Internal Audit Plan 2015/16

Transcription

1 (Including Strategic Plan )

2 Contents Executive Summary 1. Internal Audit Plan Approach 1.1 Internal Audit Plan Requirements 1.2 Plan Methodology 2. Your Strategic Internal Audit Plan 2.1 Risk Assessment 2.2 Proposed Internal Audit Plan Coverage 2.3 Risk areas to be kept under review 2.4 Fees 2.5 Added value integral to plan Appendix A: 2015/16 Detailed Operational Plan Appendix B: Your Team P a g e 1

3 Executive Summary Introduction This plan describes how MIAA will deliver your internal audit services in 2015/16. The plan is based on our local risk assessment and shows how our work aligns to your strategic risk assessment. We have included our 3 year audit strategy and developed a detailed operational plan for 2015/16. In Section One we confirm that this risk based Internal Audit Plan has been developed in compliance with national standards and guidance. We provide detail about the MIAA planning methodology and how the work we do in the year informs the Director of Audit Opinion which in turn contributes to your Annual Governance Statement. Proposed audit coverage and fees for 2015/16 Our local risk assessment in Section Two sets out the process we have followed to arrive at the areas for review. The plan takes into account the Clinical Commissioning Group s (CCG s) own risk and assurance framework, discussions with a wide range of officers and our broader knowledge of the NHS. For 2015/16 the key areas of coverage are: Access to Services Core assurances in respect of Better Care Fund (Operational Arrangements), Continuing Healthcare and CSU Wind Down. Transparency and Governance Independent assurances on your arrangements for your Assurance Framework, along with support on Management Accounts Technical Processes and Balance Sheet Review. Patient Participation and Customer Service Specialist assurance on your arrangements for Patient Experience. Informed Commissioning Assessment of your Information Governance Toolkit and key reviews to provide assurance in respect of Co Commissioning (Baseline Assessment) & Conflict of Interest and Fundamental IT Security. Higher Standards Assurance to be provided on the core systems and processes underpinning Integrated Care. P a g e 2

4 Appendix A sets out the detailed operational plan for 2015/16 as well as outlining the scope of the reviews, and the proposed fees for the 2015/16 plan are The plan will continue to be delivered through a highly skilled multi-disciplinary team (see Appendix B). In addition to the core plan, MIAA will continue to provide the following added value services integral to your service: MIAA Insights Range of briefing notes on key topic areas, providing a series of prompts for Governing Body members, and a newly launched (2014) benchmarking and best practice series. For more information contact R&D@miaa.nhs.uk MIAA Events Continued provision of local events delivered with high calibre national speakers, with series focussed on Non-Executive Directors / Lay Members, Chairs, Audit Committee members and wider CCG / Trust interest groups. For more information contact miaa.admin@miaa.nhs.uk Flexibility of the plan We continuously update our understanding of the risks facing the CCG through National insights, our regular liaison meetings with CCG officers and keeping an oversight of Governing Body and Committee agendas. We recognise that we may need to update the audit plan during the year as different risks emerge, and we will naturally keep you informed about any proposed changes to the plan. Any changes will be discussed with the Chief Finance Officer and approved through the Audit Committee. As an NHS preferred provider of internal audit and advisory services in the North West and into Yorkshire, our strategy is built upon quality and value. A fundamental aspect of our approach is to provide a cost-effective service that harnesses the benefits of scale to provide a highly skilled, flexible and responsive solution whilst remaining part of the NHS and ensuring NHS expertise. P a g e 3

5 1. Internal Audit Plan Approach The Internal Audit Plan approach ensures that you are provided with a comprehensive service that can support the Governing Body and in discharging their governance responsibilities. The Internal Audit Charter with the CCG also sets out further details of the underpinning requirements and relationships with you. 1.1 Internal Audit Plan Requirements The internal audit plan is developed following a comprehensive risk assessment aligned to your strategic objectives. As set out within the Public Sector Internal Audit Standards: Internal Auditors must establish risk based plans to determine the priorities of internal audit activity, consistent with the organisation s goals. (Public Sector Internal Audit Standards, 2012) In accordance with the requirements of the Handbook (HfMA, 2014) the plan covers the two key roles of internal audit: The provision of an independent and objective opinion to the Accountable Officer, the Governing Body, and the on the degree to which risk management, control and governance support the achievement of the organisations agreed objectives. The provision of an independent and objective consultancy service specifically to help line management improve the organisation s risk management, control and governance arrangements. The delivery of the risk based internal audit plan underpins the provision of a Director of Internal Audit Opinion on the effectiveness of the system of internal control at the CCG, which in turn supports the CCG s Annual Governance Statement (see figure 1 below). P a g e 4

6 Figure 1 Internal Audit Plan Requirements Recognising the breadth of coverage needed to provide a comprehensive internal audit service and deliver a wide ranging Director of Audit Opinion, MIAA ensures that our specialist functions are integral to the delivery of our core audit programme. 1.2 Plan Methodology Our audit plan methodology is based on best practice and has been developed in accordance with professional standards. The planning methodology also ensures contribution to supporting you in achieving your strategic objectives and coverage of your business critical systems over a rolling programme. P a g e 5

7 Our risk assessment approach is aligned to your strategic risk assessment (see figure 2 below), utilising your assurance framework, annual plan and other key documents. The approach also involves discussions with key officers, and brings our knowledge and experience of the challenges facing the sector and specifically CCGs. Aligned Strategic Risk Assessment Environment Risk Analysis, including sector Risks, developments, and regulatory requirements. Assessment of the organisation s risk maturity (this is an overview of the governance, risk management and assurance processes). Review of the Assurance Framework, Risk Registers and Annual Plan. Discussions with Governing Body members and management interrelated with an understanding of the s assurance requirements. Business Critical Systems Ensuring review of all business critical systems over the life of the contract. Incorporating regulatory requirements. Liaison with External Audit and other assurance providers to ensure coordinated audit assurance. Audit Methodology Periodic audit planning supported by an annual plan that is developed from the Assurance Framework. Specific local risk assessment to set the scope and objectives for individual assignments. System mapping and evaluation to ensure risk based focus on testing. Figure 2 Audit Planning Risk Based Approach During the establishment of the plan and through the prioritisation of coverage, we consider the audit resource requirements. Any impact on the integrity of the plan, including those relating to resources, will be brought to the attention of the Audit Committee. P a g e 6

8 2 Strategic Internal Audit Plan Your Strategic Internal Audit Plan has been derived following the risk assessment process outlined in section 1.2 above. 2.1 Risk Assessment A key focus of the risk assessment is understanding your vision and ensuring that the internal audit plan contributes to your objectives. This in turn ensures that the assurance provided is built around your risks. The high level risk assessment of the CCG is provided below and this underpins the proposed audit plan coverage set out in section 2.2. Understanding your vision Salford CCG will ensure the delivery of excellent health outcomes for the population it serves in the borough of Salford, maintaining clinical excellence and value for money. Contributing to achieving your objectives Helping the population stay healthy and live longer in all areas of the Borough. Commissioning high quality services which reflect the requirements of the population delivering good clinical outcomes, good patient experience and value for money within available resources. Developing an effective commissioning organisation that puts the patient first. Being an organisation that consistently delivers its statutory duties. P a g e 7

9 Assurance built around your risks Failure to: Establish robust contracting arrangements and underpinning financial planning and management. Discharge statutory duties. Mitigate governance, risk and assurance failure Work in partnership and engage patients and other stakeholders. Make informed decisions underpinned by robust data quality. Achieve higher standards and improve outcomes. Failure to identify gaps in systems and processes that support the management of HCAIs across the health economy. Recognise early failures of quality in services. Deliver financial targets. 2.2 Proposed Internal Audit Plan Coverage This section sets out the proposed strategic three year Internal Audit Plan which is based on the full risk assessment and prioritises coverage on a combination of risk rating, organisational impact and recognition of the CCG s wider assurance mechanisms. The Strategic Internal Audit Plan is subject to risk assessment each year, or more frequently as the need arises. A detailed operational plan for 2015/16 demonstrating the risk source in relation to each output is provided in Appendix A. CORE AUDIT PLAN OUTPUTS 2014/ / /17 ACCESS TO SERVICES BCF Benchmarking CSU Wind Down Better Care Fund Operational Arrangements / CHC Local Authority Pooled Budgets Continuing Healthcare Urgent Care Tendering / Procurement P a g e 8

10 CORE AUDIT PLAN OUTPUTS 2014/ / /17 TRANSPARENCY AND GOVERNANCE Assurance Framework Opinion Corporate Governance Compliance Equality and Diversity Serious Untowards Incidents & Investigations Management Accounts - Technical Processes and Balance Sheet Review Property Services PATIENT PARTICIPATION AND CUSTOMER SERVICE Raising of Concerns Patient Experience Communications INFORMED COMMISSIONING Mental Health Commissioning Partnership Working Outcomes Based Commissioning Information Governance Co-Commissioning - Baseline Assessment & Conflict of Interest Stakeholder Engagement Baseline Assessment Fundamental IT Security Review Personal Health Budgets HIGHER STANDARDS Prescribing Incentive Scheme Performance Management/Use of Information Use of Personal Identifiable Data Integrated Care Organisation Demonstrating Social Value FOLLOW UP & CONTINGENCY Follow-up Contingency AUDIT COMMITTEE, PLANNING & MANAGEMENT Planning liaison and management Reporting and meetings P a g e 9

11 2.3 Risk Areas to be kept under review The following risk areas were identified as part of the strategic risk assessment and are not currently prioritised within the Internal Audit Plan coverage. This assessment is based on both the risk rating of these areas and consideration of the CCG s other assurance mechanisms. These reviews will be considered as part of the ongoing risk assessment and could be incorporated into a rolling programme should risks and assurances change. Safeguarding Risk Stratification Emergency Preparedness Nursing / Residential Homes Quality Assessments Healthcare Associated Infections Any Qualified Provider Early Warning Systems 2.4 Fees The fees quoted within this plan are based upon the skill mix required to deliver the proposed coverage. Any input required in addition to the plan in respect of special investigations or specialist reviews will be charged in accordance with the skill mix required to deliver the work. All costs associated with such work will be agreed with the Chief Finance Officer prior to commencement. 2014/15 ( ) 2015/16 ( ) Core Audit Plan 42,000 42,000 Additional to Plan - - TOTAL 42,000 42,000 MIAA is committed to providing value for money to our clients and has been continually enhancing the way in which our services are delivered to ensure efficient and effective provision. Since 2009/10 MIAA have continued to maintain the fees at the same level and absorb cost pressures and inflation through continuous improvement. P a g e 10

12 2.5 Added Value Integral to Plan The following benefits are also provided to you as integral to our service. Thought Leadership Events MIAA has developed excellent reputation for the quality of its learning and development events. We have a number of different streams of events including NED/ Lay Member development events, Chair and Board/Governing Body events and Audit Committee Chairs events. These events are offered free of charge irrespective of the number of delegates you would wish to attend. MIAA Insights In 2014 MIAA launched a new MIAA Insights series which provides benchmarking on key topic areas, sharing of best practice and brings the value to you of our knowledge and understanding across 60 NHS organisations. The briefing note series which has been in place for some time will now form part of the Insights work stream. P a g e 11

13 Appendix A: 2015/16 Detailed Operational Plan The 2015/16 operational plan is provided below. The risk source references the utilisation of your assurance framework, annual plan and other key documents, discussions with key officers, along with our knowledge and experience of the challenges facing the sector and specifically CCGs. The CCG will also need to seek assurance for the services upon which it relies from other bodies, including the Commissioning Support Unit. CORE AUDIT PLAN OUTPUTS Risk Source Proposed Timing Exec Lead ACCESS TO SERVICES CSU Service Contracts Wind Down The review will consider the management of key risks associated with the withdrawal of services from CSU. Key areas will be identified in discussion with management. Audit Risk Assessment Q1 Steve Dixon (Chief Finance Officer) & Hannah Dobrowolska (Director of Corporate Services) Better Care Fund (Operational Arrangements) The review will consider the operational arrangements in place at the CCG and with its key partners to effectively manage the work programmes. Assurance Framework Q4 Steve Dixon(Chief Finance Officer) Karen Proctor (Director of Commissioning) Continuing Healthcare This review will consider the CCGs arrangements for managing the risks associated with CHC. Dependent upon the SLA with the CSU we will evaluate performance management, risk escalation, quality and financial monitoring mechanisms. Assurance Framework Q3 Karen Proctor (Director of Commissioning) TRANSPARENCY AND GOVERNANCE Assurance Framework Opinion An annual opinion will be provided on the method by which the organisation produces, refreshes, manages and monitors its Assurance Framework. Ensuring risks identified through the Annual Plan are reflected accurately within the Assurance Framework and are a key focus for the Board. The Opinion s primary purpose is to inform the Annual Governance Statement referred to in the paragraph above. Assurance Framework Q4 Hannah Dobrowolska (Director of Corporate Services) Management Accounts Technical Processes and Balance Sheet Review MIAA will undertake a Balance Sheet Review and evaluate the technical processes for Management Accounts. Assurance Framework Q3 Elaine Vermeulen A p p e n d i x A 1

14 CORE AUDIT PLAN OUTPUTS Risk Source Proposed Timing Exec Lead (Deputy Chief Finance Officer) PATIENT PARTICIPATION AND CUSTOMER SERVICE Patient Experience MIAA will undertake a baseline assessment of the CCGs approach to consider how the various activities to understand and improve patient experience are currently configured and to provide suggestions on possible future developments. Assurance Framework Q2 Hannah Dobrowolska (Director of Corporate Services) Francine Thorpe (Director of Quality and Innovation) INFORMED COMMISSIONING Co Commissioning (Baseline Assessment) & Conflict of Interest MIAA will undertake a baseline assessment of the arrangements in place to ensure NHS England Standards and Guidance is complied with. As part to the review MIAA will evaluate the systems and processes in place to declare, record and monitor conflict of interest throughout the CCG in line with the changes on the commissioning landscape. Assurance Framework Q3 Hannah Dobrowolska (Director of Corporate Services) Fundamental IT Security Review This review will provide assurance that the fundamental security controls operated by the IT service provider to protect user accounts and data are effectives, fit for purpose and aligned to business requirements Assurance Framework Q2 Steve Dixon (Chief Finance Officer) Information Governance Following recommendations from the Care Quality Commission, the Department of Health (DH) has stated that it is best practice that every organisation has its information governance (IG) processes and returns reviewed by Internal Audit on an annual basis. Recommended Best Practice Q4 Steve Dixon (Chief Finance Officer) HIGHER STANDARDS Integrated Care MIAA will evaluate how the CCG is working with their partners and delivering on the wider integrated agenda including measuring outcomes. Assurance Framework Q3 Karen Proctor (Director of Commissioning) FOLLOW UP & CONTINGENCY Follow-up This will be conducted throughout the year to provide the with assurance regarding management s implementation of agreed actions. Mandated Requirement A p p e n d i x A 2

15 CORE AUDIT PLAN OUTPUTS Risk Source Proposed Timing Exec Lead Contingency This element of the plan allows the flexibility to respond to management requests in order to meet specific client needs during the course of the financial year. Mandated Requirement AUDIT COMMITTEE, PLANNING & MANAGEMENT In providing an internal audit service an allocation of time is required for the management of the contract: Planning liaison and management - Incorporating preparation and attendance at ; completion of risk assessment and planning; liaison with the client and organisation of the audit reviews. Mandated Requirement Reporting and meetings - Key reports will be provided to support this, such as the Director of Audit Opinion and Annual Report, Annual Plan and Interim Update Reports. Mandated Requirement Following agreement of the plan a schedule of the timing for the audit reviews will be provided in the Internal Audit Progress Report. Liaison with your External Auditors will take place to ensure maximum benefit is derived from your total audit resource. A p p e n d i x A 3

16 Appendix B: Your Team In the delivery of our range of services we maintain a balance between having consistency in the staff working on your contract whilst introducing new staff with experience of working in other organisations. We have found this to be a very effective method of operating which has enabled our staff to develop familiarity and experience of your systems and the specific issues you face and has strong relationships to be built with your staff. Tim Crowley Managing Director SPECIALIST SERVICES Dave Orme Senior IM&T Manager IM&T Team Steve Connor Commercial Director Karan Wheatcroft Operations Director Debbie Rimmer Head of Healthcare Quality HQ Team David Gozzard Associate Medical Director Michael Gregory GP Advisor Roger Causer Local Anti Fraud Specialist LCFS Team Tahira Jabeen Senior Audit Manager Audit Team Jayne Wainwright Capital Audit Manager Capital Team Associate Consultants Figure 3 Your Team Tim Crowley (CPFA) Director Tel: Tim.crowley@miaa.nhs.uk Steve Connor (CPFA, MBA) Commercial Director Tel: steve.connor@miaa.nhs.uk Tim has worked in senior audit, assurance and governance roles in the health sector for over 30 years. As Director of MIAA he leads an organisation with a national reputation for the delivery of audit and assurance services to the NHS. In particular, he has a track record of achievements in the areas of standard setting and development; assurance design; and board engagement on audit and assurance matters. Steve has overall responsibility for MIAA business development along with the delivery, performance and resource management across all of MIAA s clients. This includes keeping MIAA at the forefront in terms of Internal Audit practice and supporting NHS organisations and their s in all aspects of Audit and Governance. A p p e n d i x B 1

17 Senior Karan Wheatcroft (CPFA) Operations Director Tel: Tahira Jabeen (CPFA) Senior Audit Manager Tel: Claude Chonzi (FCMA, MBA, MIIA) Audit Manager Tel: Karan has significant experience of managing the delivery and development of internal audit and assurance services. During her many years of experience of NHS Internal Audit she has built important relationships and systems knowledge across health care organisations, including primary and secondary care, former Strategic Health Authority and third sector providers. Tahira has significant experience of delivering Audit and Assurance Services across the public sector including the NHS. Tahira is a member of the Chartered Institute of Public Financial Accountants and has personally led on a number of specific Keogh Themed reviews at our FT clients. As the CCG s Internal Audit Manager, Tahira is a key contact for the audit contract. Claude has responsibility for the day to day management of your internal audit contract and manages the team responsible for delivery of the work. Claude has significant experience of internal audit and assurance across a range of NHS clients. His previous experience encompasses financial analysis, policy implementation reviews and operational audits whilst working for the civil service in Whitehall. He led the audits of a number of large executive agencies and Non Departmental Public Bodies within the Department of Trade and Industry (now Department of Business Innovation & Skills). Debbie Rimmer (BSc Hons/ MBA) Head of Healthcare Quality Debbie.rimmer@miaa.nhs.uk Debbie has significant experience of working within the NHS across both acute and primary care settings; working with clinical teams, individuals and functions. Debbie manages an experienced team to deliver support and assurance in respect of clinical quality/governance, patient experience, safety, effectiveness and clinical audit across the MIAA client portfolio. A p p e n d i x B 2

18 Dave Orme (CISA) Senior IM&T Manager Dave has significant cross sector experience, initially in mainframe operations, technical management and operational roles, and then within internal computer audit, providing technical support, consultancy, data analysis and technical auditing. Dave has strong knowledge of NHS Information systems, providing advice and guidance on security best practice and using this to develop risk based audit plans. A p p e n d i x B 3