Upload
ngoduong
View
218
Download
0
Embed Size (px)
Citation preview
Draft for Approval by Audit Committee
1
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16 and
Audit Strategy 2015/18
March 2015
NHS Wales Shared Services Partnership
Audit and Assurance Services
NHS Wales Audit & Assurance Services Page | 2
Contents
1 Introduction
2 Developing the audit strategy
3 Audit risk assessment
4 Planned audit coverage
5 Resource needs assessment
6 Action required
Appendix A – High Level Audit Universe – Grouped by Assurance Domains
Appendix B – Audit Risk Assessment Methodology
Appendix C – Strategic Audit Plan 2015/16 to 2017/18
Appendix D – Operational Audit Plan 2015/16
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 3
1. Introduction
The Accountable Officer is required to certify in the Annual Governance Statement that they have reviewed the effectiveness of the organisation’s
governance arrangements, including the internal control systems, and provide confirmation that these arrangements have been effective, with
any qualifications as necessary including required developments and improvement to address any issues identified.
The purpose of Internal Audit is to provide the Accountable Officer and the Board, through the Audit Committee, with an independent and objective
opinion on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control. The opinion should be used to inform the Annual Governance Statement.
Additionally, the findings and recommendations from internal audit reviews
may be used by Health Board management to improve risk management, control and governance within their operational areas.
The Public Sector Internal Audit Standards require the Head of Internal Audit to develop and maintain an internal audit strategy designed to meet
the main purpose of the internal audit activity. This strategy must advocate a systematic and prioritised review, outlining the resources required to meet the assurance needs of the Accountable Officer, Board and Audit
Committee.
Accordingly this report sets out the risk based audit strategy for the period April 2015 to March 2018 for Cardiff and Vale University Health Board. The strategy includes an operational audit plan for the year 2015/16 and an
indication of proposed coverage for the out-years 2016/17 and 2017/18. The internal audit activity will be provided by NHS Wales Audit & Assurance
Services a division of the NHS Wales Shared Services Partnership.
2. Developing the Audit Strategy
2.1 Link to Auditing Standards
The Audit Strategy for 2015/16 – 2017/18 has been developed in accordance with the Internal Audit Standard 2010 Planning to enable the
Head of Internal Audit to meet the following key audit planning objectives:
Provision to the Accountable Officer of an overall annual opinion on the organisation’s risk management, control and governance, which may in turn support the preparation of the Annual Governance Statement;
Audit of the organisation’s risk management, internal control and governance arrangements through periodic risk based plans which
afford suitable priority to the organisation’s objectives and risks;
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 4
Improvement of the organisation’s risk management, control and governance by providing line management with recommendations
arising from audit work; Quantification of the audit resources required to deliver the planned
audit strategy; Effective co-operation with external auditors and other review bodies
functioning in the organisation; and Provision of both assurance and advice by internal audit.
2.2 Risk based audit planning approach
The risk based planning approach recognises the need for prioritisation of audit cover to provide assurance on management of risk and the strategy
addresses these fundamental planning issues by considering the: organisations risk assessment and maturity;
coverage of the audit universe; coverage of through previous years activities; and
audit resources required to provide a balanced and comprehensive view.
The 3-year audit strategy is framed in the context of the NHS Wales Planning Framework and the developing integrated plan for the period 2015/16 to 2017/18. The strategy is also mindful of the significant national
changes that are taking place through the Together for Health and the ongoing work on the South Wales programme. In addition, the audit
strategy aims to reflect the significant local changes occurring within the organisation and NHS Wales, assurance needs and key concerns identified from our discussions with management and emerging risks.
The issue of the January 2014 report from the Commission on Public
Service Governance Delivery also signals probable changes, but at present these are at too early a stage to consider for this planning round. However, the Director of Audit & Assurance will monitor developments
during 2015/16 and ensure the forward audit strategy remains fit for purpose. Any necessary updates will be reported to the Audit Committee in
line with the Internal Audit Charter. Whilst some areas of risk control and governance require annual review,
the risk based planning approach recognises that it is not possible to audit every area of an organisation’s activities every year and therefore provides
a rational basis for the prioritised allocation of audit resources. A summary of our approach to developing the strategic audit plan is Figure 1 below.
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 5
Figure 1 Audit planning flow diagram
stage1
•Understand corporate objectives risks and assurance needs •Obtain information and utilise sector knowledge to identify and understand the organisations
corporate objectives and strategic risks and assurance requirements
stage 2
•Define the audit universe •Identify the material auditable areas within the organisation and group into assurance
domains. Auditable areas can be functions, processes or locations. The audit universe is summarised in Appendix A.
stage 3
•Assess audit risk for frequency of coverage •Assess the audit risk in terms of impact and likelihood and mitigation in terms of adequacy and
effectiveness of internal control. The audit risk will drive the frequency of coverage in the strategic audit plan. The rationale used is set out at Appendix B.
Stage 4
•Outline scope and resource requirement •Determine the outline scope and associated audit resource required to review the design and
operation of controls in the selected audit area.
Stage 5
•Determine timing for strategic audit plan •Determine rotational coverage of audit universe based upon the frequency determined by
audit risk assessment, taking into account previous audit coverage and coordination with other review agencies including external audit. The proposed strategic audit plan is summarised in Appendix C
Stage 6
•Refine detail for operational plan •Expand and refine operational detail for annual audit plan including scheduling of
proposed audit programme. The proposed operational audit plan is detailed in Appendix D
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 6
2.3 Link to the system of assurance
The risk based planning approach integrates with the Health Board’s system of assurance, thus we have considered the following: A review of the Boards vision values and forward priorities as outlined
in the Annual Plan and 3 year Integrated Medium Term Plan; An assessment of the Health Board’s governance and assurance
arrangements and the contents of the Corporate Risk Assurance Framework;
Risks identified in papers to the Board and its Committees (in particular
the Audit Committee and Quality & Safety Committee); Key strategic risks identified within the corporate risk register and
assurance processes; Discussions with the Executive Directors regarding risks and assurance
needs in areas of corporate responsibility;
Cumulative internal audit knowledge of risk management, control and governance arrangements (including a consideration of past internal
audit opinions); New developments and service changes;
Legislative requirements to which the organisation is required to comply;
Other assurance processes including planned audit coverage of systems
and processes now provided through NHS Wales Shared Services Partnership (NWSSP);
Work undertaken by other review bodies including Wales Audit Office (WAO) and Health Inspection Wales (HIW); and
Coverage necessary to provide reasonable assurance to the
Accountable Officer in support of the Governance Statement.
An overview of the relationship between the organisational objectives key assurance domains and the internal audit plan is provided in the diagram in Figure 2. The mapping of the audit plan to the eight assurance domains is
designed to give balance to the overall annual audit opinion which supports the annual governance statement.
The identified auditable areas within these assurance domains are presented at a more granular level in Appendix A. The planned coverage
of these areas within the annual and strategic planning timeframe is explained within the following section.
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 7
Figure 2 Internal audit assurance on key domains
• Our mission: CARING FOR PEOPLE / KEEPING PEOPLE WELL
• Our vision is: To creat a community where your healthy life chanec does not depend on who you are of where you live.
• Our strategy is: Achive integrated care based on "Home First", Avoiding Waste, Harm & Variaation, Empowering People and Delivering Outcomes that matter to them.
Organisation objectives
Corporate governance, risk and regulatory compliance
Strategic planning performance management and reporting
Financial governance and management
Clinical governance quality and safety
Information governance and security
Operational service and functional management
Workforce management
Capital and estates management
Annual Internal
Audit Opinion
Assurance Domain
Annual Governance Statement
Internal Audit Assurance
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 8
2.4 Audit planning meetings
In developing the plan, the Head of Internal Audit has met with a number of Executives to discuss current areas of risk and related assurance needs. Meetings have been held with the Director of Finance, Chief Operating
Officer and Board Secretary during the planning process.
The first draft of this plan was discussed with at a meeting of the Management Executive as to the risk areas where internal audit assurance was best targeted with further refinements made prior to recirculation
around the Executives for further comments.
3. Audit risk assessment The prioritisation of audit coverage across the audit universe is based on the organisations assessment of risk and assurance requirements as
defined in the board Corporate Risk Assurance Framework.
The maturity of these risk and assurance systems allows us to consider both inherent risk (impact and likelihood) and mitigation (adequacy and effectiveness of internal control). Our assessment also takes into account
corporate risk, materiality or significance, system complexity, previous audit findings, potential for fraud and sensitivity.
The relationship between audit risk and frequency of coverage is
documented at Appendix B.
4. Planned audit coverage
4.1 Strategic audit plan
The rotational coverage of the audit universe in Appendix A is based upon the frequency determined by audit risk assessment in Appendix B. The
sequencing in the strategic planning period also takes into account previous audit coverage and strategic coordination with other review agencies including Wales Audit Office and Health Inspectorate Wales.
The proposed strategic coverage for the period 2015/16 – 2017/18 has
been determined and is included in Appendix C. Where appropriate the strategic plan makes cross reference to key strategic
risks identified within the corporate risk register and related systems of assurance.
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 9
Assurance on national transaction processing systems operated by NWSSP will be covered through the NWSSP audit plan and are cross referenced for
completeness. Similarly those aspects of the plan which relate to capital and estates assurance to be covered through our Specialist Services Unit
are also marked for reference.
Provision has also been made in the strategic plan for other essential audit work including audit planning, management, reporting and follow-up.
4.2 Operational audit plan
Within this overall prioritisation and proposed strategic coverage the
operational plan for the year ahead can be defined in more detail.
The Operational Audit Plan is set out in Appendix D and identifies the audit assignment, lead executive officer, outline scope, and proposed timing.
Where appropriate the operational plan makes cross reference to key strategic risks identified within the corporate risk register and related
systems of assurance together with the proposed audit response within the outline scope.
Required audit coverage in terms of capital audit and estates assurance will be delivered by our Specialist Services Unit within the NHS Wales Audit &
Assurance Services. Given the specialist nature of this work and the assurance link with the all-Wales capital programme we will need to refine with management the scope and coverage on specific schemes
The scope objectives and audit resource requirements and timing will be
refined in each area when developing the audit scope in discussion with the responsible executive director and operational management.
The scheduling takes account of the optimum timing for the performance of specific assignments in discussion with management and WAO
requirements.
The operational plan includes an indicative breakdown of the overall resource at assurance domain and audit assignment level although this is dependent on the detailed circumstances of each piece of work.
The Audit Committee will be kept appraised of performance in delivery of
the Operational Audit Plan, and any required changes, through routine progress reports to each Audit Committee meeting.
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 10
4.3 Keeping the audit plan under review
Our risk assessment and audit plan is limited to matters emerging from the
planning processes indicated above. We will review and update the risk assessment and rolling strategic audit plan annually giving definition to the upcoming operational year and extending the strategic view outward.
Internal audit are committed to ensuring its service focuses on priority risk
areas business critical systems and the provision of assurance to management across the medium term and in the operational year ahead. Hence the plan will be kept under review and may be subject to change to
ensure it remains fit for purpose. In particular the plan will need to be periodically reviewed to ensure alignment with the developing systems of
assurance. Consistent with previous years and in accordance with best professional
practice an unallocated contingency provision has been retained in the plan to enable internal audit to respond to emergent risks and priorities
identified by the Executive Management Team and endorsed by the Audit Committee. Any change to the plan will be based upon consideration of risk and need and presented to the Audit Committee for approval.
Regular liaison with the Wales Audit Office as your External Auditor will
take place to coordinate planned coverage and ensure optimum benefit is derived from the total audit resource.
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 11
5. Resource needs assessment The needs based strategic audit plan indicates an aggregate resource requirement of 1160 days to provide balanced assurance reports to the Chief Executive as Accountable Officer in accordance with the NHS Wales
Internal Audit Standards.
This assessment is based upon an estimate of the audit resource required
to review the design and operation of controls in review area for the
purpose of sizing the overall resource needs for the strategic audit plan.
Provision has also been made in the strategic plan and needs assessment
for other essential audit work including planning, management, reporting
and follow-up.
This total resource allocation covers the servicing of the local audit plan (1250 days) including the earmarked capital audit and estates assurance
coverage minus the contribution to the audit of national systems through the NWSSP plan (90 days).
The top-slice funding passed to NWSSP is sufficient to meet these audit
resource needs. The inclusive internal provision through NWSSP Audit & Assurance Services represents best value for NHS Wales in comparison with external commercial rates for the equivalent provision of these professional
services.
The Public Sector Internal Audit Standards enable internal audit to provide consulting and advisory services to management. A small provision is contained within the Health Board’s plan for general advisory and
contingency work.
The commissioning of these additional services over and above the general provision in the plan by the Health Board is discretionary and therefore not included in the baseline strategic audit plan. Accordingly any requirements
to service management consulting requests would be additional to the audit plan and will need to be negotiated separately.
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
and Audit Strategy 2015/18
HIA Report
NHS Wales Audit & Assurance Services Page | 12
6. Action required The Audit Committee is invited to consider the audit strategy and proposed
operational plan and:
Approve the operational audit plan for 2015/16
Endorse the strategic view for the period 2016/17 to 2017/18 Note the associated audit resource requirements
James Johns
Head of Internal Audit (Cardiff and Vale UHB) Audit & Assurance Services
NHS Wales Shared Services Partnership
Cardiff and Vale University Health Board
High Level Audit Universe – Grouped by Assurance Domains
Appendix A
NHS Wales Audit & Assurance Services Page | 13
•Corporate governance including governance & accountability module
•Risk management and assurance including annual governance statement
• Policies and procedures
•Corporate legislative requirements
•Health and safety management
•Doing well doing better - Standards for Healthcare services in Wales
Corporate governance, risk and regulatory compliance
• Strategic planning
• Stakeholder engagement and communications
•Healthcare commissioning and contract management
• Public health
• Performance management monitoring and reporting
• Partnership governance
•Business continuity planning
Strategic planning, performance management and reporting
• Financial planning and budgetary control
• Financial recovery and cost improvement plans
•HB managed financial systems
• SSP managed financial systems
• Primary care contractor payments
•Contracting and procurement
•Charitable Funds
Financial governance and management
•Annual Quality Statement
•Clinical governance, standards and clinical audit
•Medicines management
•Medical equipment and devices
• Infection control
•Complaints, claims and serious incidents
• Patient experience and outcomes
• Learning lessons from national reviews
•Clinical networks
Clinical governance quality and safety
• Information governance
•Medical records management including Caldicott guardian
•Data quality
• Information management and technology
• Information systems security
•Data protection
• Freedom of Information
Information governance and security
•Directorates departments and services
• Localities and community hospitals
• Primary care services
•Continuing healthcare
•Hosted organisations
Operational service and functional management
• Payroll / ESR/ recruitment
•Workforce planning
•Organisational development and training
• Staff performance management and appraisals
•Operational rostering, overtime and EWTD compliance
• Temporary staffing including agency bank and locum cover
•Management of sickness and absence
Workforce management
• Environmental sustainability management and reporting
•Management of capital projects
• Facilities and estates management
•Asset management plans
Capital and estates management
Cardiff and Vale University Health Board
Audit Risk Assessment Methodology
Appendix B
NHS Wales Audit & Assurance Services Page | 14
The prioritisation of each area is based on our assessment of audit risk in terms
of inherent risk (consequence and likelihood) and mitigation (adequacy and
effectiveness of internal control). Our assessment takes into account corporate
risk, materiality or significance, system complexity, previous audit findings,
potential for fraud and sensitivity.
The desired frequency of rotational coverage is determined using the NHS
standard 5x5 risk assessment matrix; however audit judgement will be applied
in determining the proposed coverage in the strategic plan:
Lik
elih
oo
d o
f in
heren
t ris
k
Rare
(1)
U
nlikely
(2)
Possib
le (
3)
Pro
bable
(4)
Alm
ost
cert
ain
(5)
5 Every three
to five years
10 Every two
to four years
15
Every year or two
20
Every year or two
25
Every year or two
4 Rarely
unless mandated
8 Every
three to five years
12 Every two
to four years
16
Every year or two
20
Every year or two
3
Rarely
unless mandated
6
Every
three to five years
9
Every two
to four years
12
Every two
to four years
15
Every year or two
2
Rarely unless
mandated
4
Rarely unless
mandated
6
Every three to
five years
8
Every three to
five years
10
Every two to four
years
1
Rarely unless
mandated
2
Rarely unless
mandated
3
Rarely unless
mandated
4
Rarely unless
mandated
5
Every three to
five years
Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5)
Consequence of inherent risk
Cardiff and Vale University Health Board
Strategic Audit Plan 2015/16 to 2017/18
Appendix C
NHS Wales Audit & Assurance Services Page | 15
Planned output Mandated Audit Area
Corp Risk Register
NWSSP Plan
Prior Year Audit
[RAYG]
Audit Risk Rating [RAYG]
2015/16 2016/17 2017/18
Corporate governance, risk and
regulatory compliance
Governance & Accountability module N/A
Annual Governance Statement N/A
HIA Annual Report and Opinion N/A
Risk, Governance & Assurance N/A
Board Committee Assurance
Review of Standards for Healthcare
Services
Policies and procedures N/A
Fraud, theft & corruption N/A
Standards of Conduct ( DoI and G&H)
Corporate legislative compliance
(rotational coverage)
Health & Safety management
Welsh Risk Pool – Claims
Management Standard
Strategic planning performance
management and reporting
Strategic / Operational planning
Stakeholder engagement/
communication
Performance management/ reporting
Cardiff and Vale University Health Board
Strategic Audit Plan 2015/16 to 2017/18
Appendix C
NHS Wales Audit & Assurance Services Page | 16
Planned output Mandated
Audit Area
Corp Risk
Register
NWSSP
Plan
Prior Year
Audit [RAYG]
Audit Risk
Rating [RAYG]
2015/16 2016/17 2017/18
Commissioning
Management of SLAs
Continuing Healthcare
Funded Nursing Care
Non NHS Placements
Partnership governance
Third Sector
Business continuity planning
Research and Development
Emergency / major incident Planning
Discharges
Delayed Transfers of Care
Patient Access (Waiting List Mgt)
Financial governance and
management
Financial Improvements plans/
Financial budgetary management
Income / Cash Debtors
General Ledger Management
Capital Asset Management
NWSSP managed financial
systems – Accounts Payable /
P2P
CAATS – AP/P2P
NWSSP managed primary care
contractor payments:
Cardiff and Vale University Health Board
Strategic Audit Plan 2015/16 to 2017/18
Appendix C
NHS Wales Audit & Assurance Services Page | 17
Planned output Mandated
Audit Area
Corp Risk
Register
NWSSP
Plan
Prior Year
Audit [RAYG]
Audit Risk
Rating [RAYG]
2015/16 2016/17 2017/18
General Medical Services
General Dental Services
General Ophthalmic Services
General Pharmaceutical
Services
Prescribing
E-expenses
Procurement (Health Board)
Private Patients
Charitable Funds
Losses and compensation
Petty Cash / Cash
Patients Monies and Property
Clinical governance quality &
safety
Annual Quality Statement N/A
Clinical Governance
Clinical Audit
Infection control
Clinical Storage
Medical equipment & devices
Medicines management (inc. waste)
Safeguarding ( inc POVA, POCA etc)
Patient Experience
Patient Outcomes
Mortality / RAMI
Cardiff and Vale University Health Board
Strategic Audit Plan 2015/16 to 2017/18
Appendix C
NHS Wales Audit & Assurance Services Page | 18
Planned output Mandated
Audit Area
Corp Risk
Register
NWSSP
Plan
Prior Year
Audit [RAYG]
Audit Risk
Rating [RAYG]
2015/16 2016/17 2017/18
Putting things right: complaints,
incidents & redress
Clinical Networks
Learning from National Reviews /
Alerts
Catering and food hygiene
Information governance &
security
Information management and
governance ( inc. Calidcott, DPA, FOI)
Medical records management
Information management and
technology – network / servers
Telecoms/ Telephony
Information systems security
IT Systems
Operational service and functional
management
Risk management (inc. risk
assessment and registers)
Clinical Service Boards: Performance
Management, Governance and
Control Arrangements
Cardiff and Vale University Health Board
Strategic Audit Plan 2015/16 to 2017/18
Appendix C
NHS Wales Audit & Assurance Services Page | 19
Planned output Mandated
Audit Area
Corp Risk
Register
NWSSP
Plan
Prior Year
Audit [RAYG]
Audit Risk
Rating [RAYG]
2015/16 2016/17 2017/18
Stocks and Stores
Operational Services
Public Health
Localities
Home Oxygen Services
UHB Primary Care Services
Out of Hours Services
Community Resource Teams
Workforce management
NWSSP systems – Payroll/ ESR
Payroll CAATS
Staff PADRs
ESR (MSS)
Recruitment –
Staff Rostering
Medical Staffing ( inc. Job planning)
Management of temporary staffing
(Bank, Agency and Locum staff).
Management of sickness and absence
Occupational Health Services
UHB Values
Cardiff and Vale University Health Board
Strategic Audit Plan 2015/16 to 2017/18
Appendix C
NHS Wales Audit & Assurance Services Page | 20
Planned output Mandated
Audit Area
Corp Risk
Register
NWSSP
Plan
Prior Year
Audit [RAYG]
Audit Risk
Rating [RAYG]
2015/16 2016/17 2017/18
Equality Impact Assessments
Capital and Estates Management
Environmental sustainability reporting N/A
Carbon reduction Commitment
Capital Projects
Capital Systems
Primary Care Estate
Final Accounts
Estates Assurance
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
Appendix D
NHS Wales Audit & Assurance Services Page | 21
Planned output CRAF Outline Scope Executive
Lead
Outline
timing
Corporate governance, risk and
regulatory compliance (110)
Annual Governance Statement
---
To provide an opinion and undertake specific
areas of review to underpin the completion of
the Statement.
Board
Secretary
Q4
Governance & Accountability module
--
To provide an opinion on the process that has
been adopted and the evidence recorded
supports the self-assessment.
Board
Secretary
Q4
Annual HoIA Report --- Mandatory requirement to comply with the
Public Sector Internal Audit Standards and
Annual Governance Statement.
Board
Secretary
Q4
Risk Management & Assurance 8.2 Ongoing overview of general governance and
risk management arrangements. Undertake
specific areas of review to support annual
opinion.
Board
Secretary
Q1-4
Assurance to committee against key risks 8.2 To review the assurances against key risks
received by the Board and committees.
Board
Secretary
Q3
Standards for Healthcare Services 5.1.6 To provide an opinion on the process that has
been adopted for the Standards as approved by
the Quality and Safety Committee.
Director
Nursing
Q4
Claims Reimbursement
---
Review compliance with Welsh Risk Pool
Standard requirements for claims
reimbursement.
Director
Nursing
Q3/4
Legislative Compliance:
MHRA
8.1.8 Review UHB arrangements and compliance with
regulations.
Medical
Director
Q1/2
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
Appendix D
NHS Wales Audit & Assurance Services Page | 22
Planned output CRAF Outline Scope Executive
Lead
Outline
timing
Strategic planning performance
management and reporting (120)
IMTP
5.4 Review development and/delivery of the plans. Director of
Planning
Q2/3
Patient Access 5.3 Compliance with specific aspects of the Patient
Access policy.
COO Q3/4
Commissioning 2.1 Ensure that an overarching commissioning
system is in place to secure population based
outcomes
Director of
Public
Health
Q1/2
Business continuity follow up 6.4.1 To establish progress made by management in
the implementation of action agreed to address
key issues identified during the original review
of this area.
Director of
Planning
Q1/2
Delayed Transfers of Care
Review revised arranged for managing DTOCs COO Q3
Financial Governance and
management(60)
UHB Core Financial Systems 6.7 Review controls in place to mange key risk
areas within the main financial systems
Director of
Finance
Q3
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
Appendix D
NHS Wales Audit & Assurance Services Page | 23
Planned output CRAF Outline Scope Executive
Lead
Outline
timing
Charitable Funds
---- Review governance arrangements, including the
management of expenditure and donations.
Director of
Finance
Q4
Clinical governance quality and safety
(140)
Annual Quality Statement 5.1 To provide an opinion on the process that has
been adopted and the evidence recorded
supports the self-assessment.
Director
Nursing
Q1/2
Safeguarding - POVA 5.5 Review adequacy of arrangements in place and
compliance.
Director
Nursing Q1/2
Blood Management Review controls in place to mange key risk
areas within the system.
Medical
director Q1/2
Mental Capacity Act / DOLS 8.1.3 Review adequacy of arrangements in place and
compliance.
Medical
director Q1/2
Medicines Wastage 5.1.7 Review arrangements for minimising medicines
waste.
Medical
Director Q2/3
Concerns/complaints / E Datix 5.6 Review adequacy of arrangements in place,
compliance and system roll out.
Director of
Nursing Q2/3
Follow up meds mgt / clinical audit 5.1.7 Follow Up dependant on outcome of current
14/15 audits
Medical
Director
Q2/3
Information Governance and Security
(90)
Information Governance 8.1.5 Review arrangement for Information
Governance.
Medical
Director Q2
Telecoms follow up 6.8 Follow up Director of Q2
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
Appendix D
NHS Wales Audit & Assurance Services Page | 24
Planned output CRAF Outline Scope Executive
Lead
Outline
timing
Planning
Follow up records management 6.8 Follow up Medical
Director
Q3
Individual IT Systems -
2x TBA
6.8 Review controls in place to manage the system,
including security, data, contingency planning
and operations.
Director of
Therapies
Records Digitalisation 6.8 COO Q2
Operational service and functional
management (170)
Risk Management Arrangements 8.2 Review the process in place for the management of risk including compliance
with risk management and assessment procedure.
COO Q1/2
Outpatients Review the arrangements for booking and
level of Follow up outpatient appointments
COO Q2/3
Primary Care - GMS Contract Management 3.1.2 Review arrangements for management of
GMS contract
COO Q3/4
Provision of Out of Hours Services 5.3.2 Review the arrangements for the
management and monitoring the out of hours service.
COO
Q2/3
Community Resource Teams COO Q2/3
Stores / stock Review one of the UHB’s systems and
process for stock and stores management.
Director of
Finance
Q1-4
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
Appendix D
NHS Wales Audit & Assurance Services Page | 25
Planned output CRAF Outline Scope Executive
Lead
Outline
timing
Operational Services Review of key risk areas tba. Director Planning
Q2/3
Workforce management (130)
Absence management 6.2.1 Review staff management processes for the
management of absence across the UHB COO/HR Q1/2
Statutory & mandatory training. PADRS 6.2 To review arrangements in place that ensure
all staff have PADR and have been through
statutory & mandatory training.
COO/HR Q2/3
Rotas / Rostering 6.7 Review process for the development of rotas,
skill mix, gaps in hours planned breaks.
COO/HR Q2
Recruitment – filling vacancies 6.7 vacancy review and authorisation
Cost of holding vacancies to cost of temp staff
COO/HR Q2
Staff Flow / Medacs ( Medical locums) 6.7 Examination of controls in place for management of risks associated with locums and payments
Medical
Director
Q3/4
Capital and Estates (130)
Sustainability Reporting
6..4 To provide an opinion that the Health Board has
robust systems in place to record and report
minimum sustainability requirements as
required by the Welsh Government.
Director of
Planning
Q2
Carbon Reduction Commitment 6.4 To ensure the Health Board complies with the
requirements of the Order and that the
information held is accurate, complete and the
purchase of the credits is based upon actual
usage or informed estimates.
Director
Planning
Q2
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
Appendix D
NHS Wales Audit & Assurance Services Page | 26
Planned output CRAF Outline Scope Executive
Lead
Outline
timing
Capital Scheme - Neo Natal 6.4 Review scheme in an proving advisory support
and assurance work. Director
Planning
Q3
Capital systems - compliance with new
capital manual for discretionary and major
capital
6.4 Review scheme/ against requirements of new
manual Director
Planning
Q3
Backlog Maintenance Follow up 6.4 Follow up of previous report recommendations. Director
Planning
Q3
Primary Care Estate 6.4 Review of how the UHB is planning to manage
resource implications of the primary care
estate.
Director of
Planning
Q2/2
Capital / Estates Assurance
Equipment or energy management TBA
6.4 Director
Planning
Q4
Audit Management and Reporting 210
Contingency & Assurance and Advisory
(75)
This element of the plan allows the flexibility to
respond to management requests in order to
meet specific Health Board needs throughout
the course of the financial year.
Director of
Finance
Follow-up (45) We will conduct follow-up reviews throughout
the year to provide the Audit Committee with
assurance regarding management’s
implementation of agreed actions.
Director of
Finance
Cardiff and Vale University Health Board
Internal Audit Operational Plan 2015/16
Appendix D
NHS Wales Audit & Assurance Services Page | 27
Planned output CRAF Outline Scope Executive
Lead
Outline
timing
Planning, Management and Audit
Committee (90)
An allocation of time is required for the
management of the service to the Health
Board:-
Planning liaison and management –
Incorporating preparation and attendance at
Audit Committee; completion of risk
assessment and planning; liaison with key
contacts and organisation of the audit
reviews; and
Reporting and meetings – Key reports will
be provided to support this, including
preparation of the annual plan and progress
reports to the Audit Committee.
Director of
Finance