board)
Identify health
and social care
needs better
and respond
creatively.
Work closely
with partners
to ensure
delivery of
health, social
and
community
services
PART02 Health Board wide review
following on from audit
discussions HB
governance, governance
between the orgs, and
operation of the section
33s
Director of Strategic
Partnerships
Peter Llewellyn Q1
Joint Governance
arrangements
with University
Work closely
with partners
to ensure
delivery of
health, social
and
community
services
PART02 Review of governance
between the HB and the
Universities
Director of Strategic
Partnerships
Peter Llewellyn Q1
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 12
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Strategic Planning
/ IMTP
Identify health
and social care
needs better
and respond
creatively
Managing our
reputation and
communicatin
g what we are
doing
CRR1 To ensure a robust basis
for the IMTP and that any
savings plans are based
on realistic assumptions.
Director of Finance
and Planning
Paul Williams Q3
Financial Governance and management
Budgetary
Control &
Financial
Reporting
Improve the
efficiency of
the health
service and
value for
money
CRR1 To ensure that
information reported to
the Board is complete,
accurate, timely and clear
to enable Board
Members to make
informed and effective
decisions
Director of Finance &
Planning
David Eve / Stephen
Forster
Q4
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 13
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Financial Ledger CRR1 To evaluate and
determine the adequacy
of the systems and
controls in place for the
management of the
General Ledger
Q3
Financial
Recovery & CIP
CRR1 To ensure that the Health
Board is attaining
financial stability and is
constantly monitoring the
cash position to enable
the organisation to
achieve its business plan
Q2
Treasury
Management
CRR1 To evaluate and
determine the adequacy
of the systems and
controls in place for the
management of the
Treasury Management
system.
Q3
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 14
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Charitable Funds CRR1 To evaluate and
determine the adequacy
of the systems and
controls in place for the
management of
Charitable Funds
Q2
Accounts
Receivable
CRR1 To evaluate and
determine the adequacy
of the systems and
controls in place for the
management of the
accounts receivable
function
Q3
Physical
Verification of
Fixed Assets
CRR1 Capital resources are
used efficiently, and that
prices for hospital and
community services
accurately reflect the use
of capital assets
Q4
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 15
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Costing Review CRR1 HD has chosen to be one
of two HB’s in Wales
involved in the Welsh
Reference Costs pilot
audit. IA to review the
costing information
provided.
Q1
Brynmair Clinic
Petty Cash Follow
up
Follow up of
Limited rated
report
To evaluate and
determine the adequacy
of the new systems and
controls in place for the
management of petty
cash within the clinic.
Director of Finance &
Planning
David Eve / Stephen
Forster
Q2
Use of Purchasing
Cards
To follow up
from the
audit of
mobile asset
management
To follow up from the
audit of mobile asset
management
Q2
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 16
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
United 4 Health
Project (re.
European
Community's ICT
Policy Support
Programme)
Improve the
efficiency of
the health
service and
value for
money.
Executive
Request
The preparation of
certificates on the
financial statements for
the project
Chief Operating Officer Daniel Warm Q1
NWSSP
Non pay
expenditure /
Payables
Improve the
efficiency of
the health
service and
value for
money.
CRR1 To evaluate and
determine the adequacy
of the NWSSP systems
and controls in place for
the management of the
Accounts Payable system
Director of Finance &
Planning
David Eve / Stephen
Forster
Q3
Non pay
expenditure/
Procurement
CRR1 The tendering process
results in the most
appropriate contractor
being contracted to
perform the contract for
the best price
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 17
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Non pay
expenditure/
Stores
CRR1 Suitable stores necessary
to support the
organisation’s services
are made available as and
when required and in an
economic and efficient
manner
Primary care
contractor
payments:
The objective is to
evaluate and determine
the adequacy of the
systems and controls in
place for the
management of
payments, in order to
provide reasonable
assurance that risks
material to the
achievement of system
objectives are managed
appropriately.
GMS CRR1
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 18
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
GDS CRR1
GOS CRR1
Community
Prescribing
CRR1
Clinical governance quality and safety
Annual Quality
Statement
Managing our
reputation and
communicating
what we are
doing
N/A To provide an opinion on
the statement as to
compliance with guidance
and quality of reported
information.
Director Integration /
Therapies and Health
Science
Stuart Moncur Q4
Application and
governance of the
Mental Capacity
Act within Hywel
Dda
Managing our
reputation and
communicating
what we are
doing
Improve the
health and
wellbeing for all
of the Hywel
CRR13 To review the application
of the Mental Capacity
Act and governance
throughout the Health
Board.
Director of Primary
Care, Community,
Mental Health
Services & Clinical
Strategy
Jill Paterson / Stuart
Moncur
Q1
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 19
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Dda population
Learning Lessons
from National
Reviews
Improve the
efficiency of
the health
service and
value for
money
N/A Reviewing
recommendations from
national reviews,
ensuring they are
implemented and any
lessons learnt.
Medical Director Stuart Moncur Q1
Low Vision
Service
Managing our
reputation and
communicating
what we are
doing
Improve the
health and
wellbeing for all
of the Hywel
Dda population
Executive
Request
This is a hosted service
and the review will
evaluate and determine
the adequacy of the
systems and controls in
place for the
management of the low
vision service.
Director of Primary
Care, Community,
Mental Health
Services & Clinical
Strategy
Jill Paterson Q1
Processes
surrounding
Discharge of
Patients
Managing our
reputation and
communicating
what we are
N/A To evaluate and
determine the adequacy
of the systems and
controls in place for the
Director of Nursing &
Midwifery
Chris Hayes Q2
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 20
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
doing
Improve the
health and
wellbeing for all
of the Hywel
Dda population
management of the
discharge of patients
Ombudsman
Cases
Managing our
reputation and
communicating
what we are
doing
Executive
Request.
Each quarter review an
action plan following an
Ombudsman review to
ensure the
recommendations are
being put in place.
Interim Board
Secretary
Louise O’Connor Q1, Q2, Q3, Q4.
Mortality Review Improve the
health and
wellbeing for
all of the
Hywel Dda
population
To evaluate and
determine the adequacy
of the systems and
controls in place for the
management of the
mortality reviews
Medical Director Q3
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 21
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Information Governance and Security
Review of IG
‘Toolkit’
Managing our
reputation and
communicating
what we are
doing
Improve the
efficiency of the
health service
and value for
money.
CRR10 To follow up a review
undertaken 3-4 years ago
to ensure that the
measures put in place are
robust and based on
evidence.
Chief Operating
Officer
Anthony Tracey Q3/4
Network Security INFORSK/03 To review the procedures
put in place around
network security within
Hywel Dda.
Chief Operating
Officer
Anthony Tracey Q2
Breastcare PACS
System
INFORSK/04 To review the procedures
put in place around the
Breastcare PACs system
within Hywel Dda.
Chief Operating
Officer
Anthony Tracey Q1
Data Quality - ESR To ensure that the
information being
reported to the Board is
both evidence based and
timely.
Chief Operating
Officer
Anthony Tracey Q4
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 22
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Operational service and functional management
Private Patients
(follow-up)
Improve the
efficiency of
the health
service and
value for
money.
Follow up of
no assurance
rated report
To ensure that the new
policies & procedures are
adhered to and are
robust.
Chief Operating Officer Karen Preece Q1/2
Theatres – asset
purchases
Improve the
efficiency of
the health
service and
value for
money.
CS 10 To ensure that all assets
purchased for theatres
throughout the Health
Board adhere to SO’s and
SFI’s.
Chief Operating Officer Q2
Governance
arrangements
surrounding
Managed
Practices
Improve the
efficiency of
the health
service and
value for
money
CS To ensure that the
governance arrangements
put in place for managed
practices are
comprehensive, robust
and are adhered to.
Medical Director Q2
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 23
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
Medical Devices /
Medical
Equipment
backlog, including
assurance around
processes
Improve the
efficiency of
the health
service and
value for
money
CRR13 To evaluate and
determine the adequacy
of the systems and
controls in place for the
management of medical
devices within the Health
Board and ensuring that
any backlog is prioritised
in a robust and logical
manner.
Chief operating Officer Rob Elliot Q1
Workforce management
Payroll/ ESR Improve the
efficiency of
the health
service and
value for
money
CRR4 To evaluate and
determine the adequacy
of the systems and
controls in place for the
management of the
NWSSP Payroll system
Director of Workforce
& OD
Linda Hughes
Q3
Organisational
development &
training
Improve the
efficiency of
the health
service and
value for
CRR4 To evaluate and
determine the adequacy
of the systems and
controls in place to ensure
the Health Board helps
develop its staff in a
Director of Workforce
& OD
Angie Oliver Q2
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 24
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
money. proper manner
Operational
Rostering
Improve the
efficiency of
the health
service and
value for
money.
CRR4 To provide an opinion on
the processes that have
been adopted for the
introduction of the E
Rostering system within
the Health Board.
Director of Workforce
& OD
Linda Hughes Q3/4
Audit Management and Reporting
Unallocated
contingency
provision
N/A N/A This allows the flexibility
to respond to
management requests in
order to meet specific
Health Board needs
throughout the course of
the financial year.
N/A N/A N/A
Follow-up audits
[if not already
allocated in above
sections]
N/A N/A We will conduct selected
follow-up reviews
throughout the year to
provide the Audit
Committee with
assurance regarding
management’s
N/A N/A N/A
Hywel Dda University Health Board
Internal Audit Operational Plan 2015/16
Page | 25
Planned output Hywel Dda
Strategic Aims
Corporate /
Directorate
Risk Register
Outline Scope Executive Lead Operational Lead Outline timing
implementation of agreed
actions.
Audit planning
reporting and
management
N/A N/A N/A N/A N/A N/A
Liaison with WAO
and Counter
Fraud
N/A N/A N/A N/A N/A N/A
Audit Committee
preparation and
attendance
N/A N/A Incorporating preparation
and attendance at Audit
Committee.
N/A N/A N/A
16/17 Reviews or Quarter 4 reviews?
Review of exception reporting to parent committees Result of recommendation from the Governance Review accepted by the Health Board. However
date of March 2016 included in the response.
Assess the robustness of Programme Management
Office arrangements
Result of recommendation from the Governance Review accepted by the Health Board. However
date of March 2016 included in the response.
top related