PUBLIC BOARD 26 MAY Audit Committee Annual Report

Transcription

1 PUBLIC BOARD 26 MAY 2016 Audit Committee Annual Report Presented for: Presented by: Authors: Previous Committees Information and approval Caroline Johnstone, Chair, Audit Committee Caroline Johnstone, Chair, Audit Committee David Gregory, Head of Internal Audit Draft outline considered by Audit Committee on 5 April 2016 Trust Goals The best for patient safety, quality and experience The best place to work A centre for excellence for research, education and innovation Seamless integrated care across organisational boundaries Financial sustainability Key points 1. The Audit Committee summarises its activity each year in an annual report which is attached for information. 2. The work plan for the coming year 2016/17 is attached for endorsement by the Board. For information For approval 1

2 INTRODUCTION The purpose of this report is to provide assurance to the Trust Board that the Audit Committee has carried out its obligations in accordance with its Terms of Reference approved on 28 May The Committee reviewed the terms of reference (attached) during the year and confirmed no changes were required. BACKGROUND It is a formal requirement for all NHS Trusts to have an Audit Committee. Information about the appropriate operation of the Audit Committee is set out in the official NHS Audit Committee Handbook (Third Edition) published in The Audit Committee adheres to this guidance. This report describes the Audit Committee s activities from May 2015 to April In particular, it addresses various matters for which the Audit Committee has oversight for the Board: Financial reporting Risk management External audit Internal audit The system of internal control Governance arrangements, including the work of other Board committees The Chair escalates those matters that the Audit Committee considers should be drawn to the attention of the Board when presenting minutes of the Committee s proceedings to the next meeting of the Board. MEMBERS AND MEETINGS Caroline Johnstone, Deputy Chair of the Trust and Non-Executive Director, has remained as Committee Chair during the course of the year. There are two other Members of the Audit Committee; Allison Page and Carl Chambers. During 2015/16, the Audit Committee met formally on five occasions: 7 May, 27 May, 17 September, 3 December 2015 and 6 April 2016 (which was rescheduled from March 2016). We also met informally in July 2015 to have a private briefing on NHS pensions and a discussion on our approach to internal audit. Mrs Johnstone attended all five of the formal meetings during the year; Mr Chambers and Ms Page attended four of the five meetings. The meetings were quorate at all times. After each meeting, the Chair reported back to the next Trust Board meeting, drawing attention to those matters of significance for the Board. The draft minutes of the meetings are received by the Trust Board with a supplementary update provided by the chair. 2

3 The following are in regular attendance at the Audit Committee s meetings: Tony Whitfield, Director of Finance Mel Simmonds, Associate Director of Finance David Berridge, Deputy Chief Medical Officer Craig Brigg, Director of Quality Jo Bray, Trust Board Secretary David Gregory, Head of Internal Audit Representatives of External Audit (Grant Thornton and Mazars) Before each meeting, the Committee took the opportunity for a private meeting with either the external or internal auditors. In addition, the following have attended for specific items: Julian Hartley, Chief Executive for Annual Governance Statement and risk management. Mr Hartley attends a number of meetings during the year and is always available to the Committee Yvette Oade, Chief Medical Officer Dean Royles, Director of HR and Organisational Learning Andy Thomas, Director of Informatics Chris Slater, Head of Supplies for tendering and procurement David Hay for Financial Accounting Richard Schmidt and Lina Anderson, Local Counter Fraud Specialists for counter fraud Julia Roper for Trust policies and procedures Mike Harrop, Risk Associate for risk management Heather Lang, Merseyside Internal Audit Associate Other executive directors or managers may be requested to attend to discuss a particular issue with the members. Linda Pollard, Chair of the Trust, has observed a number of the Audit Committee s meetings during the year, as appropriate. AUDIT COMMITTEE WORKINGS The Audit Committee has a well-established Workplan & Calendar of Key Events which sets out its annual cycle of work and reporting. This is kept under regular review and often updated. The Audit Committee also works with the Board s other assurance committees and will receive matters for its consideration and refer matters to other committees for assurance purposes. The Chair of the Audit Committee is a regular observer at the Trust s Risk Management Committee where strategic and operational risks are considered by the Trust s senior management, together with Clinical and Corporate Service Unit leaders. This enables her to observe, test and report back to the Committee on the Trust s approach to risk management and the culture around risk in the Trust. 3

4 The members of the Committee also report back on their other sources of assurance; chairing consultant interviews, meeting the public at Medicine for Members events and the AGM, regular ward walk rounds and visits to areas of the Trust (announced and unannounced), attendance at other Board Committees and attending NHS leadership events for briefings. Each meeting commences with a focus on quality and other patient related issues. The general cycle involves the receiving of annual plans, the reviewing of progress through the year and the receiving the annual reports at the end of the year. There is a systematic recording of actions and completion by tracker and minutes. A new development this year is that, between meetings, whenever the Head of Internal Audit issues a 3 Triangle /Limited Assurance report (which is described below), this is also sent to the Members of the Audit Committee so that they are aware of the issues and recommendations as they are being raised. The Internal Audit Progress Reports always contain the Executive Summaries from the 3 Triangle /Limited Assurance reports issued in the period which provides a further opportunity for these to be considered by the Committee. The Committee will often seek a management response and/or invite the relevant director or senior manager to attend a future meeting to discuss the risks and mitigation being put into place. REVIEW OF COMMITTEE EFFECTIVENESS In January 2016, the Committee undertook a formal assessment of its own effectiveness, with a survey of members and attendees. Overall, members were satisfied with the way the Committee was operating. In the coming year, we will undertake some training for the Committee and some further benchmarking with other Audit Committees. WORK OF THE COMMITTEE 1.1 Annual Report and Accounts for [The Committee has considered the draft Annual report and Accounts for and has agreed to recommend that the Board approve these. In particular, it has reviewed and endorsed the annual governance statement and the statement on internal control in the Annual Report and Accounts.] TO CONFIRM ON 25 MAY External Audit Grant Thornton UK LLP s term of office came to an end after the Annual Accounts audit for The Audit Committee reviewed and agreed the Grant Thornton annual audit plan and other reports around their year-end audit. Their final meeting with the Audit Committee was on 3 December Mazars LLP has been appointed (for a period of two years) to undertake an audit of the Annual Accounts and will be their first year-end audit at the Trust. We reviewed the annual audit plan which was approved after discussion. 4

5 [We reviewed progress and final audit reports and management letters for ] No substantive matters were noted [although the external auditors have made a number of suggestions for improving controls]. We have discussed the differing treatment for of car leases, PFI building lifecycle costs and partially completed patient spells which has the effect of improving results for the year by some 7m in each case, the Trust is moving into line with other Trusts and the auditors consider this a reasonable approach, assuming we apply this consistently in future years. We have also challenged the level of balance sheet provisions at the year end and received assurances from both management and the external auditors that there has been no undue optimism or pessimism in estimates and judgements made. The Audit Committee has agreed that the External Audit of the Trust s Quality Account report will be presented to the Quality Assurance Committee. The Committee has reviewed the performance of the external auditors in and considers that the performance was acceptable. The Audit Commission was previously responsible for appointing our external auditors. Due to changes in legislation, the Trust will have the responsibility to appoint external auditors for the Trust for and future years and it was agreed that the Audit Committee would undertake the role of Auditor Panel to oversee the selection and appointment of external auditors and maintain an independent relationship with them. We have also agreed a working group to advise and support the Auditor Panel, comprising members of the Auditor Panel and senior finance team members. 1.3 Internal Audit The Committee has worked with the in-house Internal Audit (IA) team we reviewed and approved the Internal Audit strategy, annual plan and detailed programme of work. The IA plan embraces operational as well as financial and business areas and the Committee received a range of reports during the year regarding the Trust s clinical governance arrangements. All such reports are also shared with the relevant Board Committee. The Trust s own Internal Audit service has established a strategic partnership with Mersey Internal Audit Agency (MIAA) which is one of the largest NHS based Internal Audit services in the country. This has enabled the sharing of intelligence and has informed the design of Internal Audit s risk-based plans within the Trust going forward. The internal audit work was completed in line with the plan for , subject to any adjustments agreed by the Committee. A total of 40 Internal Audit reports were presented to the Audit Committee during these are assigned significance ratings from 1 to 4 (with 4 being the most significant and providing the lowest level of assurance). These ratings descriptors were reviewed and approved during the year. 5

6 During the year: No internal audit report received the lowest levels of assurance (4 ) classification which would indicate No Assurance. 10 internal audit reports (25%) were classified as 3 - indicating Limited Assurance. 19 internal audit reports (47%) received 2 (classified as Significant Assurance) and 10 internal audit reports (25%) received 1 (Full Assurance). 1 summary (3%) related to consultancy work and was unclassified. The ten reports which received 3 were: Overseas Visitors Private Patient Income Patient and visitor hotel accommodation Medical gases Radiology stores Car parking Registration Authority and Smartcards Referral to Treatment Local inductions Contract taxis The Committee reviews in detail the findings of all 3 reports and, in the coming year, management will be asked for a specific written response to internal audit reports. We will also ask responsible managers to attend the Audit Committee to review their intended actions to address 3 reports. The Committee has reviewed the performance of the internal auditors in and considers that this is satisfactory. 1.4 Follow up of internal and external audit recommendations Recommendations made by the external auditors are assigned similar significance ratings as Internal Audit reports. IA operates a system to monitor the implementation of agreed recommendations from both external and internal reports by management. This is reported to the Chief Executive every six months and is also monitored by the Audit Committee: The most recent report for indicated that in respect of the 113 outstanding recommendations, 73 (65%) of agreed recommendations have been implemented within the agreed dates. This is the same proportion as the summer 2015 position and an improvement on the previous year s position (54%). Of those recommendations not yet implemented, some 22 (19%) were due to be implemented within one to three months and 17 (15%) would take longer than 3 months. The remaining recommendation was no longer appropriate. 6

7 The Committee recognises some progress made in this area but we need to be better and we expect to see much further improvement in the coming year. In the coming year, we will review all high priority recommendations not implemented by the due date and require management to attend the Committee to explain their intended action plan. 1.5 Counter Fraud The Trust takes the prevention and detection of fraud very seriously and has Local Counter Fraud Specialists ( LCFS ) within its Internal Audit team. Each year, the Audit Committee receives and considers the annual Counter Fraud plan, regular progress reports and updates and the annual Counter Fraud report. The LCFSs were invited to attend the Audit Committee meeting on 17 September 2015 to give a presentation on Fraud Risk Areas which was followed by useful discussion on fraud prevention within the Trust. At the same meeting the Committee also approved an amendment to the Anti-Fraud, Bribery and Corruption Policy 1.6 Risk management During the year, the Committee continued to review the development of the risk management approach across the Trust. We reviewed the Risk Register and the developing Business Assurance Framework on a number of occasions and suggested changes and considerations for the executive team to consider. Julian Hartley attended the Committee to participate in these discussions. We also had a discussion on the approach to developing our approach to risk appetite across the Trust. 1.7 Strategic Risk Deep Dives During the year the Audit Committee identified significant strategic risks and invited management to give presentations and discuss the issues involved. During the Audit Committee considered: Nurse staffing the progress made over the past two years and the current challenges and risk mitigations in place. Southern Healthcare how the Trust has identified any lessons we can learn (the Quality Assurance Committee is responsible for oversight of mortality in the Trust). Whistle blowing processes and procedures across the Trust. Data quality and data governance. Losses and compensations paid by the Trust. Ensuring invoicing and payments received from overseas and private patients. Standards and Business Conduct ensuring all appropriate staff disclose interests, gifts, hospitality and sponsorships. Procurement processes and spend mapping. Risk Registers, the framework of Assurance and the Board Assurance Framework. 7

8 Review of the processes of Clinical Audit (detailed reviews of Clinical Audit are the remit of the Quality Assurance Committee). Cyber risks facing the Trust. We return to a number of these topics regularly and in the coming year, we will initially focus on procurement and cyber security. We will be keeping a careful watch on nurse staffing alongside the Board as a whole. 1.8 Assurance from Other Committees The Audit Committee s Terms of Reference (s.3.20) call on it to receive an annual letter of assurance, and other reports from time to time as required by applicable laws and regulations, from the Chairs of the Board s Committees to the effect that they have disclosed to the Committee and to the external auditor all significant deficiencies and material weaknesses in the design or operation of internal controls.. In line with its Terms of Reference, the Audit Committee invited all of the other assurance committees to provide their Annual Reports for and their Chairs to attend its meeting on 6 April to discuss these. Reports were received from: Finance & Performance Committee Carl Chambers Quality Assurance Committee Bill Kirkup Research, Education & Training Committee Yvette Oade Risk Management Committee Julian Hartley There was a helpful discussion around the topics chosen for deep dive reviews across Committees and the interaction between the Audit Committee and other Committees of the board. In addition, the Trust Chair holds regular meetings of the Chairs of all Trust Board Committees to discuss governance arrangements and their implementation and efficiency. 1.9 Assurance provided to External Audit In March 2016 Mazars contacted the Chair of the Audit Committee, as part of their normal year-end procedures, to ask those charged with governance (i.e. the Audit Committee) about the arrangements put in place to prevent and detect fraud; and to comply with applicable law and regulations. The response provided by the Chair to Mazars can be found at Appendix 1. CONCLUSIONS The Audit Committee confirms that it has fulfilled its role of providing assurance to the Board. As described above, the Audit Committee has received assurance through the course of the year from management, other assurance committees, the risk 8

9 management processes and progress reports from counter fraud, external and internal audit. This is further supported by the receipt of Annual Reports, including the Annual Governance Statement, the Head of Internal Audit Opinion Statement and the External Auditor s report on the Annual Accounts and the Quality Report. Based on this, the Committee is satisfied that the Trust s system of internal control, risk management and governance arrangements are adequate and satisfactory. We endorse the Annual Governance Statement and commend (tbc at 25 May 2016 meeting) the Annual report and Accounts for to the Board for approval (26 May 2016 meeting). Caroline Johnstone, Chair of the Audit Committee 17 May

10 - Appendix 1 Suresh Patel Director Mazars LLP Tower Bridge House St Katharine's Way London E1W 1DD Tel: Enquiries to: Caroline Johnstone Our Ref: CJ/DG/FK Date: 15 April 2016 Dear Suresh Re Request for Information With reference to your letter dated 15 March 2016, I am writing to provide you with the information you have requested on the specific topics set out in your latter. I am doing this in my capacity as Chair of the Leeds Teaching Hospitals NHS Trust Audit Committee which, for your purposes, may be considered part of those charged with governance at Leeds Teaching Hospitals NHS Trust. Much of the information contained within this letter will also be available to you as a regular attendee at Audit Committee s meetings. In particular, at the Audit Committee meeting on 5 May, we will discuss the annual Head of Internal Audit s Opinion Statement and the Chief Executive s draft Annual Governance Statement (AGS) for 2015/16. Prevention and detection of fraud and error The Trust s framework of governance gives prominence to the prevention and detection of fraud and the responsibilities of managers and staff in ensuring that risks are managed and suspicions reported. The Trust has specific policies covering the prevention and detection of fraud and error and whistleblowing. These plus other material are brought to the attention of all staff through dedicated intranet pages, screensavers, staff bulletins, payslip attachments and staff roadshow events. Supporting these measures is a published statement by our Chief Executive making it clear that we have a zero tolerance to instances of fraud. All of these measures are supported by our team of fully trained Local Counter Fraud Specialists (LCFSs) who work within our Internal Audit section and incorporate fraud risk assessments into their planned system reviews. This latter measure includes regular reviews of all key financial systems. The LCFSs attend meetings of the Audit Committee on an annual basis to discuss their work and current fraud risks. The Audit Committee receives regular updates on their activities. Internal Audit liaises closely with NHS Protect, the national Counter Fraud service, and the Head of Internal Audit chairs the national Counter Fraud Managers Group. 10

11 - Appendix 1 The findings of all audit reviews and investigations, with recommended actions, are reported to the Director of Finance and in summary to the Chief Executive. The Audit Committee receives regular reports and assurance that agreed actions have been implemented. While no control environment can be considered risk free I do believe that we take a wide range of measures to minimise the risk that of material misstatement arising from fraud or error. I am not aware of any specific events in this area at this time. Maintenance of internal control Complementing the points noted above, there is an overall control environment which encompasses policies in the shape of Standing Financial Instructions and Standing Orders, including a Scheme of Delegated Authority, and a framework of Board committees to scrutinise all aspects of performance. These include an Audit Committee and a Finance and Performance Committee, both of which are chaired by professionally qualified Non-Executive Directors. These committees scrutinise and challenge performance and receive regular reports on variances, policy breaches and assurance framework risks. I am assured through my role on the Audit Committee, membership of the Finance & performance Committee and meetings with the Director of Finance that there is a strong and independent Internal Audit function within the Trust and an equally strong team of senior finance professionals who manage transaction processing and reporting functions which themselves are designed to highlight exceptions. Regular budgetary reporting and reconciliations of key financial feeder systems are undertaken. These all combine to reduce the potential for significant errors or control breaches to go undetected. I am not aware of any significant breaches of internal control in 2015/16 that could materially impact the Trust s financial statements. Compliance with law and regulations The Trust s framework of governance, control and assurance is designed to ensure the Trust remains compliant with laws and regulations across every aspect of its business and that Directors become immediately aware of any suspected breach. We are of course subject to statutory regulation and inspection by very many bodies covering many aspects of what we do. These range from the Care Quality Commission to HM Revenue and Customs. There are numerous professional regulatory bodies to whom we are accountable and all of our professionally qualified staff, regardless of discipline, are personally accountable to their own professional bodies who themselves can take disciplinary measures. I am not aware of any significant non-compliance during 2015/16. Going concern There has been a preliminary assessment of the going concern assumption within the Finance senior team which was raised briefly at the Audit Committee meeting in December 2015 when our Accounting Policies for the year were considered. 11

12 - Appendix 1 There will be a formal paper prepared for Directors consideration as part of the year end accounts preparation and approval procedure when the reasons for considering that the going concern concept should apply will be put forward as a recommendation. The assumption of going concern is built on the fact that despite two years of planned deficits we have delivered outturn results in line with our plans. We have received revenue support from our regulator and been in a position to meet all of our cash obligations. From 1 April 2016 we are projecting a return to break even with no planned working capital borrowing. In the event that we do find revenue support necessary there are well defined and publicised mechanisms within the NHS financial framework for securing this. As you will be aware the Department of Health puts emphasis on continuity of service when considering going concern and there is no reason to believe that the services provided by the Trust are at risk. Our Annual Accounts and Annual Report will contain a declaration of going concern and explanation of why it is considered appropriate. I hope that the information provided in this letter meets with your needs and is of assistance to you in undertaking your annual audit. If you require any further information please contact me again. Yours sincerely Caroline Johnstone CAROLINE JOHNSTONE Non-Executive Director and Chair of the Audit Committee 12

13 - Appendix 2 Dates Agenda Item 0 Private Discussions The Leeds Teaching Hospitals NHS Trust Audit Committee Workplan and Calendar of Key Events Work Plan May 25 May A/Cs 24 Aug 1 Dec 8 Mar 0.1 External Audit 0.1 Internal Audit 1. Standing Items 1.1 Welcome and Introductions; Apologies for Absence; and Declarations of Interest Annual Statement of Independence 1.2 Patient and Clinical Focus: Deputy Chief Medical Officer - Quality and Director of Quality 1.3 Approval of Minutes of the Previous Meeting 1.4 Matters Arising and review of Action Tracker 1.4 Items from other Board Committees 2. Briefings 2.1 Chair of the Audit Committee 2.2 Director of Finance 3. Risk and Governance 3. Strategic Risk Area(s) 4. External Audit, Internal Audit and Anti-Fraud 4.1 External Audit 4. Progress Report and Briefing 4. Annual Plan and Fee Proposals 4. Interim Accounts Audit Report Final Accounts Audit Report (ISA 260) Annual Audit Letter Assessment of External Audit Performance 4.2 Internal Audit 4. Internal Audit Progress Report 4. Internal Audit Strategic and Annual Plans 4. Implementation of Audit Recommendations 4. Internal Audit Annual Report and HoIA Opinion Statement

14 - Appendix 2 Work Plan Dates 5 May 25 May 24 Aug 1 Dec 8 Mar Agenda Item A/Cs 4. Assessment of Internal Audit Performance 4. Review Two Capital Progress Annually 4.3 Counter Fraud 4. Counter Fraud Progress Report 4. Counter Fraud Annual Workplan 4. Counter Fraud Annual Report 5. Corporate Governance Reports 5. Audit Committee Annual Report 5. Corporate Risk Management Board Assurance Framework (Twice per year) Assurance on Corporate Risk Register 5. Annual Governance Statement (AGS) CE 5. Review of Draft Accounting Policies 5. Review of Draft Annual Report & Quality Account Update on process/ timescales / assurance 5. Final review of Annual Accounts and Financial Statements and Annual Report 5. Whistle-blowing Annual Review 5. Implementation of the Code of Business Conduct 5. Review of Policies 6. Matters for the Audit Committee 6. Annual Declaration of Independence by Audit Committee Members (Non-Executive Directors) 6. Review Audit Committee Terms of Reference 6. Standing Orders and Standing Financial Instructions and Annual Review 6. Losses & Compensations Report 6. Update on Debt Recovery: Overseas &PP 6. Single Tender Actions 6. Record of Use of the Seal 6. Report on Standards for Business Conduct Verbal Update each meeting 6. Annual Assurance on Clinical Audit Processes 6. Overview of Other Assurance Committees (NB Annual Reports and chairs covering letters) 6. Assessment of Audit Committee s Effectiveness 14

15 Dates Agenda Item (Incl. Impact Assessment) Self-assessment Work Plan External Audit assessment / benchmarking 6. Audit Committee Work Plan and Calendar of Key Events 7. Final Items Agenda Item 10.3(i) - Appendix 2 5 May 25 May A/Cs 24 Aug 1 Dec 8 Mar 7.1 Any other business 7.2 Matters to be drawn to the Board's attention by the Chair of the Audit Committee 7.3 Date of next meeting Other Issues Appointment of the External Auditors Reported Will need To report recommendation to 5 May specific to Trust Board by 31 Dec Establish Working Group to Support the Audit Cttee meetings 2016 hence by 24 Auditor Panel November