Upload
trantuyen
View
230
Download
3
Embed Size (px)
Citation preview
Draft Internal Audit Operational Plan 2013/14 Audit Committee And Audit Strategy 2013/16 21 May 2013
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
March 2013
NHS Wales Shared Services Partnership
Audit and Assurance Services
AGENDA ITEM 2.3
Contents Page
1 Introduction 2
2 Developing the audit strategy 2
3 Audit risk assessment 7
4 Planned audit coverage 7
5 Resource needs assessment 9
6 Action required 10
Appendix A – High Level Audit Universe – Grouped by Assurance Domains Appendix B – Audit Risk Assessment Methodology Appendix C – Strategic Audit Plan 2013/14 to 2015/16 Appendix D – Operational Audit Plan 2013/14
NHS Wales Audit & Assurance Services Page | 1
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
1. Introduction
The Accountable Officer is required to certify in the Annual Governance Statement that they have reviewed the effectiveness of the organisation’s governance arrangements, including the internal control systems, and provide confirmation that these arrangements have been effective, with any qualifications as necessary including required developments and improvement to address any issues identified. The purpose of Internal Audit is to provide the Accountable Officer and the Board, through the Audit Committee, with an independent and objective opinion on the degree to which the Health Board’s risk management, control and governance arrangements support the achievement of its agreed objectives. The opinion should be used to inform the Annual Governance Statement. Additionally, the findings and recommendations from internal audit reviews may be used by Health Board management to improve risk management, control and governance within their operational areas. The Welsh Government’s Internal Audit Standards for the NHS in Wales requires the Head of Internal Audit to develop and maintain an internal audit strategy designed to meet the main purpose of the internal audit activity and its service provision needs. This strategy must advocate a systematic and prioritised review, outlining the resources required to meet the assurance needs of the Accountable Officer, Board and Audit Committee. Accordingly this report sets out the risk based audit strategy for the period April 2013 to March 2016 for Cardiff and Vale University Local Health Board. The strategy includes an operational audit plan for the year 2013/14 and an indication of proposed coverage for the out-years 2014/15 and 2015/16. The internal audit activity will be provided by NHS Wales Audit & Assurance Services, a division of the NHS Wales Shared Services Partnership.
NHS Wales Audit & Assurance Services Page | 2
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
2. Developing the Audit Strategy
2.1 Link to Auditing Standards
The Audit Strategy for 2013/14 – 2015/16 has been developed in accordance with the Internal Audit Standard 2010 Planning to enable the Head of Internal Audit to meet the following key audit planning objectives:
• Provision to the Accountable Officer of an overall annual opinion on the
organisation’s risk management, control and governance, which may in turn support the preparation of the Annual Governance Statement;
• Audit of the organisation’s risk management, internal control and governance arrangements through periodic risk based plans which afford suitable priority to the organisation’s objectives and risks;
• Improvement of the organisation’s risk management, control and governance by providing line management with recommendations arising from audit work;
• Quantification of the audit resources required to deliver the planned audit strategy;
• Effective co-operation with external auditors and other review bodies functioning in the organisation; and
• Provision of both assurance and advice by internal audit.
2.2 Risk based audit planning approach
The risk based planning approach recognises the need for prioritisation of audit cover to provide assurance on management of risk and the strategy addresses these fundamental planning issues by considering the: • organisations risk assessment and maturity; • coverage of the audit universe; • coverage of through previous years activities; and • audit resources required to provide a balanced and comprehensive view. The audit strategy is also mindful of the significant national changes that are taking place through the Together for Health programme. In addition, the audit strategy aims to reflect the significant changes occurring locally within Healthcare in South Wales and changes within the organisation, including the introduction of Clinical Service Boards, assurance needs and key concerns identified from our discussions with management and emerging risks. Whilst some areas of risk control and governance require annual review, the risk based planning approach recognises that it is not possible to audit every area of an organisation’s activities every year and therefore provides a rational basis for the prioritised allocation of audit resources. A summary of our approach to developing the strategic audit plan is Figure 1 below.
NHS Wales Audit & Assurance Services Page | 3
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
Figure 1 Audit planning flow diagram
NHS Wales Audit & Assurance Services Page | 4
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
2.3 Link to the system of assurance
The risk based planning approach integrates with the Health Board’s system of assurance, thus we have considered the following: • A review of the Boards values and priorities; • An assessment of the Health Board’s governance and assurance
arrangements and the contents of the Risk Register and Assurance Framework;
• Risks identified in papers to the Board and its Committees (in particular the Audit Committee and Quality & Safety Committee);
• Key strategic risks identified within the corporate risk register and assurance processes;
• Cumulative internal audit knowledge of risk management, control and governance arrangements (including a consideration of past internal audit opinions);
• New developments and service changes; • Legislative requirements to which the organisation is required to
comply; • Other assurance processes including planned audit coverage of systems
and processes now provided through NHS Wales Shared Services Partnership (NWSSP);
• Work undertaken by other review bodies including Wales Audit Office (WAO) and Healthcare Inspectorate Wales (HIW); and
• Coverage necessary to provide reasonable assurance to the Accountable Officer in support of the Governance Statement.
An overview of the relationship between the organisational objectives key assurance domains and the internal audit plan is provided in the diagram in Figure 2. The mapping of the audit plan to the seven assurance domains is designed to give balance to the overall annual audit opinion which supports the annual governance statement. The identified auditable areas within these assurance domains are presented at a more granular level in Appendix A. The planned coverage of these areas within the annual and strategic planning timeframe is explained within the following section.
NHS Wales Audit & Assurance Services Page | 5
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
Figure 2 Internal audit assurance on key domains
Annual Governance Statement Assurance Domain
Annual Internal Audit
Opinion
Internal Audit Assurance
NHS Wales Audit & Assurance Services Page | 6
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
2.4 Audit planning meetings
In developing the plan, the Head of Internal Audit has met to discuss or made contact with each of the Executives including the Chief Executive at the Health Board to discuss current areas of risk and related assurance needs.
The first draft of this plan was discussed with Director of Finance and Audit Committee Chairman and also the Executive Management Team to ensure that the Internal Audit work was proving assurance across an appropriate range of risks.
3. Audit risk assessment The prioritisation of audit coverage across the audit universe is based on the organisations assessment of risk and assurance requirements as defined in the board assurance framework. The maturity of these risk and assurance systems allows us to consider both inherent risk (impact and likelihood) and mitigation (adequacy and effectiveness of internal control). Our assessment also takes into account corporate risk, materiality or significance, system complexity, previous audit findings, potential for fraud and sensitivity. The relationship between audit risk and frequency of coverage is documented at Appendix B.
4. Planned audit coverage
4.1 Strategic audit plan
The desired frequency of rotational coverage of the audit universe in Appendix A is determined by the audit risk assessment matrix in Appendix B. In practice audit judgement is applied in programming the strategic plan. This audit judgement is required to prioritise audits for the operational year ahead, give balanced coverage across seven assurance domains, recognise other sources of assurance, and reconcile needs with available audit resources. The sequencing in the strategic planning period also takes into account previous audit coverage and strategic coordination with other review agencies including Wales Audit Office and Health Inspectorate Wales. The proposed strategic coverage for the period 2013/14 – 2015/16 has been determined and is included in Appendix C.
NHS Wales Audit & Assurance Services Page | 7
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
Assurance on national transaction processing systems operated by NWSSP will be covered through the NWSSP audit plan and are cross referenced for completeness. Similarly those aspects of the plan which relate to capital and estates assurance to be covered through our Specialist Services Unit are also marked for reference. Given the specialist nature of this work and the assurance link with the all-Wales capital programme a separate plan will be provided in due course to address capital, procurement and estates management. Provision has also been made in the strategic plan for other essential audit work including audit planning, management, reporting and follow-up.
4.2 Operational audit plan
Within this overall prioritisation and proposed strategic coverage the operational plan for the year ahead can be defined in more detail. The Operational Audit Plan is set out in Appendix D and identifies the audit assignment, lead executive officer, outline scope, and proposed timing. Where appropriate the operational plan makes cross reference to key strategic risks identified within the assurance framework and/or corporate risk register and related systems of assurance. Audit coverage required in terms of capital audit and estates assurance and delivered by our Specialist Services Unit within the NHS Wales Audit & Assurance Services will be submitted for approval subsequent to this general internal audit plan. The operational audit plan will then be updated to integrate this specialist coverage. The scope objectives and audit resource requirements and timing will be refined in each area when developing the audit scope in discussion with the responsible executive director and operational management. The scheduling takes account of the optimum timing for the performance of specific assignments in discussion with management and Wales Audit Office requirements. The Audit Committee will be kept appraised of performance in delivery of the Operational Audit Plan, and any required changes, through routine progress reports to each Audit Committee meeting.
NHS Wales Audit & Assurance Services Page | 8
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
4.3 Keeping the audit plan under review
Our risk assessment and audit plan is limited to matters emerging from the planning processes indicated above. We will review and update the risk assessment and rolling strategic audit plan annually giving definition to the upcoming operational year and extending the strategic view outward. Internal audit are committed to ensuring its service focuses on priority risk areas business critical systems and the provision of assurance to management across the medium term and in the operational year ahead. Hence the plan will be kept under review and may be subject to change to ensure it remains fit for purpose. In particular the plan will need to be periodically reviewed to ensure alignment with the developing systems of assurance. Consistent with previous years and in accordance with best professional practice an unallocated contingency provision has been retained in the plan to enable internal audit to respond to emergent risks and priorities identified by the Executive Management Team and endorsed by the Audit Committee. Any change to the plan will be based upon consideration of risk and need and presented to the Audit Committee for approval. Regular liaison with the Wales Audit Office as your External Auditor will take place to coordinate planned coverage and ensure optimum benefit is derived from the total audit resource.
5. Resource needs assessment The needs based strategic audit plan indicates an aggregate resource requirement of 1250 days to provide balanced assurance reporting to the Chief Executive as Accountable Officer in accordance with the NHS Wales Internal Audit Standards. A provision is made within this resource for reviews covering Capital Schemes and Estates Assurance. This assessment is based upon an estimate of the audit resource required to review the design and operation of controls in review area for the purpose of sizing the overall resource needs for the strategic audit plan. Provision has also been made in the strategic plan and needs assessment for other essential audit work including planning, management, reporting contingency and follow-up. The top-slice funding passed to NWSSP is sufficient to meet these audit resource needs. The inclusive internal provision through NWSSP Audit & Assurance Services represents best value for NHS Wales in comparison with external commercial rates for the equivalent provision of these professional services.
NHS Wales Audit & Assurance Services Page | 9
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14 and Audit Strategy 2013/16
HIA Report
NHS Wales Audit & Assurance Services Page | 10
The NHS Wales audit standards enable internal audit to provide consulting and advisory services to management. The commissioning of these additional services by the Health Board is discretionary and therefore not included in the baseline strategic audit plan. Accordingly any requirements to service management consulting requests would be additional to the audit plan and will need to be negotiated separately.
6. Action required The Audit Committee is invited to consider the audit strategy and proposed operational plan and:
• Approve the operational audit plan for 2013/14; • Endorse the strategic view for the period 2014/15 and 2015/16; and • Note the associated audit resource requirements
James Johns Head of Internal Audit – Cardiff and Vale University Health Board Audit & Assurance Services NHS Wales Shared Services Partnership
Cardiff and Vale University Health Board High Level Audit Universe – Grouped by Assurance Domains
Appendix A
NHS Wales Audit & Assurance Services Page | 11
Cardiff and Vale University Health Board High Level Audit Universe – Grouped by Assurance Domains
Appendix A
NHS Wales Audit & Assurance Services Page | 11
Cardiff and Vale University Health Board Audit Risk Assessment Methodology
Appendix B
NHS Wales Audit & Assurance Services Page | 12
The prioritisation of each area is based on our assessment of audit risk in terms of inherent risk (consequence and likelihood) and mitigation (adequacy and effectiveness of internal control). Our assessment takes into account corporate risk, materiality or significance, system complexity, previous audit findings, potential for fraud and sensitivity.
The desired frequency of rotational coverage is determined using the NHS standard 5x5 risk assessment matrix; however audit judgement will be applied in determining the proposed coverage in the strategic plan:
5
Every three years
10 Every two
years
15 Every year
20 Every Year
25 Every year
4 Selective
8
Every three years
12 Every two
years
16 Every year
20 Every Year
3 Unlikely
6
Every three years
9 Every two
years
12 Every two
years
15 Every year
2 Never
4 Selective
6
Every three years
8 Every three years
10 Every two
years
Lik
elih
oo
d o
f in
here
nt
risk
Rar
e (1
) U
nlik
ely
(2)
Po
ssib
le (
3)
Pr
obab
le (
4)
Alm
ost
ce
rtai
n (
5)
1 Never
2 Never
3 Unlikely
4 Selective
5
Every three years
Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5)
Consequence of inherent risk
Cardiff and Vale University Health Board Strategic Audit Plan 2013/4 to 2015/16
Appendix C
Audit Plan and Strategic View
Planned output Mandated Audit Area
NWSSP Audit Plan
Capital Audit Plan
Prior Year Audit
[RAYG]
Audit Risk Rating
[RAYG]
2013/ 14 2014/ 15 2015/ 16
Corporate governance, risk and regulatory compliance
Governance & Accountability module √ N/A √ √ √ Annual Governance Statement √ N/A √ √ √ Annual Report √ N/A √ √ √ Risk Management & Assurance √ N/A √ √ √ Review of Core Standards for Healthcare Services
√ N/A √ √ √
Policies and procedures N/A √ Fraud, theft & corruption N/A √ Corporate legislative compliance √
Legislative compliance: • Health & Safety Act • Human Tissue Act • MHRA • Waste Regulations • Equalities Act • Fire
√
√ √
√ √
Welsh Risk Pool – Claims Management Standard
√ Yellow √ √ √
Clinical service Boards Governance and accountability arrangements:
√
NHS Wales Audit & Assurance Services Page | 13
Cardiff and Vale University Health Board Strategic Audit Plan 2013/4 to 2015/16
Appendix C
Audit Plan and Strategic View
Planned output Mandated NWSSP Capital Prior Year Audit Risk 2013/ 14 2014/ 15 2015/ 16 Audit Audit Plan Audit Plan Audit Rating Area
[RAYG] [RAYG]
Risk management (inc. risk assessment and registers)
Amber √
Strategic planning performance management and reporting
Strategic planning √ Stakeholder engagement/ communication
√
Performance management/ reporting √ √ √ Commissioning and Contract Management
√ √
Partnership governance √ Environmental sustainability reporting √ N/A √ √ √ Business continuity planning √ Financial governance and management
Financial Improvements plans/ Financial management
Amber √ √
Income / Cash Debtors √ Green √ √ √ General Ledger Management √ Green √ √ √ Capital Asset Management √ Green √ √ √ NWSSP managed financial systems – Accounts Payable
√ √ √ √ √
NWSSP managed financial systems – Accounts Payable CAATS
√ √ √ √ √
NWSSP managed primary care √ √ √ √ √
NHS Wales Audit & Assurance Services Page | 14
Cardiff and Vale University Health Board Strategic Audit Plan 2013/4 to 2015/16
Appendix C
Audit Plan and Strategic View
Planned output Mandated NWSSP Capital Prior Year Audit Risk 2013/ 14 2014/ 15 2015/ 16 Audit Audit Plan Audit Plan Audit Rating Area
[RAYG] [RAYG]
contractor payments: General Medical Services General Dental Services General Ophthalmic Services General Pharmaceutical Services
E-expenses √ Private Patients √ Charitable Funds Amber √ √ √
Losses and compensation √ Petty Cash √ Patients Monies and Property √ Management of Capital Schemes √ √ √ √ Clinical governance quality & safety
Annual Quality Statement √ N/A √ √ √ Clinical Governance Framework √ Clinical Audit √ Infection control √ Medical equipment & devices √ Medicines management √ POVA √ POCA √
NHS Wales Audit & Assurance Services Page | 15
Cardiff and Vale University Health Board Strategic Audit Plan 2013/4 to 2015/16
Appendix C
Audit Plan and Strategic View
Planned output Mandated NWSSP Capital Prior Year Audit Risk 2013/ 14 2014/ 15 2015/ 16 Audit Audit Plan Audit Plan Audit Rating Area
[RAYG] [RAYG]
GP Out of Hours √ Continuing Healthcare √ √ Patient Experience √ Patient Outcomes √ Mortality Reviews √ Putting things right: complaints incidents & redress
√
Clinical Networks √ Learning from National Reviews / Alerts
√ √
Catering and food hygiene √ Information governance & security
Information management and governance
√ √ √
Medical records management including Caldicott compliance
√
Information management and technology
Information systems security √
Data protection
Freedom of Information
Data quality of non-financial performance information
√
NHS Wales Audit & Assurance Services Page | 16
Cardiff and Vale University Health Board Strategic Audit Plan 2013/4 to 2015/16
Appendix C
Audit Plan and Strategic View
Planned output Mandated NWSSP Capital Prior Year Audit Risk 2013/ 14 2014/ 15 2015/ 16 Audit Audit Plan Audit Plan Audit Rating Area
[RAYG] [RAYG]
Operational service and functional management
Clinical Service Boards: Governance and Control Arrangements
√ √ √
Localities √
Home Oxygen Services √ Public Health √ Primary Care Services √ √ √ Cardiff Health Access Practice √ Facilities √ Stocks and Stores √ Estates Assurance Reviews √ √ √ √
Workforce management
NWSSP managed systems – Payroll/ ESR
√ √ √ √ √
Payroll CAATs Staff PADRs √ Recruitment – qualification and CRB checking
√
E-Rostering √ √ Medical Staffing √ √ √ Management of temporary staffing (Bank, Agency and Locum staff).
√
Management of sickness and absence √
NHS Wales Audit & Assurance Services Page | 17
Cardiff and Vale University Health Board Strategic Audit Plan 2013/4 to 2015/16
Appendix C
Audit Plan and Strategic View
Planned output Mandated NWSSP Capital Prior Year Audit Risk 2013/ 14 2014/ 15 2015/ 16 Audit Audit Plan Audit Plan Audit Rating Area
[RAYG] [RAYG]
Occupational Health Services √
NHS Wales Audit & Assurance Services Page | 18
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14
Appendix D
Planned output Audit Reference
Outline Scope Executive Lead
Outline timing
Corporate governance, risk and regulatory compliance (175)
Annual Governance Statement (5) Getting it right To provide an opinion and undertake specific areas of review to underpin the completion of the Statement.
Board Secretary
Q4
Governance & Accountability module (5)
Getting it right To provide an opinion on the process that has been adopted and the evidence recorded supports the self-assessment.
Board Secretary
Q4
Head of Internal Audit Annual Report (5)
Getting it right Mandatory requirement to comply with the Internal Audit Standards for the NHS in Wales and Annual Governance Statement.
Board Secretary
Q1
Risk Management & Assurance (40) Getting it right Overview of general governance and risk management arrangements. Undertake specific areas of review to support annual opinion.
Board Secretary
Q4
Standards for Healthcare Services (25)
Getting it right & Patient/ Citizen
To provide an opinion on the process that has been adopted for the Standards as approved by the Quality and Safety Committee
Director Nursing
Q4
Annual Quality Statement (15) Getting it right To provide an opinion on the process that has been adopted and the evidence recorded supports the self-assessment.
Board Secretary / Director Nursing
Q2
Claims Management (5) Getting it right / resources
In accordance with the Welsh Risk Pool Standards, we will review a sample of completed files to ensure that the required processes have been complied with.
Director Nursing
Q4
NHS Wales Audit & Assurance Services Page | 19
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14
Appendix D
Planned output Audit Outline Scope Executive Lead Reference
Outline timing
Risk management and assessment (40)
Getting it right
Examine the embedding of risk management process across the UHB
Board Secretary
Q3
Clinical Service board governance and accountability arrangements. (35)
Getting it right & Patient / Citizen
To review the governance and accountability arrangements with new CSBs .
COO Q3/4
Strategic planning performance management and reporting (150)
Discharges / ALOS (25)
Getting it right & Resources
Review systems and controls in place to manage the associated risks.
Director of Planning / COO
Q1/2
Continuing health care (25) Getting it right & Resources
Review controls in place to mange key risk areas associated with CHC.
COO Q1/2
Patient Access (25) Getting it right & Resources
Compliance with specific aspects of the Patient Access policy.
COO Q2
Third Sector / Voluntary Sector (25) Getting it right & Resources
To review the final framework established and To ensure risks identified in original report have been addressed.
Director of Planning
Q1/2
Operational Planning (30) Getting it right & Resources
Review op plan for assessments of risk, equality and PH issues.
Director of Planning
Q1/2
Sustainability Reporting (20) Getting it right To provide an opinion that the Health Board has robust systems in place to record and report minimum sustainability requirements as required by the Welsh Government.
NHS Wales Audit & Assurance Services Page | 20
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14
Appendix D
Planned output Audit Outline Scope Executive Lead Reference
Outline timing
Financial Governance and management (160)
General Ledger (20) Resources Review controls in place to mange key risk areas within the main financial systems
Director of Finance
Q3
Asset Management (20) Resources Review controls in place to mange key risk areas within the main financial systems
Director of Finance
Q3
Income / Cash / Debtors (20) Resources Review controls in place to mange key risk areas within the main financial systems
Director of Finance
Q3
Charitable Funds (25)
Resources Review governance arrangements, including the management of expenditure and donations. Review of controls in place for management of lottery.
Director of Finance
Q1
Research & Development (20)
Resources Review of systems implemented for managing Income and Expenditure
Medical Director
Q3
NWSSP managed financial systems (45)
• Accounts Payable • Procurement •
Resources Review controls in place to mange key risk areas within the main financial systems
Director of Finance
Q3
• NWSSP - Primary Care contractors ( nwssp plan)
Resources Review controls in place to mange key risk areas within the main financial systems
Director of Finance
Q3
Routine CAATs reviews (10) Resources Computer assisted audit techniques on accounts payable transactions
Director of Finance
Q1-3
NHS Wales Audit & Assurance Services Page | 21
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14
Appendix D
Planned output Audit Outline Scope Executive Lead Reference
Outline timing
Clinical governance quality and safety (135)
Infection Control (25) Patient /Citizen
Review the UHB’s systems and process implemented to manage key risk areas including structure, plans and monitoring.
Director of Nursing
Q1/2
Mortality & RAMI (25) Patient /Citizen
Review the UHB’s systems and process implemented to manage key risks, ensure accuracy of data and review key actions taken.
Medical Director
Q1/2
NPSA Alerts (25) Patient /Citizen
Review the UHB’s response to the dissemination and implementation of alerts
Director of Nursing
Q1/2
Medicines Management (15) Patient /Citizen
follow up - To ensure risks identified in original report have been addressed.
Medical Director
Q1/2
Catering Services and Food Safety Act (25)
Patient /Citizen
Review the UHB’s systems and process implemented to manage key risks
DCEO Q1/2
Prevention of Falls (20) Patient /Citizen
Review whether developed plans and pathways to reduce falls enacted
Director of Therapies
Q1/2
Information Governance and Security (65)
Information Governance – Caldicott, break glass (25)
Getting it right Review controls in place to mange key risk areas and following up of previous actions.
Medical Director
Q2/3
Individual IT Systems - Security Contingency / Recovery follow up (20)
Getting it right Review controls in implemented to improve contingency and back up arrangements
Medical Director/ D
Q3/4
NHS Wales Audit & Assurance Services Page | 22
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14
Appendix D
Planned output Audit Outline Scope Executive Lead Reference
Outline timing
following a previous system failure. CEO Individual IT Systems - Medical Physics System (20)
Getting it right Review controls in place to manage the system, including security, data, contingency planning and operations.
Medical Director / DCEO
Q1/2
Operational service and functional management (220)
Prison Health (20) Getting it right Review the UHB’s systems and process implemented to manage key risks to the service provided.
COO Q1/2
Stock & Stores (25) Getting it right Review the UHB’s systems and process for stock and stores management. Follow up on previous reviews
DCE/ COO Q1/2
Public health Improvement Targets (25)
Getting it right Review process in place to ensure that a selection of targets are to be achieved.
Director of Public Health
Q1/2
Prescribing (20) Getting it right To review the UHB’s systems and process implemented to manage key risks
COO / Medical Director
Q1/2
Management of Capital Schemes & Estates Assurance Work (130)
Getting it right / Resources
Specific schemes to be agreed by the Audit & Assurance Service Specialist Service Unit
Director of Planning
TBA
NHS Wales Audit & Assurance Services Page | 23
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14
Appendix D
Planned output Audit Outline Scope Executive Lead Reference
Outline timing
Workforce management (125)
NWSSP – payroll (35) Resources Review controls in place to mange key risk areas within the main financial systems
Director WOD
Q3
NWSSP CAATs (10) Resources Computer assisted audit techniques on payroll transactions
Director WOD
Q3
Management of staff and variable pay
(45)
Getting it right / Resources
Review of Establishment Controls, authorisation, rostering, linked with Absence Management. Review of controls in place to manage key risks of inappropriate expenditure across a number of CSB and departments.
Director WOD /COO
Q1/2
Management of Medical Locums follow up (15)
Getting it right / Resources
Follow up review of previously agreed actions. Medical director
Q2
ESR MSS implementation (20)
Getting it right / Resources
Review of implementation, set up, procedures and control environment.
Director WOD / DoF
Q2
Audit Management (220)
Contingency This element of the plan allows the flexibility to respond to management requests in order to meet specific Health Board needs throughout the course of the financial year.
Follow-up We will conduct follow-up reviews throughout the year to provide the Audit Committee with
NHS Wales Audit & Assurance Services Page | 24
Cardiff and Vale University Health Board Internal Audit Operational Plan 2013/14
Appendix D
Planned output Audit Outline Scope Executive Lead Reference
Outline timing
assurance regarding management’s implementation of agreed actions.
Management An allocation of time is required for the management of the service to the Health Board:- • Planning liaison and management –
Incorporating preparation and attendance at Audit Committee; completion of risk assessment and planning; liaison with key contacts and organisation of the audit reviews; and
• Reporting and meetings – Key reports will be provided to support this, including preparation of the annual plan and progress reports to the Audit Committee.
NHS Wales Audit & Assurance Services Page | 25