internal audit division statement of strategy 2019‐2021 · internal audit division statement of...
TRANSCRIPT
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 1 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Oifig an Stiúrthóra Náisiúnta Iniúchta Inmheánaigh, Feidhmeannacht na Seirbhíse Sláinte,
Halla Fhionnuise, Ospidéal Naomh Muire, Páirc an Fhionnuisce, Séipéal Iosóid,
Baile Átha Cliath 20, D20 CK33.
Office of the National Director of Internal Audit, Health Service Executive,
Phoenix Hall, St. Mary’s Hospital, Phoenix Park, Chapelizod,
Dublin 20 D20 CK33.
T: ++353 76 6959760 E: [email protected]
Internal Audit Division
Statement of Strategy
2019‐2021
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 2 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Table of Contents
1. FOREWORD FROM THE NATIONAL DIRECTOR OF INTERNAL AUDIT ................................................................ 3
2. BACKGROUND .................................................................................................................................. 4
3. ABOUT THE INTERNAL AUDIT DIVISION .................................................................................................. 5
4. ORGANISATIONAL STRUCTURE & RESPONSIBILITY .................................................................................... 6
5. INTERNAL AUDIT DIVISION ‐ STRATEGIC GOALS ‐ PRIORITIES 2019‐2021 ...................................................... 8
6. EVOLVING THE INTERNAL AUDIT FUNCTION FOR THE FUTURE .................................................................... 24
APPENDIX A – HSE CORPORATE PLAN GOALS ............................................................................................... 25
APPENDIX B – SLAINTECARE IMPLEMENTATION STRATEGY GOALS & STRATEGIC ACTIONS ....................................... 26
Approved Date:
10/5/2019
Approved By:
Geraldine Smith
Michelle Galvin
Paul Hannon
Alan Moran
Tom Malone
Date Adopted:
10 /5/2019
Review Date:
Periodic Review
Document Ref.
Internal Audit Division Strategy
2019 to 2021
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 3 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
1. Foreword from the National Director of Internal Audit
I am pleased to present this Statement of Strategy for the Internal Audit Division, covering the period 2019‐2021.
The strategy is intended to provide a roadmap for the development of the Internal Audit Division over the
coming years for the benefits of our stakeholders. It outlines the strategic visions and goals that we have
identified to help the Internal Audit Division to realise its full potential and to fulfil its mission to ‘enhance and
protect organisational value by providing risk‐based and objective assurance, advice and insight’.
The process of formulating this Statement of Strategy has given us the opportunity to take stock of past
successes and failures, to determine our visions and future goals in the light of challenges ahead, and to put
forward strategies for our development not only in response to changing needs but also as an active and
participating agent of positive change.
The strategic themes attest to our commitment to achieve excellence through our core functions and in our role
‘to provide an independent, objective assurance and consulting activity designed to add value and improve the
organisation’s operations. Internal Audit helps an organisation to accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and
governance processes’ (The Institute of Internal Auditors).
In order to implement these strategic aims, we will continue to develop an enabling environment in which our
human, financial and physical resources are appropriately allocated and deployed to help us attain sustainable
excellence in internal audit practice.
I would like to take this opportunity to thank the audit committee members, senior management and staff who
recently engaged with the process of consultation during the External Quality Assessment (EQA) of the Internal
Audit Division by the Institute of Internal Auditors. The results of our EQA have been incorporated into this
Strategy.
The Sláintecare Implementation Strategy, the Government’s plan for delivering a sustainable and equitable
health and social care service over the next ten years, provides the roadmap for building a world‐class health
service for the Irish people. In delivering this Internal Audit Strategy we will support all goals identified, with a
particular focus on Goal 1, Strategic Action 1 – to improve governance, performance and accountability across
the health service.
With the collaboration of our talented staff and stakeholders, the goals we aspire to accomplish will in time
translate into milestones of which we can be proud.
Dr. Geraldine Smith National Director of Internal Audit
10th May 2019
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 4 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
2. Background
An independent and objective Internal Audit function is an integral part of an organisation’s strategic objectives,
corporate governance and risk management.
The purpose, authority and responsibilities of the Internal Audit Division activity have been formally defined in
the Internal Audit Charter, approved by the Audit Committee and are consistent with the Definition of Internal
Auditing, Code of Ethics and Standards of the Institute of Internal Auditors (IIA).
The Internal Audit Division continues to move beyond standard compliance focus with the aim to drive business
and strategic insights by shifting the balance between assurance and advisory audits. We will continue to play a
vital role in compliance activities and act as a valued strategic advisor to the Health Service and TUSLA.
In conjunction with the delivery of this 3 year Internal Audit Strategy, we will develop our annual Audit Plans in a
manner that balances senior management and Audit Committee objectives, assurance and compliance
requirements on one side, and business insights and strategic business initiatives advice on the other. We will
continue to revisit our annual Audit Plans regularly to ensure that the balance reflects any changes in business
priorities or risk tolerance. With the right balance, Internal Audit will provide the key business insights and
strategic advice that the Health Service and TUSLA require.
As Internal Audit’s mandate expands and its scope increases, the Division must be prepared to fulfil additional
skills and competency requirements. Skills such as data analytics, technical compliance, business strategy, risk
management, and fraud prevention and detection are all areas in which skills must be further developed over
the coming years, internally within our own teams and where required, supplemented or augmented using third
party service providers.
Internal Audit must focus competency and training efforts to ensure that we have the right skills to meet our
Audit Plan requirements and manage stakeholder expectations.
In today’s dynamic environment, Internal Audit must satisfy many different stakeholders: Audit Committee
members; Senior Leadership team; operational leaders, external auditors and regulators. Internal Audit will
balance these expectations, transforming to accomplish its Strategy with the appropriate actions over the
coming years.
This Strategic Plan is the product of an exercise of self‐reflection culminating in the articulation of our plans to
help fulfil our aspirations for the future development of the Internal Audit Division.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 5 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
3. About the Internal Audit Division
The Internal Audit Division has adopted the following
MISSION and VISION statements which will continue to
guide the Division in its strategy. Our commitment to
these principles is the foundation of our success. We
strive to provide quality internal audit services that add
value and result in timely, relevant, fair, balanced and
credible audit reports. We support the highest standards
of excellence, honesty and professionalism in our
workforce to earn the trust of all stakeholders. We treat
all stakeholders with respect, dignity and fairness, and
highly value teamwork, collaboration and open
communication.
THE MISSION OF INTERNAL AUDIT is to enhance and project organisational value by providing risk‐based and
objective assurance, advice and insight.
OUR VISION is to be a respected and valued Internal Audit Division comprised of engaged audit professionals
delivering high quality, results oriented, independent internal audit services that benefit our stakeholders by
improving operations, increasing efficiency, and reducing risk.
The role of Internal Audit is:
‘to provide an independent, objective assurance and consulting activity designed to add value and improve an
organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control, and governance processes’.
(The Institute of Internal Auditors)
Our Core Values
The Internal Audit Division conforms to the Institute of Internal Auditors (IIA) Code of Ethics and Standards, the
conceptual frameworks for all professional auditors to ensure compliance with the five fundamental principles of
ethics:
Integrity
Professional Competence and Due Care
Professional Behaviour
Objectivity
Confidentiality
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N A L AU D I T D I V I S I O N
P AG E 6 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M A Y 2019
4. Organisational Structure & Responsibility
The Internal Audit Division is led by the National Director of Internal Audit. The Division is responsible for ensuring
that a comprehensive programme of audit work is carried out annually throughout the HSE. The purpose of this work
is to provide assurance that financial controls and procedures are operated in accordance with best practice and with
the appropriate regulations, and to make recommendations for the improvement of such controls and procedures.
The remit of Internal Audit covers all financial systems and activities throughout the HSE, and bodies totally or
partially funded by the HSE.
In addition, the Division conducts an annual programme of audits for TUSLA (the Child & Family Agency).
The HSE Audit Committee, to whom the Division reports, monitors the work of the Division. The Division also reports
at the highest level in the HSE and is represented on the National Financial Controls Assurance Group (NFCAG).
In addition to the financial aspects of Internal Audit reporting there can also be other aspects identified and reported
on which do not fall within the remit of the HSE Audit Committee but which relate to the HSE Risk Committee, for
example issues such as health & safety, security, personnel screening and data security. These findings are regularly
reported to the Risk Committee by the National Director of Internal Audit.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 7 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
The HSE Internal Audit Division is structured as follows:
Internal Audit Operations oversees the delivery of a programme of internal audits by each of the local audit offices
based throughout the country and incorporates national, corporate and funded agencies audits.
ICT Audit & Data Analytics Unit delivers information and communications technology (ICT) audits with a national
remit. ICT Audit assignments are delivered on a co‐sourced basis by the Internal Audit ICT Audit team together with a
contracted firm of ICT auditors.
Special Projects & Investigations work is conducted by a team in the Division together with additional contracted
specialist forensic accountants.
The Annual Internal Audit Plan is risk based and is formulated based on the following criteria:
The Division considers the audit universe and the need to cover significant areas over a reasonable period of
time. Cognisance is taken of current developments and issues arising. A selection of follow‐up audits is also
undertaken each year.
The Corporate Risk Register and Management Letters from the Comptroller & Auditor General (C&AG) are also
considered and factored into the annual Audit Plan;
The views of the HSE Leadership Team and Senior Managers are sought for suggested items for inclusion in the
annual Audit Plan;
Discussions with the CEO and the Audit Committee also feed into the preparation of the final annual Audit Plan;
The output from the previous Controls Assurance Process is considered.
The Division meets regularly with the Office of the Comptroller & Auditor General to provide regular briefings on the
results of completed audits and to facilitate the exchange of information.
Collaboration with various groups such as the Heads of Internal Audit Forum comprising Heads of Audit from
Government Departments provides a useful platform for information sharing, along with periodic meetings with the
Northern Ireland Health & Social Care Internal Audit team.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 8 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
5. Internal Audit Division ‐ Strategic Goals ‐ Priorities 2019‐2021
The Internal Audit Division aims to provide assurance to the Health Service and TUSLA leadership by providing
timely products of recognisable value while maintaining a highly professional, competent, ethical and diverse
workforce. To maximise our productivity, we must continue to explore ways to accomplish our mission more
effectively and efficiently. To accomplish this, the Internal Audit Division has established 5 strategic goals with
specific objectives for their delivery.
The specifics of these goals, as well as the objectives and strategies for achieving them are detailed on the
following pages.
We have identified core areas upon which, as a leading Internal Audit function, we need to focus to manage and
meet changing stakeholder expectations.
Over the period of this strategy and beyond, the Internal Audit Division’s primary vision will be to partner with
our stakeholders to effect positive change, helping them to effectively mitigate their risks while reaping the
rewards of opportunities taken. To be a valued partner, the Internal Audit team will seek opportunities to learn
about and understand our stakeholders’ environment and the challenges they face, as well as taking a forward
look at internal and external factors and trends that may prevent the service from successfully meeting its goals
and objectives. We will seek creative ways to maximise the value and impact of available audit resources
leveraging consulting activities and technology. We have an educated and motivated team of auditors dedicated
to collaborating with our stakeholders to improve the governance, risk management, and internal controls in the
Health Service and TUSLA.
Digital transformation brings with it new challenges for the Internal Audit Division while also providing new
opportunities to enhance our overall value to our stakeholders. To do so effectively requires a new approach to
talent and staffing focused on recruiting and retaining a team with varied professional experience and
supplementing it with external expertise as necessary.
We will leverage the opportunity to elevate the Internal Audit function in the Health Service and TUSLA, better
integrating risk assessment into the business, while retaining our focus on providing assurance to our
stakeholders.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N A L AU D I T D I V I S I O N
P AG E 9 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M A Y 2019
Internal Audit Division ‐ Strategic Objectives Overview
Strategic Objective 1 – To Deliver High Performance
To deliver high quality internal audit assurance and consulting services to effect positive change in the Governance,
Risk Management and Control Activities of the Health Service and TUSLA.
Strategic Objective 2 – To Enhance Our Engagement
To foster and cultivate meaningful and valuable relationships by enhancing engagement and direct communication
with the key Internal Audit stakeholders.
Strategic Objective 3 – To Increase Our Influence
To support and promote an organisational foundation of strong governance, ethics, fraud awareness, and internal
controls.
Strategic Objective 4 – To Enhance Internal Audit Business Processes
To improve Internal Audit business and management processes to achieve effectiveness and efficiency.
Strategic Objective 5 – To Develop Our People
To develop and retain a sustainable, highly skilled workforce capability in the Internal Audit Division.
1
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 10 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Strategic Objective 1 – To Deliver High Performance
To deliver high quality internal audit assurance and consulting services to effect positive change in the
Governance, Risk Management and Control Activities of the Health Service and TUSLA.
GOALS ACTIONS WHAT SUCCESS LOOKS LIKE
1.1 Identify and
provide the
appropriate mix
of assurance
and consulting
services.
Conduct outreach meetings /
correspondence with senior management to
identify areas of concern and/or risk.
Areas of concern and/or risk identified and
incorporated, as appropriate, into the
annual Internal Audit Plan.
Directly link the programme of audits to
senior management concerns and/or risks
identified during consultation.
Risk based annual Internal Audit Plan
incorporating stakeholder feedback.
Establish robust risk assessment as part of
the annual internal audit planning process.
Continuous risk assessment focusing on
existing and emerging high risk areas such as
strategic, technology and business risks.
Using all risk information attained, develop,
communicate and deliver the optimal annual
Internal Audit Plan.
Optimal annual Internal Audit Plan
formulated and adopted.
Periodically seek stakeholder feedback on
the service provided by Internal Audit.
Stakeholder Surveys implemented and
feedback incorporated to enhance our
processes.
Continue to report regularly to the Audit
Committee(s) and CEOs of the Health Service
Executive and TUSLA and periodically to the
Risk Committee.
Periodic management reporting timelines in
place and deadlines met.
Feed into an organisational Assurance
Mapping exercise.
Internal Audit represented on the
organisational Assurance Map when
developed and adopted.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 11 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
1.2 Increase
synergy and
collaboration
with other
assurance
providers.
Increase collaboration and examine
potential for synergies with other assurance
functions, for example Health Care Audit
(HCA).
Conduct joint audit engagement(s) with
other risk management and assurance
functions.
Liaison and consultation with other
assurance providers to avoid duplicated
assurance effort during the annual Internal
Audit Plan formulation.
Established synergies and regular
collaborative engagement with other
assurance providers.
1.3 Expand the
breadth and
depth of audit
coverage and
assurance to
the Health
Service and
TUSLA.
Develop and embed the Internal Audit
Universe.
Internal Audit Universe formulated,
developed and embedded.
Implement a flexible approach to audit
resourcing to respond to audit /
investigation requests.
Data Analytics Unit with shared resources
established and this concept further
developed to be utilised across the Internal
Audit Division as appropriate from 2020.
In accordance with the Public Sector Internal
Audit Standards, the Annual Report of the
Internal Audit Division to include an overall
opinion on the adequacy of governance, risk
management and internal controls for the
Health Service and TUSLA.
Annual Audit Opinion on adequacy of
governance, risk management and internal
controls given.
Assist the Health Service and TUSLA in
implementing effective internal controls and
help the organisations to identify, track and
mitigate their systemic material weaknesses.
Internal Audit recommendations made are
clear, concise and consistent.
Recommendation Status Reports provided to
Audit Committee(s), HSE Leadership Team
and National Directors on a quarterly basis.
Develop Value for Money (VFM) Audit
Service
Pilot / Proof of Concept developed and
delivered during the lifetime of this Strategy.
Develop and implement the Data Analytics
Unit (on a pilot basis) under the direction of
the Assistant National Director ICT Audit.
Data Analytics driven audits planned,
undertaken and delivered during 2019.
Data analytics embedded and in use across
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 12 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
the Internal Audit Division from 2020.
Continually review and expand our
programme of ICT Audits to address
emergent technological risks.
Annual ICT Audit Plan incorporating adapted
and customised vulnerability assessments
and penetration tests to address emergent
and ever‐changing cyber risks.
1.4 Progress the
Policy for a
Single Internal
Audit Service
Strategy for the
Health Service.
Advance discussions with appropriate
stakeholders regarding the potential for a
future strategy providing for a Single Internal
Audit Service to best meet the future
governance needs of the evolving Health
Service under Slaintecare.
Future roadmap agreed and defined with
relevant stakeholders – CEO, Audit
Committee Chair and the Department of
Health.
Future strategy formulated and adopted.
Identify the optimum staffing resource level
for Internal Audit for the current and future
configuration of the Health Service.
A review commissioned of the level of
staffing resources required.
1.5 Comply with
the Institute of
Internal
Auditors (IIA)
Professional
Practices
Framework
Standards.
Support, implement and embed the Quality
Assurance Improvement Programme (QAIP)
to review audit activities and ensure
compliance with the Institute of Internal
Auditors (IIA) International Professional
Practices Framework Standards.
QAIP defined, agreed and delivered.
Achieve successful ‘conforms’ rating on EQA
in 2019.
Full conformance achieved on EQA by end of
Q4, 2019.
Conduct an External Quality Review (EQA)
every 5 years, at a minimum.
EQA Review delivered every 5 years.
Conduct an annual self‐assessment.
Divisional self‐assessment undertaken and
completed on an annual basis.
1.6 Be responsive
to high risk
vulnerabilities
and emergent
requirements.
Keep stakeholders informed of areas that
may warrant additional oversight based on
the experience and knowledge gained from
completed Internal Audits.
Stakeholder education and periodic updates
provided by Internal Audit.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 13 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Continually collaborate with senior
management during the annual Audit Plan
delivery to identify audit requirements
and/or risks that have emerged since
formulation and agreement of the annual
Internal Audit Plan.
Collaborative engagement with senior
management feeding into periodic annual
Audit Plan review to incorporate emergent
requirements.
Demonstrate flexibility by addressing high
priority emergent audit requirements as
they arise.
Annual Audit Plan periodically reviewed and
updated as priorities change.
Continue to focus on fraud deterrence and
detection by coordinating and collaborating
with key stakeholders.
Education and awareness promotion using
various tools such as HSELanD.
Raise the profile of Internal Audit and
leverage the results of audits to inform and
educate stakeholders.
Implement innovative techniques, such as
advisory, trend and summary reports; audit
results briefings; learning notes; baseline
control documents; relevant articles /
publications; and communications through
Internal Audit Liaisons, to leverage results of
audits identifying systemic internal control
weaknesses throughout the Health Service
and TUSLA.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 14 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Strategic Objective 2 – To Enhance Our Engagement
To foster and cultivate meaningful and valuable relationships by enhancing engagement with the key Internal Audit
stakeholders.
GOALS ACTIONS WHAT SUCCESS LOOKS LIKE
2.1 Understand
evolving
stakeholder
needs and
expectations.
Increase effective communications between
Internal Audit and key stakeholders, to
improve trust and effective participation and
to increase stakeholder satisfaction.
Key Stakeholder Surveys and Post Audit
Surveys implemented and feedback
considered and actioned.
Meetings with Leadership Teams of
Divisions, CHOs and Hospital Groups.
Proactive collaboration with senior
management, adding value and insight to
their business activities.
Senior management and key stakeholders
seek Internal Audit advice.
Presentations at divisional staff conferences,
staff days and seminars.
Participate in professionally‐related
speaking engagements as requested.
Active communication with key stakeholders
in developing the annual Internal Audit Plan.
Annual Internal Audit Plan incorporating key
stakeholder input.
Increase the number of non‐financial audits
in the annual Internal Audit Plan and include
audits in areas such as culture, ethics,
projects, risk management and governance.
Annual Internal Audit Plan formulated and
agreed with a diverse internal audit focus.
2.2 Enhance our
communications
with
Maintain and enhance policies and
procedures to ensure continuous
communications and collaboration with key
Audit process engagement enhanced.
Key Stakeholder Surveys and Post Audit
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 15 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
stakeholders. stakeholders throughout all phases of the
internal audit process.
Surveys monitored and feedback considered
and actioned.
Communicate audit results in a timely
manner to enable program improvement by
our stakeholders.
Optimal internal processes and procedures
adopted, and adherence to timelines.
Monthly notification reports to each
National Director on Potentially Systemic
Risks identified in Internal Audit Reports
issued in the previous month.
Support management by communicating the
thematic learnings from Internal Audit
findings.
Issue learning notes on themes identified in
Audit Reports.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 16 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Strategic Objective 3 – To Increase Our Influence
To support and promote an organisational foundation of strong governance, ethics, fraud awareness, and internal
controls.
GOALS ACTIONS WHAT SUCCESS LOOKS LIKE
3.1 Be a source of
guidance and
advice
Support senior management in their
accountability roles.
Meet with Leadership Teams of Divisions,
CHOs and Hospital Groups.
Senior management and key stakeholders
seek Internal Audit advice.
Presentations given at divisional meetings,
staff conferences and staff seminars.
Participate in professionally‐related speaking
engagements.
3.2 Create and
maintain
national
training and
other activities
to increase HSE
& TUSLA staff
awareness of
governance,
ethics, fraud
awareness and
internal
controls.
Develop the Internal Audit Division’s on‐line
presence to incorporate information such as
FAQs, on‐line help facility etc.
Relevant and up‐to‐date web presence on
the Intranet and Internet web platforms.
Formulate a national e‐learning Fraud
Awareness, Detection and Prevention
training module for rollout via the HSELanD
on‐line training facility.
Fraud Awareness, Detection and Prevention
training module developed and rolled out
for staff on HSELanD.
Contribute to the development of
governance, ethics and controls awareness
training programmes for roll‐out via the
HSELanD on‐line training facility.
Training module developed and rolled out
for staff on HSELanD.
Develop a Fraud Protocol to guide staff on
actual steps to be taken where fraud /
irregularities are suspected.
Fraud Protocol formulated, agreed and
adopted.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 17 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
3.3 Evaluate Fraud
Risk for the
Health Service
& TUSLA and
strengthen
Fraud Risk
Assessment
A Fraud Risk Assessment to be undertaken
to assess risk in these areas.
Fraud Risk Assessment undertaken and
delivered.
Explore the potential for the greater use of
Data Analytics for fraud risk identification
and fraud detection, particularly on large
datasets, while implementing more
automation to strengthen effectiveness and
efficiency.
Proactive fraud identification and detection
with specific target areas identified.
Pilot a Data Analytics Unit with an identified
programme of related data driven audits for
delivery during 2019 with the aim of further
rollout during 2020 to all internal audit units.
Identified data driven audits delivered as per
the agreed annual Internal Audit Plan during
2019.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 18 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Strategic Objective 4 – To Enhance Internal Audit Business Processes
To continuously improve Internal Audit business and management processes.
GOALS ACTIONS WHAT SUCCESS LOOKS LIKE
4.1 Seek out and
embrace
innovative
approaches to
meet current
and future
internal audit
demands.
Examine and evaluate the potential for the
implementation of an audit management
system.
Enhance processes that facilitate audit
planning, tracking, budgeting, process
management, time management, resource
usage and reporting activities.
Leverage technology to increase and
automate audit activity where possible.
Implement optimal audit management
software solutions (where appropriate).
4.2 Maximise
internal
auditing
resources
through better
planning and
project
management.
Employ new audit assignment / project
management approaches to improve
efficiency and timeliness of audit processes
and to enable standardisation of approach
across the Internal Audit Division.
Internal Audits conducted using a
standardised approach.
Develop and operationalise standard
templates.
Templates agreed and adopted for
consistent delivery of quality audit
assignments, and included in the Internal
Audit Manual.
4.3 Reduce and
automate
administrative
and reporting
burden
Enhance the Internal Audit functional and
administrative reporting mechanisms to
focus on exception‐based reporting and
streamline the information collection for
reporting purposes.
Standardised reporting processes and
templates.
Internal Audit Manual formulated and
adopted for use across the Internal Audit
Division.
Consider the use of dashboards for
streamlined and concise management
reporting.
Internal Audit Dashboard for display of
management information delivered and
operational.
Centralise the tracking of Internal Audit
recommendations to ease administration
Centralised internal audit tracking function
in place and operating to agreed timelines.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 19 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
overhead, duplication of effort and to
standardise processes.
4.4 Enhance
efficiency of
Internal Audit
activities by
investing in
continuous
process
improvement,
professional
development,
quality
improvement
and quality
review.
Embed the Quality Assurance &
Improvement Programme (QAIP) as
established following the External Quality
Assessment (EQA) by the Institute of Internal
Auditors (2018).
QAIP actions identified and assigned to
responsible owners for delivery within
defined timeframes.
Update and embed the Internal Audit
Manual to standardise processes by having a
single audit methodology, to improve
quality, gain efficiencies and add to the
effectiveness of the Internal Audit team.
Internal Audit Manual developed and
adopted.
Encourage Internal Audit staff to stay
abreast of contemporary auditing
approaches and techniques.
Modern audit approaches and processes
adopted and in use.
Quarterly Professional Update Newsletter
for Internal Audit Division staff.
Conduct quality control and peer reviews,
for example on audit files.
Quality and peer reviews in place.
Build and develop Internal Audit team
members’ business acumen in focus areas to
increase audit efficiency, effectiveness and
audit value.
Staff development through cross‐training,
delivery of staff briefing days, seminars and
courses.
Close monitoring and active performance
management by local Internal Audit Office
Managers in the audit engagement planning
process to quality control audit scope and
test procedures.
Performance management and review
formalised and periodic team meetings and
status updates in place and operational.
Local Internal Audit Office Managers to
continue to review and sign key control
documents for each audit / assurance
Formalised sign‐off and review
arrangements in place and consistent across
the Internal Audit Division teams.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 20 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
engagement.
4.5 Integrate
information
technology to
improve the
overall
effectiveness
and efficiency
of operations
and to facilitate
ease of access
to information.
Review and make the necessary changes to
provide the effectiveness of work paper and
information technology software.
Improved, automated and reduced
duplication and manual administration
overhead.
Provide information technology training for
employees to enhance proficiency in various
desktop management, audit execution and
project management tools.
Training requirements identified and met as
appropriate through a Training Needs
Analysis exercise and Training and
Development Strategy/Plan
implementation.
Use of data interrogation tools already in
existence across the Internal Audit Division
i.e. IDEA, to reduce the use of manual testing
and evidence gathering.
Greater efficiencies gained as a result of the
widespread use of IDEA and other
technological tools for testing and evidence
gathering.
Ensure that the Internal Audit Division
internet and intranet presence is periodically
reviewed and updated with the most current
information available.
On‐line web presence reviewed and updated
periodically with relevant and current
information.
Regularly review and improve the quality of
audit reports by increasing the use of
available information technology tools to
gather, analyse and present factual data to
further enhance the accuracy, completeness
and timeliness of audit reports.
Consistent and accurate internal audit
reporting and assurance information.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 21 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Strategic Objective 5 – To Develop Our People
To develop and retain a sustainable, highly skilled workforce capability in the Internal Audit Division.
GOALS ACTIONS WHAT SUCCESS LOOKS LIKE
5.1 Attract and
retain internal
audit staff with
the right
balance of
education,
experience and
professional
skills and
competencies.
Analyse recruiting activities, identify
strengths and weaknesses in process, and
implement opportunities to improve the
recruitment and retention of Internal Audit
staff.
Conduct an Internal Audit Division job
specification review.
Conduct a review of Internal Audit
recruitment campaign advertising
arrangements.
5.2 Further train
and develop
the Internal
Audit Division
workforce.
Continually re‐evaluate the core training
requirements for all positions, review job
specifications and make appropriate changes
to enhance the skills of the workforce.
Develop a targeted Internal Audit staff
professional development strategy (Internal
Audit Training & Development Plan) to
ensure that the workforce has the
appropriate mix of skills, experience and
diversity.
Ensure that Internal Audit staff receive a
variety of audit and developmental
experiences (i.e. mentoring, leadership
programmes etc.) that prepare them to
succeed in the auditing profession.
Create a leadership development plan that
includes effective succession planning.
Conduct a Training Needs Analysis exercise
across the Internal Audit Division.
Continually review and benchmark accession
and retention rates to determine resource
gaps.
Periodic resource reviews conducted and
reported upon.
Encourage Internal Audit staff to participate
in membership of professional organisations
and hold professional qualifications.
Provide opportunities for staff membership
of relevant organisations.
Provide relevant professional development
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 22 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
opportunities as appropriate.
Organise periodic staff training days in areas
such as Data Protection, Data Analytics etc.
Annual Internal Audit Division staff days and
periodic subject briefings.
5.4 Promote the
building of
Internal Audit
staff’s
knowledge,
skills, abilities,
and job
satisfaction.
Promote relevant mentoring, training and
coaching to build staff knowledge, skills,
abilities and job satisfaction.
Internal Audit Division Staff Training &
Development Plan agreed and implemented.
Identify and develop each staff and
management member’s individual and
departmental development needs.
Training Needs Analysis exercise undertaken
to inform the Training & Development Plan.
Develop a quarterly Internal Audit
Newsletter providing information on good
governance, risk management, internal
controls and current industry internal audit
and security issues.
Quarterly Staff Newsletter developed and
circulated.
Assess internal audit outcomes and lessons
learned for information sharing purposes
across the Internal Audit Division.
Learning notes formulated and circulated.
5.5 Create and
maintain a
desired work
environment
that promotes
motivation and
satisfaction.
Conduct team building activities to
strengthen team bonding and
understanding.
Annual Internal Audit Seminar organised.
Provision for staff attendance as appropriate
at IIA Annual Conference and similar events
for continuous professional development
(CPD).
5.6 Utilise a co‐
sourced
delivery model
where
appropriate.
Explore the use of shared resources
(secondments) with other Health Service
divisions.
Opportunities evaluated and arrangements
put in place if or as appropriate.
Explore the possibility of establishing a
reciprocal guest auditor programme within
Opportunities evaluated and pursued if
deemed to be suitable between divisions or
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 23 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
the Audit sector.
organisations.
Continue to engage external expertise using
contracted resources as appropriate to
augment in‐house skills.
Best use of contracted resources ensuring
delivery of quality audit services.
5.7 Develop our
staff and help
them to reach
their full
potential.
Provide Internal Audit staff with wide
exposure to HSE’s service and business
divisions and continually reinvest in
developing the staff of Internal Audit using
successful on‐boarding and ongoing training
to help them to reach their full potential
within Internal Audit and the HSE.
A motivated Internal Audit team who feel
challenged and fulfilled in their work.
Internal Audit staff career progression
throughout the HSE.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 24 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
6. Evolving the Internal Audit Function for the Future
Although much of the work of the Internal Audit Division continues to centre on assessing operational risks and
the internal controls in place to mitigate these risks, we must increasingly look outwards to external threats such
as cyber‐attacks and the strategic risk posed by rapidly evolving technologies. We must be outward‐looking in
our Internal Audit Strategy and in the delivery of its objectives and key actions.
We will most likely be expected to do more in this area with the same resources and similar budgets, therefore
we must effectively prioritise audit work, continue to develop our risk based audit plans, pursuing efficient and
effective approaches to work.
Hiring / co‐sourcing subject matter experts, internal process improvements and adopting data analytics and other
technologies will help us to improve the delivery of audits and to increase the level of assurance provided to the
Health Service and TUSLA.
We must take the necessary steps to address skills gaps through recruitment, co‐sourcing or out‐sourcing, as well
as changing audit methods and models to optimise time and resources.
The bottom line is that there is an on‐going movement in the internal audit profession from manual, time‐
intensive auditing to technology‐enabled auditing practices that will enable the Internal Audit Division to deliver
on the evolving needs and expectations of our stakeholders.
It is vital that the Internal Audit Division continues to evolve to ensure that it continues to be an effective
assurance provider in this transformational landscape.
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N A L AU D I T D I V I S I O N
P AG E 25 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M A Y 2019
Appendix A – HSE Corporate Plan Goals
I N T E R N AL AU D I T D I V I S I O N – S T AT E M E N T O F S T R AT E G Y 2019-2021
HSE I N T E R N AL AU D I T D I V I S I O N
P AG E 26 O F 26 I N T E R N AL AU D I T D I V I S I O N S T R AT E G Y 2019 T O
2021 - 10 M AY 2019
Appendix B – Slaintecare Implementation Strategy Goals & Strategic Actions