Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

Similar documents
NLG(18)319. DATE OF MEETING 28 th August Trust Board of Directors Public REPORT FOR. Marcus Hassall, Director of Finance REPORT FROM

United Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation

ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY

Audit Committee Annual Report. Report of the work of the Audit Committee during 2014/15

Meeting of the Board of Dire 2010 in the boardroom. Audit committee annual report April March 2017

Annual Audit Letter. The Whittington Hospital NHS Trust Audit

Annual Audit Letter. Sheffield Teaching Hospitals NHS Foundation Trust. Year ending 31 March 2018

Surrey and Sussex Healthcare NHS Trust

Equality & Diversity- EDS2 Action Plan 2016/2017

JOB DESCRIPTION FACILITIES MANAGER

Report Title: Trust Board Assurance Committees, Quality Assurance Framework and Assurance Mapping

Information Governance Policy

Risk Management and Assurance Strategy

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST STRENGTHENING GOVERNANCE ARRANGEMENTS. Report to the Trust Board 24 May 2016

Policy:E7. Escalation Policy N/A. Appended below at Appendix B. Version: E7/01

Board Assurance and Escalation Framework

The Annual Audit Letter for Devon Partnership NHS Trust

Job Description. Operations Manager. Scheduled Care. Band 8A. Centre Manager. Centre Manager

SHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT BOARD OF DIRECTORS ON 22 MAY 2018

Information Governance Strategy and Management Framework

INDUCTION POLICY AND PROCEDURE

Standard RED Amber Green Blue. Workforce planning and analysis to meet needs of. particular risk of harm

RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE

Appendix 1 Detailed Internal Audit Strategic Planning Process

Information Governance Strategic Management Framework

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY MEETING ORGANISATIONAL DEVELOPMENT FRAMEWORK UPDATE 2018/2019

INFORMATION GOVERNANCE STRATEGY. Documentation control

Gloucestershire Hospitals NHS Foundation Trust

Customer Support Group (CSG) Invoicing and Monitoring Arrangements. April 2016

Information Governance Management Framework Version 6 December 2017

West Kent Clinical Commissioning Group

Meeting Date 15 March 2018 Agenda Item 2b

Principal Objectives Delivery Plan 2012/13 APPENDIX A

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

THE ROYAL MARSDEN WELCOME AND ONBOARDING POLICY AND PROCEDURE

NHS Grampian (NHSG) Minute of the Audit Committee Meeting Tuesday 12 th December 2017, Seminar Room, Summerfield House

Board Assurance And Escalation Framework

Role Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities

Trust Board Meeting 04 May 2017

RISK MANAGEMENT STRATEGY

Audit Committee Annual Report. Director of Corporate Governance. Stage 1 only (no negative impacts identified)

Report on the Quality Account 2015/16

Workforce Race Equality Standard

Identifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk

Quality Impact Assessment Procedure. July 2012

Annual Audit Letter. South Central Ambulance Service NHS Trust Audit 2008/09 September 2009

Privacy Impact Assessment Policy and Procedure

Response to Hard Truths - Action Plan Update Quarter 4 (March 26 th 2014)

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Staff Training and Development Procedure

External Communications Strategy Summary

CORPORATE MANAGEMENT PLAN

Premises Assurance Model Annual Report

INTERNAL AUDIT PLAN AND CHARTER 2018/19

Report to the Board of Directors. Annual Self-Certifications Statements for South Tyneside NHS Foundation Trust

BOARD ASSURANCE FRAMEWORK

Executive Director of Workforce and Organisational Development. Workforce Projects Manager. Date ratified January Implementation Date

BOARD OF DIRECTORS TERMS OF REFERENCE OF SUB-COMMITTEES

CQC Strategic and High level Risk Register v /5/18

Item 9 Appendix 1. Introduction

MANDATORY AND STATUTORY TRAINING AND CORPORATE INDUCTION

Meeting Date 15 March 2018 Agenda Item 2d

INFORMATION GOVERNANCE STRATEGY

Risk Management Strategy Review. Deloitte recommendations and Implementation Plan

RISK MANAGEMENT STRATEGY

TRUST GOVERNANCE POLICY (formerly referenced as the CMFT Governance Strategy) - UPDATED NOVEMBER

Customer Transformation Programme: Phases 2-4. Interim Chief Operating Officer. Summary

Northern Ireland Social Care Council

City Auditor s Office 2017/18 Annual Audit Plan

2 Year Operating Plan Summary

Joint Report of PCC s Chief Finance Officer and Chief Constable s Director of Resources. Joint Audit Committee s Draft Annual Report for 2013/14

1. The NHS Health Scotland Board has established a Committee to be known as the Audit Committee.

Abertawe Bro Morgannwg University Health Board HEAD OF INTERNAL AUDIT OPINION & ANNUAL REPORT 2016/17. May NHS Wales Shared Services Partnership

Board Governance Statements for Self Certification

WELSH AMBULANCE SERVICES NHS TRUST

NHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17

Well Led Governance Review

MRS Handbook: Recruiter Accreditation Scheme

Writing a business case

APPENDIX 3 LOCAL CODE OF GOVERNANCE

Dudley & Walsall Mental Health Partnership NHS Trust Board

Scheme of Delegation The Brunts Academy

REPORT ON THE DISCHARGE OF STATUTORY FUNCTIONS FOR THE PERIOD 01/04/08 31/03/09

The Annual Audit Letter for Avon and Wiltshire Mental Health Partnership NHS Trust

JOB DESCRIPTION: DIRECTORATE MANAGER LEVEL 3. Job Description. Directorate Manager Level 3 Emergency Medicine Directorate

TO THE POLICE AND CRIME COMMISSIONER FOR MERSEYSIDE AND THE CHIEF CONSTABLE OF MERSEYSIDE JOINT AUDIT COMMITTEE ANNUAL REPORT

Supporting all NHS Trusts to achieve NHS Foundation Trust status by April 2014

Our Workforce Strategy. April 2017 March 2019

BUSINESS PLAN

NORTHERN IRELAND SOCIAL CARE COUNCIL BUSINESS PLAN 2016/17

NHS SHEFFIELD CLINICAL COMMISSIONING GROUP CONSTITUTION

Information Governance Policy

HUMAN RESOURCES POLICY Draft 3

NOT PROTECTIVELY MARKED. This paper is presented in line with the internal audit contract with Scottish Police Authority

Training and Development Policy

Audit Committee, 20 March Internal Audit Report Stakeholder Communications. Executive summary and recommendations.

COMMUNICATIONS STRATEGY

Risk Management Strategy, Policy and Guidance

Interim Audit Letter (Hywel Dda NHS Trust and Carmarthenshire, Pembrokeshire and Ceredigion Local Health Boards) Hywel Dda Local Health Board

TIAN Mandatory Training Benchmarking Review

Transcription:

Draft Internal Audit Plan 2012/13 (September 2012)

Contents 1. Introduction 2. Risk Assessment 3. Internal Audit Plan Appendix A: 3 Year Indicative Plan 1

1. Introduction MIAA s approach to planning focuses on covering the business critical systems over a rolling programme and ensuring delivery of a clear risk based approach. This plan and the completion of the assignments programmed within it will form the basis for delivery of the Director of Audit Opinion on the effectiveness of the system of internal control at the organisation in 2012/13. As an NHS preferred provider of internal audit and advisory services in the North West, our strategy is built upon quality and value. A fundamental aspect of our approach is to provide a cost-effective service that harnesses the benefits of scale to provide a highly skilled, flexible and responsive solution whilst remaining part of the NHS and ensuring NHS expertise. The achievement of value for money is an underpinning focus of our service across the range of assurances we provide to you. 2 Risk Assessment Internal Auditors must establish risk based plans to determine the priorities of internal audit activity, consistent with the organisation s goals (NHS Internal Audit Standards, 2010). MIAA s approach ensures a risk based approach that includes consideration of local risks, mandated audit assurance and contribution to supporting you in achieving your strategic objectives. Our audit plans are based on a risk assessment approach centred around discussions with senior staff and Non Executive Directors and linked to the organisation s Assurance Framework. The Internal Audit Plan is structured to meet the NHS Internal Audit requirements and provide the Director of Audit s Opinion which subsequently contributes to the Board s completion of the Annual Governance Statement (AGS). Local Risk Assessment An overview of the Risk Assessment to support the 2012/13 Internal Audit Plan is provided in the diagram overleaf. 2

Key strategic risks identified within the organisation s Assurance Framework are the failure to Sufficiently diversify and attract new income Achieve widespread change in clinical practice Achieve changes in how finance is allocated React to potential adverse impact of changes in national policies and commissioner restructuring Lead the local health economy to put the patient first Meet Monitor Compliance Framework and all other regulatory requirements Deliver patient safety, quality, productivity and efficiencies Release value from the estate 3

3 Internal Audit Plan The Audit Plan has been developed in accordance with Department of Health guidance, particularly the Operating Framework and the Next Steps review. This guidance acknowledges the wider control framework while ensuring financial control remains subject to appropriate coverage. In accordance with the requirements of the Audit Committee Handbook the plan aims to cover the two key roles of internal audit: The Provision of an independent and objective opinion to the Accountable Officer, the Board, and the on the degree to which risk management, control and governance support the achievement of the organisations agreed objectives. The provision of an independent and objective consultancy service specifically to help line management improve the organisation s risk management, control and governance arrangements. The content of our variant plan included in our tender submission has been revised following further risk assessment and discussions with Trust staff. We will conduct our audits in accordance with the mandatory standards and good practice guidance contained within the NHS Internal Audit Standards adopting MIAA s Quality System Documentation. 3.1 Proposed Internal Audit Plan Coverage The following sets out the proposed Internal Audit Plan for 2012/13. A detailed indicative 3 year plan is provided in Appendix A. 4

Director of Audit Opinion Internal Audit Plan 2012/13 Organisation Objectives 1. Safety, quality and the patient experience 2. Efficiency and business control 3. Development and diversification of services and models of care 4. Partnership working 5. The value of the Airedale brand 6. A workforce to deliver the service strategy Annual Governance Statement Critical Business Systems Internal Audit Assurance Financial Systems Core Financial Systems Locality /Departmental Reviews QIPP, Efficiency and Cost Improvement Contract Management IM&T IG Toolkit Project Assurance (Patient Administration System) Performance Data Quality PbR Readmissions Clinical Quality Care Quality Commission Clinical Audit Patient Experience Telemedicine - Clinical Governance Workforce HR and Payroll Governance, Risk & Legality Assurance Framework Risk Management Governance Arrangements 5

MIAA can also provide assurance / support in the following areas and the organisations may wish to consider on an ongoing basis throughout the year: Council of Governors, Membership Arrangements and Service User, Public Involvement To support the Trust through facilitating a review of the current arrangements in place in respect of Governors, Members and other Service User/ Public involvement. Self-Certification and regulatory reporting An assessment of the use of knowledge to obtain Trust wide assurances when producing regulatory reports. Penetration Testing Business focused penetration testing and vulnerability assessment services Information Security To review the requirements to deliver policy and procedure, train and management staff and implementing technical solutions in order to achieve practical yet robust security within the organization Risk Management Training and Support Delivery of Risk Management training at Board level and support to Divisions in respect of Assurance Framework development. Information Governance Training Provision of Information Governance refresher training. Sustainability: Carbon Footprint To provide assurance on the accuracy of the reporting of information. Following agreement to the plan a schedule of the timing for the audit reviews will be provided in the Internal Audit Progress Report. Liaison with your External Auditors will take place to ensure maximum benefit is derived from your total audit resource. 6

3.2 Fees The fees quoted within this plan are based upon the skill mix required to deliver the proposed coverage. Any input required in addition to the plan in respect of special investigations or departmental reviews will be charged in accordance with the skill mix required to deliver the work. All costs associated with such work will be agreed with the Director of Finance prior to commencement. 2012/13 ( ) Core Audit Plan 63,270 TOTAL 63,270 7

3.3 Audit Team In the delivery of our range of services we maintain a balance between having consistency in the staff working on your contract whilst introducing new staff with experience of working in other organisations. We have found this to be a very effective method of operating which has enabled our staff to develop familiarity and experience of your financial systems and the specific issues you face and has provided your staff with recognised points of contact with whom they can discuss audit issues. MIAA have developed robust management arrangements for the delivery of services as follows: 8

Appendix A: 3 Year Indicative Plan The following table provides an overview of the three year indicative plan. This will be subject to risk assessment each year. CORE AUDIT PLAN OUTPUTS 2012/13 2013/14 2014/15 FINANCIAL SYSTEMS Core Financial Systems Assurance will be provided in respect of key controls within the main financial systems. The scope of the review will be restricted to the key controls supplemented with analytical review and surveys. The systems incorporated in the review will include the following as appropriate:: Financial Reporting Financial Ledger Accounts Payable Accounts Receivable (income) Treasury Management Asset Management Stores Budgetary Control Locality/Departmental Reviews As part of a rolling programme of reviews across the FT, a cross system audit will be conducted. The overall objective is to review controls and systems in place at a local level and coverage will be considered on a risk based approach across all locations: activity recording clinical quality general and IT security, financial procedures, workforce, patients property, productive ward procedures, bank and agency staff requirement, and risk management Financial Systems Review The financial systems will be risk assessed on an annual basis and a specific systems identified for more detailed annual review QIPP, Efficiency and Cost Improvement (the scope of the review will consider previous internal audit work undertaken on the Trust s Cost Improvement Programme). Specific considerations for future years would be: Analytical review to identify duplicate payments Tenders and waivers Procurement Contract Management Assurance regarding the mechanisms established to support contract management with key commissioners including capture and Appendix - A 1

CORE AUDIT PLAN OUTPUTS 2012/13 2013/14 2014/15 reporting of activity. IM&T Information Governance Following the nationally mandated audit approach, developed by MIAA, we will consider the organisation s structures for delivering IG, the validity of scores recorded within the IG Toolkit and any resultant risk exposures. In addition, through discussions with senior managers, review of IG returns and review of the assurance framework and local risk registers we will target further work at key areas of risk. Project Assurance (Patient Administration System The objective will be to ensure that the Trust is applying a sound project management process to deliver the intended aims to quality, Specific considerations for future years would be:- Network Infrastructure Application Systems controls IT Asset Management IT Service Continuity Information risk assessment and management IT Service Governance & Management Data security System deployment End user computing (spreadsheets & databases) PERFORMANCE Data Quality To evaluate the systems and processes in place to ensure that Trust data reported is subject to adequate and appropriate validation procedures prior to being released and reported externally. PbR Readmissions To provide assurance that the Trust s readmission rates are calculated on a reasonable and transparent basis. Activity/Waiting List Management Review of the management framework in relation to the achievement of specified key activity and waiting time targets. A target would be selected and reviews would be performed on a cyclical basis subject to the FT s risk assessment. QUALITY Care Quality Commission Compliance with Regulations Following your registration we will work with you to review the systems and processes you have established relating to the new regulations including; ensuring consistency across the organisation, implementation of improvement / action plans and also the provision of pragmatic ongoing assurance from Ward to Board. Clinical Audit To provide an opinion on the robustness of the clinical audit system and the extent to which it is embedded in order that assurances can be confidently gained from its focus and outputs. Appendix - A 2

CORE AUDIT PLAN OUTPUTS 2012/13 2013/14 2014/15 Patient Experience To provide an assessment and developmental action plan regarding the mechanisms in place to ensure that patients receive as positive an experience as possible (reflective of the orientation of wider regulatory requirements). Telemedicine Clinical Governance - To review the clinical governance processes around the Trust s telemedicine systems. Safeguarding To provide an opinion on the systems in place at the Trust for Safeguarding Children and the Protection of Vulnerable Adults using Outcome measures from CQC Outcome 7 (Safeguarding people who use the service from abuse). CQuIN To provide assurance over the systems established for the capturing of information and monitoring of targets in relation to the expanded CQuINs. WORKFORCE Payroll / Human Resources (ESR) MIAA will provide an opinion as to the robustness of controls within the ESR system to ensure validity, accuracy, and timeliness of payments to employees. Workforce Systems Reviews The workforce systems will be risk assessed on an annual basis and a specific system identified for more detailed annual review. Specific considerations would be: Recruitment Processes Statutory and Mandatory Training Bank, Agency and Locum Staffing Vacancy Management Attendance Management Professional Registrations Consultants Contracts GOVERNANCE, RISK & LEGALITY Assurance Framework Opinion An annual opinion will be provided on the method by which the organisation produces, refreshes, manages and monitors Assurance Framework. Ensuring risks identified through the Annual Plan are reflected accurately within the Assurance Framework and are a key focus for the Board. Governance Arrangements A review of the Trust s recently revised governance structures focusing on the newly created Clinical Speciality Assurance Committee. Risk Management Arrangements Risk Management Strategy A review to provide assurance that the Trust s risk management arrangements are operating in accordance with the Risk Management Strategy. Appendix - A 3

CORE AUDIT PLAN OUTPUTS 2012/13 2013/14 2014/15 Specific considerations for future years would be: Risk Maturity Organisational risk maturity levels can range from risk enabled to risk naïve. The review will seek to assess the Trust s current level of maturity in order to inform our audit strategy and approach. Risk Management Committee contribution and attendance at the Trust s Risk Management Committee (or equivalent). Incident Management and Reporting - An opinion would be provided on the systems and processes applied for managing and reporting incidents (including SUIs). Complaints Management - To ensure compliance with the Complaints procedure and Department of Health guidance, an opinion would be provided on the systems and processes applied for managing complaints, taking into account the changes to national requirements. Emergency Preparedness To review and evaluate the arrangements in place in relation to emergency planning. The review will look specifically at the robustness of such plans, and the degree to which they have been tested. FOLLOW UP & CONTINGENCY Follow-up - will be conducted throughout the year to provide the Audit Committee with assurance regarding management s implementation of agreed actions. Contingency This element of the plan allows the flexibility to respond to management requests in order to meet specific client needs during the course of the financial year. AUDIT COMMITTEE, PLANNING & MANAGEMENT In providing an internal audit service an allocation of time is required for the management of the contract: Planning liaison and management - Incorporating preparation and attendance at ; completion of risk assessment and planning; liaison with the client and organisation of the audit reviews. Reporting and meetings - Key reports will be provided to support this, such as the Director of Audit Opinion and Annual Report, Annual Plan and Interim Update Reports. Appendix - A 4

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback