NHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015
|
|
- Nancy Brooks
- 8 years ago
- Views:
Transcription
1 Internal Audit Annual Report 2014/15 May 2015
2 Internal Audit Annual Report INTRODUCTION This is the 2014/15 Annual Report by TIAA on the internal control environment at Dorset Clinical Commissioning Group. The annual internal audit report summarises the outcomes of the reviews we have carried out on the organisation s framework of governance, risk management and control. The Head of Internal Audit s annual opinion is designed to assist the Accountable Officer and the Governing Body in making their annual governance statement on internal controls assurance. SUMMARY HEAD OF INTERNAL AUDIT S ANNUAL OPINION I am satisfied that sufficient internal audit work has been undertaken to allow me to draw a reasonable conclusion as to the adequacy and effectiveness of Dorset Clinical Commissioning Group s internal control processes. In my opinion, I can give reasonable assurance that Dorset Clinical Commissioning Group has adequate and effective management, internal control processes to manage the achievement of its objectives. (Detailed Opinion statement is at Annex A) INTERNAL AUDIT PLANNED COVERAGE AND OUTPUT The 2014/15 Annual Audit Plan approved by the Audit and Quality Committee was for 210 days of internal audit coverage in the year. All the planned work has been carried out and the reports have been issued (Annex B). There was no work carried out which was in addition to the work set out in the Annual Audit Plan. OPERATIONAL ASSURANCE A number of factors have been considered as the contextual setting for our Head of Audit Opinion including: The Clinical Commissioning Group had an original planned surplus of 12,610k, which had been revised to 14,832k, as reported as being achieved in the draft accounts. This had arisen due to 2,222k returned to the Clinical Commissioning Group by NHS England under the risk pool for legacy continuing healthcare payments. TIAA carried out 16 assurance reviews, which were designed to ascertain the extent to which the internal controls in the system are adequate to ensure that activities and procedures are operating to achieve Dorset Clinical Commissioning Group s objectives. For each assurance review an assessment of the combined effectiveness of the controls in mitigating the key control risks was provided. Details of these are provided in Annex C and a summary is set out below. Assurance Assessments Number of Reviews Substantial Assurance 3 Reasonable Assurance 9 Limited Assurance 4 No Assurance 0 The areas on which the assurance assessments have been provided can only provide reasonable and not absolute assurance against misstatement or loss and their effectiveness is reduced if the internal audit recommendations made during the year have not been fully implemented. Page 2
3 We made the following total number of recommendations on our audit work carried out in 2014/15. The number in brackets refers to the number of these recommendations which had not been cleared by the year end. Urgent Important Routine 10(3) 44(19) 28(15) Control weaknesses: There were four areas reviewed by internal audit where it was assessed that the effectiveness of some of the internal control arrangements provided limited' assurance. Recommendations were made to further strengthen the control environment in these areas and the management responses indicated that the recommendations had been accepted. Follow up audit work has shown that progress is being made to implement the agreed actions. AUDIT SUMMARY Direction of Travel: This was the first year that we have analysed our findings/recommendations by risk area and these are summarised below. Urgent Important Routine Urgent Important Routine Operational Effectiveness Opportunities: One of the roles of internal audit is to add value and during the financial year we provided advice on opportunities to enhance the operational effectiveness of the areas reviewed and the number of these opportunities is summarised below. Operational 12 Urgent Important Routine Urgent Important Routine SIGNIFICANT ISSUES IDENTIFIED There were a number of issues identified during the course of our work in 2014/15 and these are summarised in Annex D. DESIGN & OPERATION OF ASSURANCE FRAMEWORK AND ASSOCIATED PROCESSES The Governing Body Assurance Framework was revised during the year to make it a more practical tool. It is a live document with better engagement from executives and it is updated monthly with links to evidence of positive assurance obtained. The strategic risks have been identified with their individual related corporate risks. A reasonable assurance opinion was provided on the audit work as some areas of improvement were noted, see Annex D. Page 3
4 RANGE OF INDIVIDUAL OPINIONS ARISING FROM RISK-BASED AUDITS IN THE YEAR Of the 16 reports issued during 2014/15, three were issued with a substantial assurance, nine with reasonable assurance and four with limited assurance opinions. See Annex C for further details. RELIANCE PLACED UPON THIRD PARTY ASSURANCES During the year I have liaised with the CCG s external auditors and Local Counter Fraud Specialist. We note that year end assurances have not yet been made available from the Shared Business System service auditors. INDEPENDENCE AND OBJECTIVITY OF INTERNAL AUDIT There were no limitations or restrictions placed on the internal audit service which impaired either the independence or objectivity of the service provided. PERFORMANCE AND QUALITY ASSURANCE The following Performance Targets were used to measure the performance of internal audit in delivering the Annual Plan. ADDED VALUE During the year TIAA has supported the CCG and its Audit and Quality Committee through the provision of regular updates, briefings, fraud alerts, networking opportunities, benchmarking reports and other technical digests. Our report formats and audit systems have continued to be enhanced in order to help clients focus on key issues arising. We have also invested in development of an online client portal, including action tracker, which will be made available from 2015/16. TIAA has been involved in the design phase of the Dorset Clinical Service Review project, providing timely input into governance arrangements, audit trails and reporting structures. RELEASE OF REPORT The table below sets out the history of this Annual Report. Date Report issued: 13 th May 2015 Performance Measure Target Attained Completion of Planned Audits 100% 100% Audits Completed in Time Allocation 100% 100% Final report issued within 10 working days of receipt of responses Compliance with Public Sector Internal Audit Standards 95% 100% 100% 100% Ongoing quality assurance work was carried out throughout the year and we continue to comply with ISO 9001 standards. An independent review was carried out and this confirmed our work was carried out in accordance with the IIA-UK Professional Standards. Page 4
5 Annexes Annex A Head of Internal Audit Opinion on the Effectiveness of the System of Internal Control for the Year Ended 31 March 2015 The purpose of my annual HoIA Opinion is to contribute to the assurances available to the Accountable Officer and the Governing Body which underpin the Governing Body s own assessment of the effectiveness of the organisation s system of internal control. This Opinion will in turn assist the Governing Body in the completion of its Annual Governance Statement. My opinion is set out as follows: 1. Overall opinion; 2. Basis for the opinion; and 3. Commentary. My overall opinion is that o Reasonable assurance can be given that there is a generally sound system of internal control, designed to meet the organisation s objectives, and that controls are generally being applied consistently. However, some weakness in the design and/or inconsistent application of controls, put the achievement of particular objectives at risk; The basis for forming my opinion is as follows: 1. An assessment of the design and operation of the underpinning Assurance Framework and supporting processes; and 2. An assessment of the range of individual opinions arising from risk-based audit assignments, contained within internal audit risk-based plans that have been reported throughout the year. This assessment has taken account of the relative materiality of these areas and management s progress in respect of addressing control weaknesses. Additional areas of work that may support the opinion will be determined locally but are not required for Department of Health purposes e.g. any reliance that is being placed upon Third Party Assurances. Page 5
6 Annex B Actual against planned Internal Audit Work 2014/15 System Type Planned Days Actual Days Comments Continuing Healthcare (Adults) Assurance Personal Healthcare (Adults) Assurance Governance Arrangements around the appointment and monitoring of the Facilities Contractor Assurance 5 5 IT Asset Hardware Management Assurance Contract Monitoring Provider Services Compliance Corporate Governance Arrangements Assurance Safeguarding Children Assurance Clinical Commissioning Programmes Assurance Financial Controls Compliance Information Governance Toolkit v12 Compliance Governance Arrangements around primary care Assurance Follow up audit on topics with limited assurance Assurance Assurance Framework and Risk Management Assurance 8 8 Organisational Development Assurance Contract Monitoring of the Commissioning Support Services Compliance Patient Transport Services Compliance Clinical Services Review Advisory Benchmarking Advisory 6 6 Audit & Quality Committee preparation and attendance N/A 8 8 Page 6
7 Attendance and preparation at the Quality Group, Information Governance Group and CSR Project Group N/A Annual Report, Annual Plan, Management of the plan N/A Follow up of progress on actions and liaison with other bodies N/A Page 7
8 Annex C Assurance Assessments 2014/15 System Substantial Assurance Reasonable Assurance Limited Assurance No Assurance Continuing Healthcare (Adults) Personal Healthcare (Adults) Assurance Review of the Governance Arrangements around the appointment and monitoring of the Facilities Contractor IT Asset Hardware Management Contract Monitoring Provider Services Corporate Governance Arrangements Safeguarding Children Clinical Commissioning Programmes Financial Controls Information Governance Toolkit v12 Governance Arrangements around primary care Follow up audit on topics with limited assurance Assurance Framework Organisational Development Contract Monitoring of the Commissioning Support Services Patient Transport Services Page 8
9 Significant Issues Identified during 2014/15 Annex D The findings of all audit reports issued to date from the Annual Plan, as well as progress against any outstanding at this time, have been reported to the Audit and Quality Committee through interim reports during the year. The key issues, or themes, that emerged from the internal audit work are set out below. Continuing Healthcare (Adults) Progress in implementing the Information Governance action plan had been slow; There were inconsistencies between processes in the CHC departments in the East and the West of the county even though standard procedures are in place; specifically the use of medical records logs; Procedures to confirm changes in the status of clients require strengthening; and CHC adverse incident reports were not being closed on a timely basis. Personal Health budgets (Adults) Contract arrangements with PHB providers and independent support agencies do not exist for PRO-Disability and Enham and could not be obtained at the time of the audit for the other three agencies; PHB care and financial reviews were not always carried out after the first three months; and Action was not always taken to rectify the situation where the PHB bank balance considerably exceeds the threshold of six weeks allocated PHB budget. Governance Arrangements around the appointment and monitoring of the Facilities Contractor The Facilities Contractor utilised his own Company to undertake work and Dorset CCG was not aware of the conflict of interest; Non-compliance with SFIs for quotes and reports to the Governing Body; Lack of documentation to support financial monitoring; Lack of clear documentation to support changes to the works specification; and Lack of documentation to support some key decisions Page 9
10 IT Hardware Asset Management IT Hardware Asset Management policy and procedures are to be developed; The CCG s IT hardware assets were not recorded on one IT hardware asset management system; There was no process to reconcile IT hardware asset purchases with the IT Hardware Asset Register; The Deane IT hardware asset list was incorrect; No sample check had been performed of IT hardware for GPs in the East of the County; A check be performed to confirm software agents installed on IT assets are connecting to the Snow asset system; The information currently recorded on the Snow system was insufficient; and The CCG s hard drive destruction record was not complete and accurate. Corporate Governance Arrangements (including conflicts of interest) Dorset CCG has made progress in embedding conflicts of interest processes. Some recommendations were made to enhance this process; Dorset CCG has published on its website a number of registers of interests covering in excess of 150 individuals. Audit testing did identify that the register for Paid GPs, CCP members and Other register was incomplete; In some cases, Locality Group meeting lunches or events had been sponsored by drug companies. This had not been made aware to the Governing Body Secretary; and During the period tested, Dorset CCG had awarded a total of 37 contracts without competition. Since the introduction of the enhanced authorisation processes, scrutiny and reporting of these contracts is being undertaken. Assurance Framework The Governing Body Assurance Framework focusses on sources of assurance rather than an assessment of the control an assurance and its impact on the delivery of strategic risk. A number of areas were identified where more evidence does exist but it had not been included; and Page 10
11 Work on mapping the remit of committees and groups and the completion of a template by each to confirm that they have scrutinised and agreed with the assurances detailed is being introduced. The ordering of the controls in the document to reflect the level of assurance provided will assist in understanding the impact of the assurances provided. Clinical Services Review Advisory work by TIAA to support the Dorset Clinical Services Review project. Specific advice around the governance arrangements and documentation of audit trails to support the products from the work-streams. Financial Controls Robust financial accounting processes were operating throughout the organisation; Month end routines were established for the production of reliable and timely formal reports to the Governing Body; and Local payroll controls were operating effectively for the areas tested. Information Governance Toolkit (v12) The CCG had provided sufficient evidence to support its self-assessed scores. Page 11
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationInterim Audit Report. Borough of Broxbourne Audit 2010/11
Interim Audit Report Borough of Broxbourne Audit 2010/11 The Audit Commission is an independent watchdog, driving economy, efficiency and effectiveness in local public services to deliver better outcomes
More informationAnnual Governance Statement 2013/14
31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money
More informationInternal Audit Strategic and Annual Plans 2015/16
Internal Audit Strategic and Annual Plans 2015/16 Financial Scrutiny and Audit Committee 10 February 2015 Agenda Item No 8 Summary: This report provides an overview of the stages followed prior to the
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More informationINTERNAL AUDIT CHARTER AND TERMS OF REFERENCE
INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE CHARTERED INSTITUTE OF INTERNAL AUDIT DEFINITION OF INTERNAL AUDIT Internal auditing is an independent, objective assurance and consulting activity designed
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More information2 Matters to report from internal audit work completed during the period
1 Introduction Appendix A 1.1 This report summarises the work undertaken during the nine months of the year to 31 December 2011 by the council's Internal Audit Service under the internal audit plan for
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationLONDON BOROUGH OF HARROW. Overview & Scrutiny Committee
LONDON BOROUGH OF HARROW Meeting: Overview & Scrutiny Committee Date: 27 April 2004 Subject: Internal Audit Plan 2004/05 Key Decision: Responsible Chief Officer: No Executive Director, Business Connections
More informationREVIEW OF THE FIREWALL ARRANGEMENTS
WEST DORSET DISTRICT COUNCIL REVIEW OF THE FIREWALL ARRANGEMENTS Report issued: December 2007 The matters raised in this report are only those, which came to the attention of the auditor during the course
More informationIT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS
NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor
More informationHead of Internal Audit:
Head of Internal : Opinion on the effectiveness of the system of Internal Control at Northern Devon Healthcare NHS Trust for the year ended 31 March 2010 Roles and responsibilities The whole Board of Directors
More informationInternal Audit Division
Internal Audit Division at the Financial Conduct Authority Information Pack April 2013 Contents of Information Pack A. Introduction B. Internal Audit Terms of Reference C. Organisation D. Skills and Competencies
More informationDacorum Borough Council Final Internal Audit Report
Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service
More informationInternal Audit Charter. Version 1 (7 November 2013)
Version 1 (7 November 2013) CONTENTS Details Page EXECUTIVE SUMMARY... 2 1. BACKGROUND... 3 10. PSIAS REQUIREMENTS... 3 12. DEFINITION OF THE CHIEF AUDIT EXECUTIVE (CAE)... 4 14. DEFINITION OF THE BOARD...
More informationAPPENDIX C. Internal Audit Report South Holland District Council Project Management
APPENDIX C Internal Audit Report South Holland District Council Project Management Date: 20th December 2012 Contents Introduction and Scope 1 Executive Summary Assurance Opinion Key Messages 2 3 Management
More informationHPSS Financial Management Standard
Statement of Standard HPSS Financial Management Standard The organisation has robust financial management systems and an effective system of internal control over the use of its financial resources. Overview
More information1.1 Terms of Reference Y P N Comments/Areas for Improvement
1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13
Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing Final Report FU16 12/13 09 October 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 2 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationCAMBRIDGE CITY COUNCIL
Agenda Item CAMBRIDGE CITY COUNCIL REPORT OF: Director of Business Transformation TO: Civic Affairs Committee 25 June 2014 WARDS: All INTERNAL AUDIT: REVIEW OF EFFECTIVENESS 2013 / 2014 1 INTRODUCTION
More informationThe Audit Findings for NHS Bristol Clinical Commissioning Group
The Audit Findings for NHS Bristol Clinical Commissioning Group Year ended 31 March 2015 21 May 2015 Barrie Morris Engagement Lead T 0117 305 7708 E Barrie.Morris@uk.gt.com Hannah Jones Audit Manager T
More informationStates of Jersey Comptroller & Auditor General
States of Jersey Comptroller & Auditor General Code of Audit Practice (Prepared under Article 18 of the Comptroller and Auditor General (Jersey) Law 2014) 28 November 2014 Foreword Independent external
More informationGovernance and Audit Committee 23 November 2015
Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on
More informationPerformance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08
Performance Detailed Report May 2008 Review of Performance Management Audit 2007/08 External audit is an essential element in the process of accountability for public money and makes an important contribution
More informationRisk Management Strategy
Risk Management Strategy Version: 8 Approved by: Quality and Governance Committee Date approved: 31 July 2014 Ratified by: Trust Board of Directors Date ratified: Name of originator/author: Head of Patient
More informationBest Value toolkit: Information management
Best Value toolkit: Information management Prepared by Audit Scotland July 2010 Contents Introduction 2 The Audit of Best Value 2 The Best Value toolkits 4 Using the toolkits 4 Auditors evaluations 5 Best
More informationInternal Audit Quality Assessment Framework
Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationFramework Agreement between the Department of Health and the NHS Trust Development Authority. Annex C: Finance and Accounting
Framework Agreement between the Department of Health and the NHS Trust Development Authority Annex C: Finance and Accounting 2014 1. The Framework Agreement sets out the governance and accountability arrangements
More informationType of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience
More information2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.
REPORT TO: SCRUTINY COMMITTEE 25 JUNE 2013 REPORT ON: REPORT BY: INTERNAL AUDIT REPORTS CHIEF INTERNAL AUDITOR REPORT NO: 280-2013 1.0 PURPOSE OF REPORT To submit to Members of the Scrutiny Committee a
More informationConsultancy spending approval process: Initial guidance to NHS foundation trusts
Annex One Consultancy spending approval process: Initial guidance to NHS foundation trusts Summary 1. Monitor, the NHS Trust Development Authority (TDA) and NHS England are jointly implementing an approval
More informationInformation Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More information7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers
Contents Page 1 Introduction 2 2 Objectives of the Strategy 2 3 Data Quality Standards 3 4 The National Indicator Set 3 5 Structure of this Strategy 3 5.1 Awareness 4 5.2 Definitions 4 5.3 Recording 4
More informationCorporate. Security Management Policy. Document Control Summary. Contents
Corporate Security Management Policy Document Control Summary Status: Version: Author/Title: Owner/Title: Approved by: Ratified: Related Trust Strategy and/or Strategic Aims Implementation Date: Review
More informationAudit Committee of the UK Statistics Authority. Terms of Reference - March 2010
Audit Committee of the UK Statistics Authority Terms of Reference - March 2010 1. Introduction 1.1 On 1 April 2008 the UK Statistics Authority formally assumed powers under the Statistics and Registration
More informationInternal Audit Plan 2015/16
(Including Strategic Plan 2014-2017) Contents Executive Summary 1. Internal Audit Plan Approach 1.1 Internal Audit Plan Requirements 1.2 Plan Methodology 2. Your Strategic Internal Audit Plan 2.1 Risk
More informationNorth West Surrey CCG - Head of Ambulance Contracts. Job Description
North West Surrey CCG - Head of Ambulance Contracts Job Description Job Title: Band: Responsible to: Responsible for: Accountable to: Head of Ambulance Contracts Band 8c Associate Director of Contracts
More informationInformation Governance and Risk Stratification: Advice and Options for CCGs and GPs
Information Governance and Risk Stratification: Advice and Options for CCGs and GPs 1 NHS England INFORMATION READER BOX Directorate Medical Operations Patients and Information Nursing Policy Commissioning
More informationAUDIT COMMITTEE 25 JUNE 2015
AUDIT COMMITTEE 25 JUNE 2015 AGENDA ITEM 13 Subject: ANNUAL INTERNAL AUDIT REPORT 2014/15 Report by: AUDIT AND INVESTIGATIONS MANAGER Enquiries contact: Ray Joy (01245 606424) Email ray.joy@chelmsford.gov.uk
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationStatement of responsibilities of auditors and audited bodies: Local authorities, NHS bodies and small authorities.
Statement of responsibilities of auditors and audited bodies: Local authorities, NHS bodies and small authorities. 1. This statement serves as the formal terms of engagement between appointed auditors
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationReview of DBS Data Retention Policy
Review of DBS Data Retention Policy October 2015 Contents Distribution of Report... 3 EXECUTIVE SUMMARY... 4 Key Observations and Recommendations... 4 DETAILED FINDINGS: DATA RETENTION POLICY REVIEW...
More informationSenate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University
SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee
More informationInternal Audit Annual Report 2011/12
1 Introduction 1.1 In accordance with the Code of Practice for Internal Audit in Local Government in the United Kingdom, the Internal Audit Annual Report 2011/12 for Cheshire East contains the following:
More informationBOROUGH OF POOLE JOB DESCRIPTION
BOROUGH OF POOLE JOB DESCRIPTION SERVICE UNIT: Culture and Community Learning JOB TITLE: REF No: GRADE: I JE REF No: MLOGI RESPONSIBLE TO: Museum and Arts Manager WORKING DAYS: 2 days (14.8 hours) a week
More informationVersion No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy
Version No: 2 Date: 27 July 2015 Data Quality Policy Assistant Chief Executive Planning & Performance Data Quality Policy Contents 1. Summary Statement 2. Context 3. Purpose 4. Scope 5. Detail of the policy
More informationDRAFT. Report to Governors on the Quality Report 2015/16. Royal United Hospitals Bath NHS Foundation Trust] Year ended 31 March 2016 16 May 2016
Report to Governors on the Quality Report 2015/16 This version of the report is a draft. Its contents and subject matter remain under review and its contents may change and be expanded as part of the finalisation
More informationSCRUTINY COMMITTEE ITEM 04 28 MARCH 2012
SCRUTINY COMMITTEE ITEM 04 28 MARCH 2012 INTERNAL AUDIT PLAN Report of the: Director of Finance Contact: John Turnbull or Gillian McTaggart Urgent Decision?(yes/no) No If yes, reason urgent decision required:
More informationSteve Turpie, Chair of Audit Committee David Swales, Assistant Director of Finance
PRESENTED BY: PREPARED BY: DATE PREPARED: 27 June 2013 1 Background 1.1 The Audit Committee of West Suffolk NHS Foundation Trust is established under Board delegation with approved Terms of Reference that
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationNHS COUNTER-FRAUD AND SECURITY MANAGEMENT
Restricted Appendix 17 Adult and Community Services County Hall, Colliton Park Dorchester Dorset DT1 1XJ Direct Line: 01305 22 Fax: 01305 224325 Minicom: 01305 267933 We welcome calls via text Relay NHS
More informationBrighton and Sussex University Hospital NHS Trust
Brighton and Sussex University Hospital NHS Trust Year Ending 31 March 2013 Annual Audit Letter July 2013 Ernst & Young LLP Executive summary Ernst & Young LLP 1 More London Place London SE1 2AF Tel: +44
More informationNote the Chief Internal Auditor s findings to date and gain assurance from Officers that key issues raised are being addressed.
Agenda Item No: 9 To: Joint Audit Committee Date: 24 September 2014 By: Chief Internal Auditor Title: Internal Audit Update Report 2014-15 Purpose of Report: The purpose of this report is to give an opinion
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationHigh Assurance Overall, very good management of risk. An effective control environment appears to be in operation.
ANNEX 1 AUDITS COMPLETED AND REPORTS ISSUED The following categories of opinion are used for audit reports. Level of High Overall, very good management of risk. An effective control environment appears
More informationAudit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance
Audit Report for South Lakeland District Council People and Places Directorate Neighbourhood Services Audit of Grounds Maintenance Cumbria Shared Internal Audit Service: Internal Audit Report 7 th November
More informationThe Audit Findings for NHS Dorset Clinical Commissioning Group
The Audit Findings for NHS Dorset Clinical Commissioning Group Year ended 31 March 2015 27 th May 2015 Barrie Morris Director T 0117 305 7708 E barrie.morris@uk.gt.com Hannah Morris Manager T 0117 305
More informationAudit, Risk and Compliance Committee Charter
1. Background Audit, Risk and Compliance Committee Charter The Audit, Risk and Compliance Committee is a Committee of the Board of Directors ( Board ) of Syrah Resources Limited (ACN 125 242 284) ( Syrah
More informationReport of the Audit and Risk Committee
10 December 2014 Council 7 To consider Report of the Audit and Risk Committee Issue 1 Twice a year the Audit and Risk Committee prepares a report for Council which details the work it has undertaken since
More informationDate of meeting: 26 March 2013 36/13
NHS Sussex Board Item Number: Date of meeting: 26 March 2013 36/13 Title of report: NHS Sussex Transition and Closedown Report Recommendation: The Board is asked to discuss and approve the Transition and
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationPublic Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector
Public Sector Internal Audit Standards Applying the IIA International Standards to the UK Public Sector Issued by the Relevant Internal Audit Standard Setters: In collaboration with: Public Sector Internal
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationVersion: 3.0. Effective From: 19/06/2014
Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016
More informationCompliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationSmart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)
Smart Meters Programme Schedule 2.5 (Security Management Plan) (CSP South version) Schedule 2.5 (Security Management Plan) (CSP South version) Amendment History Version Date Author Status v.1 Signature
More informationCheshire Fire Authority
Cheshire Fire Authority Internal Plan 2013/2014 Presented at the Cheshire Fire Authority meeting of: 17 April 2013 Lisa Randall Head of Internal 1 INTRODUCTION This document sets out the approach we have
More informationPublic Sector Internal Audit Standards
Public Sector Internal Audit Standards Table of Contents Section 1 Introduction 3 Section 2 Applicability 6 Section 3 Definition of Internal Auditing 8 Section 4 Code of Ethics 9 Section 5 Standards 12
More informationNHS Risk Management and Organising Requirements
www.nhsprotect.nhs.uk Standards for providers 2015-16 Security management Standards for providers 2015/16: Fraud, bribery and corruption Click here for index page Standards for providers 2015-16: Security
More informationPerth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01
Perth & Kinross Council Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08 External Audit Report No: 2008/01 Draft Issued: 11 February 2008 Final Issued: 29 February 2008 Contents Page Page
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationEssex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion
Essex Fire Authority Fleet Management Internal Audit Report (4.12/13) 28 February 2013 FINAL Overall Opinion Essex Fire Authority Fleet Management 4.12/13 CONTENTS Section Page Executive Summary 1 Action
More informationGUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES
Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY
More informationDIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Appendix 1b REVIEW OF CHEQUE HANDLING PROCESS
DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Appendix 1b REVIEW OF CHEQUE HANDLING PROCESS DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Report Distribution List
More informationPractice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM
October 2010 Practice Note 10 (Revised) AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM The Auditing Practices Board (APB) is one of the operating bodies of the Financial Reporting
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationAn Introduction to Continuous Controls Monitoring
An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc
More informationInformation Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs
Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper
More informationProcess for advising on the feasibility of implementing a patient access scheme
Process for advising on the feasibility of implementing a patient access scheme INTERIM September 2009 Patient Access Schemes Liaison Unit at NICE P001_PASLU_Process_Guide_V1.3 Page 1 of 21 Contents (to
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationDraft Annual Governance Statement
Draft Annual Governance Statement APPENDIX Scope of Responsibility The Isle of Wight Council is responsible for ensuring that its business is conducted in accordance with the law and proper standards and
More informationAvon & Somerset Police Authority
Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review PERFORMANCE MANAGEMENT & MONITORING. Final Report FU17 12/13
Comhairle nan Eilean Siar Internal Audit Follow Up Review Final Report FU17 12/13 30 th May 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4 7 30
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Strategy
NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference
More informationSECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT
SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing
More informationExternal Audit: Annual Audit Letter 2005-06
INFRASTRUCTURE, GOVERNMENT AND HEALTHCARE External Audit: Annual Audit Letter 2005-06 Wrightington, Wigan and Leigh NHS Trust 28 September 2006 AUDIT Content The contacts at KPMG in connection with this
More informationDORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy
Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationa) To achieve an effective Quality Assurance System complying with International Standard ISO9001 (Quality Systems).
FAT MEDIA QUALITY ASSURANCE STATEMENT NOTE 1: This is a CONTROLLED Document as are all quality system files on this server. Any documents appearing in paper form are not controlled and should be checked
More informationBest Value toolkit: Performance management
Best Value toolkit: Performance management Prepared by Audit Scotland July 2010 Contents Introduction The Audit of Best Value The Best Value toolkits Using the toolkits Auditors evaluations Best Value
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More information