Internal Audit Operational Plan 2015/16 and Audit … · of our approach to developing the strategic audit plan is Figure 1 below. Cardiff and Vale University Health Board ... Internal

Draft for Approval by Audit Committee

1

Cardiff and Vale University Health Board

Internal Audit Operational Plan 2015/16 and

Audit Strategy 2015/18

March 2015

NHS Wales Shared Services Partnership

Audit and Assurance Services

NHS Wales Audit & Assurance Services Page | 2

Contents

1 Introduction

2 Developing the audit strategy

3 Audit risk assessment

4 Planned audit coverage

5 Resource needs assessment

6 Action required

Appendix A – High Level Audit Universe – Grouped by Assurance Domains

Appendix B – Audit Risk Assessment Methodology

Appendix C – Strategic Audit Plan 2015/16 to 2017/18

Appendix D – Operational Audit Plan 2015/16


Internal Audit Operational Plan 2015/16

and Audit Strategy 2015/18

HIA Report


1. Introduction

The Accountable Officer is required to certify in the Annual Governance Statement that they have reviewed the effectiveness of the organisation’s

governance arrangements, including the internal control systems, and provide confirmation that these arrangements have been effective, with

any qualifications as necessary including required developments and improvement to address any issues identified.

The purpose of Internal Audit is to provide the Accountable Officer and the Board, through the Audit Committee, with an independent and objective

opinion on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control. The opinion should be used to inform the Annual Governance Statement.

Additionally, the findings and recommendations from internal audit reviews

may be used by Health Board management to improve risk management, control and governance within their operational areas.

The Public Sector Internal Audit Standards require the Head of Internal Audit to develop and maintain an internal audit strategy designed to meet

the main purpose of the internal audit activity. This strategy must advocate a systematic and prioritised review, outlining the resources required to meet the assurance needs of the Accountable Officer, Board and Audit

Committee.

Accordingly this report sets out the risk based audit strategy for the period April 2015 to March 2018 for Cardiff and Vale University Health Board. The strategy includes an operational audit plan for the year 2015/16 and an

indication of proposed coverage for the out-years 2016/17 and 2017/18. The internal audit activity will be provided by NHS Wales Audit & Assurance

Services a division of the NHS Wales Shared Services Partnership.

2. Developing the Audit Strategy

2.1 Link to Auditing Standards

The Audit Strategy for 2015/16 – 2017/18 has been developed in accordance with the Internal Audit Standard 2010 Planning to enable the

Head of Internal Audit to meet the following key audit planning objectives:

Provision to the Accountable Officer of an overall annual opinion on the organisation’s risk management, control and governance, which may in turn support the preparation of the Annual Governance Statement;

Audit of the organisation’s risk management, internal control and governance arrangements through periodic risk based plans which

afford suitable priority to the organisation’s objectives and risks;




HIA Report


Improvement of the organisation’s risk management, control and governance by providing line management with recommendations

arising from audit work; Quantification of the audit resources required to deliver the planned

audit strategy; Effective co-operation with external auditors and other review bodies

functioning in the organisation; and Provision of both assurance and advice by internal audit.

2.2 Risk based audit planning approach

The risk based planning approach recognises the need for prioritisation of audit cover to provide assurance on management of risk and the strategy

addresses these fundamental planning issues by considering the: organisations risk assessment and maturity;

coverage of the audit universe; coverage of through previous years activities; and

audit resources required to provide a balanced and comprehensive view.

The 3-year audit strategy is framed in the context of the NHS Wales Planning Framework and the developing integrated plan for the period 2015/16 to 2017/18. The strategy is also mindful of the significant national

changes that are taking place through the Together for Health and the ongoing work on the South Wales programme. In addition, the audit

strategy aims to reflect the significant local changes occurring within the organisation and NHS Wales, assurance needs and key concerns identified from our discussions with management and emerging risks.

The issue of the January 2014 report from the Commission on Public

Service Governance Delivery also signals probable changes, but at present these are at too early a stage to consider for this planning round. However, the Director of Audit & Assurance will monitor developments

during 2015/16 and ensure the forward audit strategy remains fit for purpose. Any necessary updates will be reported to the Audit Committee in

line with the Internal Audit Charter. Whilst some areas of risk control and governance require annual review,

the risk based planning approach recognises that it is not possible to audit every area of an organisation’s activities every year and therefore provides

a rational basis for the prioritised allocation of audit resources. A summary of our approach to developing the strategic audit plan is Figure 1 below.




HIA Report


Figure 1 Audit planning flow diagram

stage1

•Understand corporate objectives risks and assurance needs •Obtain information and utilise sector knowledge to identify and understand the organisations

corporate objectives and strategic risks and assurance requirements

stage 2

•Define the audit universe •Identify the material auditable areas within the organisation and group into assurance

domains. Auditable areas can be functions, processes or locations. The audit universe is summarised in Appendix A.

stage 3

•Assess audit risk for frequency of coverage •Assess the audit risk in terms of impact and likelihood and mitigation in terms of adequacy and

effectiveness of internal control. The audit risk will drive the frequency of coverage in the strategic audit plan. The rationale used is set out at Appendix B.

Stage 4

•Outline scope and resource requirement •Determine the outline scope and associated audit resource required to review the design and

operation of controls in the selected audit area.

Stage 5

•Determine timing for strategic audit plan •Determine rotational coverage of audit universe based upon the frequency determined by

audit risk assessment, taking into account previous audit coverage and coordination with other review agencies including external audit. The proposed strategic audit plan is summarised in Appendix C

Stage 6

•Refine detail for operational plan •Expand and refine operational detail for annual audit plan including scheduling of

proposed audit programme. The proposed operational audit plan is detailed in Appendix D




HIA Report


2.3 Link to the system of assurance

The risk based planning approach integrates with the Health Board’s system of assurance, thus we have considered the following: A review of the Boards vision values and forward priorities as outlined

in the Annual Plan and 3 year Integrated Medium Term Plan; An assessment of the Health Board’s governance and assurance

arrangements and the contents of the Corporate Risk Assurance Framework;

Risks identified in papers to the Board and its Committees (in particular

the Audit Committee and Quality & Safety Committee); Key strategic risks identified within the corporate risk register and

assurance processes; Discussions with the Executive Directors regarding risks and assurance

needs in areas of corporate responsibility;

Cumulative internal audit knowledge of risk management, control and governance arrangements (including a consideration of past internal

audit opinions); New developments and service changes;

Legislative requirements to which the organisation is required to comply;

Other assurance processes including planned audit coverage of systems

and processes now provided through NHS Wales Shared Services Partnership (NWSSP);

Work undertaken by other review bodies including Wales Audit Office (WAO) and Health Inspection Wales (HIW); and

Coverage necessary to provide reasonable assurance to the

Accountable Officer in support of the Governance Statement.

An overview of the relationship between the organisational objectives key assurance domains and the internal audit plan is provided in the diagram in Figure 2. The mapping of the audit plan to the eight assurance domains is

designed to give balance to the overall annual audit opinion which supports the annual governance statement.

The identified auditable areas within these assurance domains are presented at a more granular level in Appendix A. The planned coverage

of these areas within the annual and strategic planning timeframe is explained within the following section.




HIA Report


Figure 2 Internal audit assurance on key domains

• Our mission: CARING FOR PEOPLE / KEEPING PEOPLE WELL

• Our vision is: To creat a community where your healthy life chanec does not depend on who you are of where you live.

• Our strategy is: Achive integrated care based on "Home First", Avoiding Waste, Harm & Variaation, Empowering People and Delivering Outcomes that matter to them.

Organisation objectives

Corporate governance, risk and regulatory compliance

Strategic planning performance management and reporting

Financial governance and management

Clinical governance quality and safety

Information governance and security

Operational service and functional management

Workforce management

Capital and estates management

Annual Internal

Audit Opinion

Assurance Domain

Annual Governance Statement

Internal Audit Assurance




HIA Report


2.4 Audit planning meetings

In developing the plan, the Head of Internal Audit has met with a number of Executives to discuss current areas of risk and related assurance needs. Meetings have been held with the Director of Finance, Chief Operating

Officer and Board Secretary during the planning process.

The first draft of this plan was discussed with at a meeting of the Management Executive as to the risk areas where internal audit assurance was best targeted with further refinements made prior to recirculation

around the Executives for further comments.

3. Audit risk assessment The prioritisation of audit coverage across the audit universe is based on the organisations assessment of risk and assurance requirements as

defined in the board Corporate Risk Assurance Framework.

The maturity of these risk and assurance systems allows us to consider both inherent risk (impact and likelihood) and mitigation (adequacy and effectiveness of internal control). Our assessment also takes into account

corporate risk, materiality or significance, system complexity, previous audit findings, potential for fraud and sensitivity.

The relationship between audit risk and frequency of coverage is

documented at Appendix B.

4. Planned audit coverage

4.1 Strategic audit plan

The rotational coverage of the audit universe in Appendix A is based upon the frequency determined by audit risk assessment in Appendix B. The

sequencing in the strategic planning period also takes into account previous audit coverage and strategic coordination with other review agencies including Wales Audit Office and Health Inspectorate Wales.

The proposed strategic coverage for the period 2015/16 – 2017/18 has

been determined and is included in Appendix C. Where appropriate the strategic plan makes cross reference to key strategic

risks identified within the corporate risk register and related systems of assurance.




HIA Report


Assurance on national transaction processing systems operated by NWSSP will be covered through the NWSSP audit plan and are cross referenced for

completeness. Similarly those aspects of the plan which relate to capital and estates assurance to be covered through our Specialist Services Unit

are also marked for reference.

Provision has also been made in the strategic plan for other essential audit work including audit planning, management, reporting and follow-up.

4.2 Operational audit plan

Within this overall prioritisation and proposed strategic coverage the

operational plan for the year ahead can be defined in more detail.

The Operational Audit Plan is set out in Appendix D and identifies the audit assignment, lead executive officer, outline scope, and proposed timing.

Where appropriate the operational plan makes cross reference to key strategic risks identified within the corporate risk register and related

systems of assurance together with the proposed audit response within the outline scope.

Required audit coverage in terms of capital audit and estates assurance will be delivered by our Specialist Services Unit within the NHS Wales Audit &

Assurance Services. Given the specialist nature of this work and the assurance link with the all-Wales capital programme we will need to refine with management the scope and coverage on specific schemes

The scope objectives and audit resource requirements and timing will be

refined in each area when developing the audit scope in discussion with the responsible executive director and operational management.

The scheduling takes account of the optimum timing for the performance of specific assignments in discussion with management and WAO

requirements.

The operational plan includes an indicative breakdown of the overall resource at assurance domain and audit assignment level although this is dependent on the detailed circumstances of each piece of work.

The Audit Committee will be kept appraised of performance in delivery of

the Operational Audit Plan, and any required changes, through routine progress reports to each Audit Committee meeting.




HIA Report


4.3 Keeping the audit plan under review

Our risk assessment and audit plan is limited to matters emerging from the

planning processes indicated above. We will review and update the risk assessment and rolling strategic audit plan annually giving definition to the upcoming operational year and extending the strategic view outward.

Internal audit are committed to ensuring its service focuses on priority risk

areas business critical systems and the provision of assurance to management across the medium term and in the operational year ahead. Hence the plan will be kept under review and may be subject to change to

ensure it remains fit for purpose. In particular the plan will need to be periodically reviewed to ensure alignment with the developing systems of

assurance. Consistent with previous years and in accordance with best professional

practice an unallocated contingency provision has been retained in the plan to enable internal audit to respond to emergent risks and priorities

identified by the Executive Management Team and endorsed by the Audit Committee. Any change to the plan will be based upon consideration of risk and need and presented to the Audit Committee for approval.

Regular liaison with the Wales Audit Office as your External Auditor will

take place to coordinate planned coverage and ensure optimum benefit is derived from the total audit resource.




HIA Report


5. Resource needs assessment The needs based strategic audit plan indicates an aggregate resource requirement of 1160 days to provide balanced assurance reports to the Chief Executive as Accountable Officer in accordance with the NHS Wales

Internal Audit Standards.

This assessment is based upon an estimate of the audit resource required

to review the design and operation of controls in review area for the

purpose of sizing the overall resource needs for the strategic audit plan.

Provision has also been made in the strategic plan and needs assessment

for other essential audit work including planning, management, reporting

and follow-up.

This total resource allocation covers the servicing of the local audit plan (1250 days) including the earmarked capital audit and estates assurance

coverage minus the contribution to the audit of national systems through the NWSSP plan (90 days).

The top-slice funding passed to NWSSP is sufficient to meet these audit

resource needs. The inclusive internal provision through NWSSP Audit & Assurance Services represents best value for NHS Wales in comparison with external commercial rates for the equivalent provision of these professional

services.

The Public Sector Internal Audit Standards enable internal audit to provide consulting and advisory services to management. A small provision is contained within the Health Board’s plan for general advisory and

contingency work.

The commissioning of these additional services over and above the general provision in the plan by the Health Board is discretionary and therefore not included in the baseline strategic audit plan. Accordingly any requirements

to service management consulting requests would be additional to the audit plan and will need to be negotiated separately.




HIA Report


6. Action required The Audit Committee is invited to consider the audit strategy and proposed

operational plan and:

Approve the operational audit plan for 2015/16

Endorse the strategic view for the period 2016/17 to 2017/18 Note the associated audit resource requirements

James Johns

Head of Internal Audit (Cardiff and Vale UHB) Audit & Assurance Services

NHS Wales Shared Services Partnership


High Level Audit Universe – Grouped by Assurance Domains

Appendix A


•Corporate governance including governance & accountability module

•Risk management and assurance including annual governance statement

• Policies and procedures

•Corporate legislative requirements

•Health and safety management

•Doing well doing better - Standards for Healthcare services in Wales

Corporate governance, risk and regulatory compliance

• Strategic planning

• Stakeholder engagement and communications

•Healthcare commissioning and contract management

• Public health

• Performance management monitoring and reporting

• Partnership governance

•Business continuity planning

Strategic planning, performance management and reporting

• Financial planning and budgetary control

• Financial recovery and cost improvement plans

•HB managed financial systems

• SSP managed financial systems

• Primary care contractor payments

•Contracting and procurement

•Charitable Funds

Financial governance and management

•Annual Quality Statement

•Clinical governance, standards and clinical audit

•Medicines management

•Medical equipment and devices

• Infection control

•Complaints, claims and serious incidents

• Patient experience and outcomes

• Learning lessons from national reviews

•Clinical networks


• Information governance

•Medical records management including Caldicott guardian

•Data quality

• Information management and technology

• Information systems security

•Data protection

• Freedom of Information

Information governance and security

•Directorates departments and services

• Localities and community hospitals

• Primary care services

•Continuing healthcare

•Hosted organisations

Operational service and functional management

• Payroll / ESR/ recruitment

•Workforce planning

•Organisational development and training

• Staff performance management and appraisals

•Operational rostering, overtime and EWTD compliance

• Temporary staffing including agency bank and locum cover

•Management of sickness and absence


• Environmental sustainability management and reporting

•Management of capital projects

• Facilities and estates management

•Asset management plans

Capital and estates management


Audit Risk Assessment Methodology

Appendix B


The prioritisation of each area is based on our assessment of audit risk in terms

of inherent risk (consequence and likelihood) and mitigation (adequacy and

effectiveness of internal control). Our assessment takes into account corporate

risk, materiality or significance, system complexity, previous audit findings,

potential for fraud and sensitivity.

The desired frequency of rotational coverage is determined using the NHS

standard 5x5 risk assessment matrix; however audit judgement will be applied

in determining the proposed coverage in the strategic plan:

Lik

elih

oo

d o

f in

heren

t ris

k

Rare

(1)

U

nlikely

(2)

Possib

le (

3)

Pro

bable

(4)

Alm

ost

cert

ain

(5)

5 Every three

to five years

10 Every two

to four years

15

Every year or two

20

Every year or two

25

Every year or two

4 Rarely

unless mandated

8 Every

three to five years

12 Every two

to four years

16

Every year or two

20

Every year or two

3

Rarely

unless mandated

6

Every

three to five years

9

Every two

to four years

12

Every two

to four years

15

Every year or two

2

Rarely unless

mandated

4

Rarely unless

mandated

6

Every three to

five years

8

Every three to

five years

10

Every two to four

years

1

Rarely unless

mandated

2

Rarely unless

mandated

3

Rarely unless

mandated

4

Rarely unless

mandated

5

Every three to

five years

Insignificant (1) Minor (2) Moderate (3) Major (4) Catastrophic (5)

Consequence of inherent risk


Strategic Audit Plan 2015/16 to 2017/18

Appendix C


Planned output Mandated Audit Area

Corp Risk Register

NWSSP Plan

Prior Year Audit

[RAYG]

Audit Risk Rating [RAYG]

2015/16 2016/17 2017/18

Corporate governance, risk and

regulatory compliance

Governance & Accountability module N/A

Annual Governance Statement N/A

HIA Annual Report and Opinion N/A

Risk, Governance & Assurance N/A

Board Committee Assurance

Review of Standards for Healthcare

Services

Policies and procedures N/A

Fraud, theft & corruption N/A

Standards of Conduct ( DoI and G&H)

Corporate legislative compliance

(rotational coverage)

Health & Safety management

Welsh Risk Pool – Claims

Management Standard

Strategic planning performance

management and reporting

Strategic / Operational planning

Stakeholder engagement/

communication

Performance management/ reporting



Appendix C


Planned output Mandated

Audit Area

Corp Risk

Register

NWSSP

Plan

Prior Year

Audit [RAYG]

Audit Risk

Rating [RAYG]

2015/16 2016/17 2017/18

Commissioning

Management of SLAs

Continuing Healthcare

Funded Nursing Care

Non NHS Placements

Partnership governance

Third Sector

Business continuity planning

Research and Development

Emergency / major incident Planning

Discharges

Delayed Transfers of Care

Patient Access (Waiting List Mgt)

Financial governance and

management

Financial Improvements plans/

Financial budgetary management

Income / Cash Debtors

General Ledger Management

Capital Asset Management

NWSSP managed financial

systems – Accounts Payable /

P2P

CAATS – AP/P2P

NWSSP managed primary care

contractor payments:



Appendix C



Audit Area

Corp Risk

Register

NWSSP

Plan

Prior Year

Audit [RAYG]

Audit Risk

Rating [RAYG]

2015/16 2016/17 2017/18

General Medical Services

General Dental Services

General Ophthalmic Services

General Pharmaceutical

Services

Prescribing

E-expenses

Procurement (Health Board)

Private Patients

Charitable Funds

Losses and compensation

Petty Cash / Cash

Patients Monies and Property

Clinical governance quality &

safety

Annual Quality Statement N/A

Clinical Governance

Clinical Audit

Infection control

Clinical Storage

Medical equipment & devices

Medicines management (inc. waste)

Safeguarding ( inc POVA, POCA etc)

Patient Experience

Patient Outcomes

Mortality / RAMI



Appendix C



Audit Area

Corp Risk

Register

NWSSP

Plan

Prior Year

Audit [RAYG]

Audit Risk

Rating [RAYG]

2015/16 2016/17 2017/18

Putting things right: complaints,

incidents & redress

Clinical Networks

Learning from National Reviews /

Alerts

Catering and food hygiene

Information governance &

security

Information management and

governance ( inc. Calidcott, DPA, FOI)

Medical records management

Information management and

technology – network / servers

Telecoms/ Telephony

Information systems security

IT Systems

Operational service and functional

management

Risk management (inc. risk

assessment and registers)

Clinical Service Boards: Performance

Management, Governance and

Control Arrangements



Appendix C



Audit Area

Corp Risk

Register

NWSSP

Plan

Prior Year

Audit [RAYG]

Audit Risk

Rating [RAYG]

2015/16 2016/17 2017/18

Stocks and Stores

Operational Services

Public Health

Localities

Home Oxygen Services

UHB Primary Care Services

Out of Hours Services

Community Resource Teams


NWSSP systems – Payroll/ ESR

Payroll CAATS

Staff PADRs

ESR (MSS)

Recruitment –

Staff Rostering

Medical Staffing ( inc. Job planning)

Management of temporary staffing

(Bank, Agency and Locum staff).

Management of sickness and absence

Occupational Health Services

UHB Values



Appendix C



Audit Area

Corp Risk

Register

NWSSP

Plan

Prior Year

Audit [RAYG]

Audit Risk

Rating [RAYG]

2015/16 2016/17 2017/18

Equality Impact Assessments

Capital and Estates Management

Environmental sustainability reporting N/A

Carbon reduction Commitment

Capital Projects

Capital Systems

Primary Care Estate

Final Accounts

Estates Assurance



Appendix D


Planned output CRAF Outline Scope Executive

Lead

Outline

timing

Corporate governance, risk and

regulatory compliance (110)

Annual Governance Statement

---

To provide an opinion and undertake specific

areas of review to underpin the completion of

the Statement.

Board

Secretary

Q4

Governance & Accountability module

--

To provide an opinion on the process that has

been adopted and the evidence recorded

supports the self-assessment.

Board

Secretary

Q4

Annual HoIA Report --- Mandatory requirement to comply with the

Public Sector Internal Audit Standards and

Annual Governance Statement.

Board

Secretary

Q4

Risk Management & Assurance 8.2 Ongoing overview of general governance and

risk management arrangements. Undertake

specific areas of review to support annual

opinion.

Board

Secretary

Q1-4

Assurance to committee against key risks 8.2 To review the assurances against key risks

received by the Board and committees.

Board

Secretary

Q3

Standards for Healthcare Services 5.1.6 To provide an opinion on the process that has

been adopted for the Standards as approved by

the Quality and Safety Committee.

Director

Nursing

Q4

Claims Reimbursement

---

Review compliance with Welsh Risk Pool

Standard requirements for claims

reimbursement.

Director

Nursing

Q3/4

Legislative Compliance:

MHRA

8.1.8 Review UHB arrangements and compliance with

regulations.

Medical

Director

Q1/2



Appendix D



Lead

Outline

timing

Strategic planning performance

management and reporting (120)

IMTP

5.4 Review development and/delivery of the plans. Director of

Planning

Q2/3

Patient Access 5.3 Compliance with specific aspects of the Patient

Access policy.

COO Q3/4

Commissioning 2.1 Ensure that an overarching commissioning

system is in place to secure population based

outcomes

Director of

Public

Health

Q1/2

Business continuity follow up 6.4.1 To establish progress made by management in

the implementation of action agreed to address

key issues identified during the original review

of this area.

Director of

Planning

Q1/2

Delayed Transfers of Care

Review revised arranged for managing DTOCs COO Q3

Financial Governance and

management(60)

UHB Core Financial Systems 6.7 Review controls in place to mange key risk

areas within the main financial systems

Director of

Finance

Q3



Appendix D



Lead

Outline

timing

Charitable Funds

---- Review governance arrangements, including the

management of expenditure and donations.

Director of

Finance

Q4


(140)

Annual Quality Statement 5.1 To provide an opinion on the process that has

been adopted and the evidence recorded

supports the self-assessment.

Director

Nursing

Q1/2

Safeguarding - POVA 5.5 Review adequacy of arrangements in place and

compliance.

Director

Nursing Q1/2

Blood Management Review controls in place to mange key risk

areas within the system.

Medical

director Q1/2

Mental Capacity Act / DOLS 8.1.3 Review adequacy of arrangements in place and

compliance.

Medical

director Q1/2

Medicines Wastage 5.1.7 Review arrangements for minimising medicines

waste.

Medical

Director Q2/3

Concerns/complaints / E Datix 5.6 Review adequacy of arrangements in place,

compliance and system roll out.

Director of

Nursing Q2/3

Follow up meds mgt / clinical audit 5.1.7 Follow Up dependant on outcome of current

14/15 audits

Medical

Director

Q2/3

Information Governance and Security

(90)

Information Governance 8.1.5 Review arrangement for Information

Governance.

Medical

Director Q2

Telecoms follow up 6.8 Follow up Director of Q2



Appendix D



Lead

Outline

timing

Planning

Follow up records management 6.8 Follow up Medical

Director

Q3

Individual IT Systems -

2x TBA

6.8 Review controls in place to manage the system,

including security, data, contingency planning

and operations.

Director of

Therapies

Records Digitalisation 6.8 COO Q2

Operational service and functional

management (170)

Risk Management Arrangements 8.2 Review the process in place for the management of risk including compliance

with risk management and assessment procedure.

COO Q1/2

Outpatients Review the arrangements for booking and

level of Follow up outpatient appointments

COO Q2/3

Primary Care - GMS Contract Management 3.1.2 Review arrangements for management of

GMS contract

COO Q3/4

Provision of Out of Hours Services 5.3.2 Review the arrangements for the

management and monitoring the out of hours service.

COO

Q2/3

Community Resource Teams COO Q2/3

Stores / stock Review one of the UHB’s systems and

process for stock and stores management.

Director of

Finance

Q1-4



Appendix D



Lead

Outline

timing

Operational Services Review of key risk areas tba. Director Planning

Q2/3

Workforce management (130)

Absence management 6.2.1 Review staff management processes for the

management of absence across the UHB COO/HR Q1/2

Statutory & mandatory training. PADRS 6.2 To review arrangements in place that ensure

all staff have PADR and have been through

statutory & mandatory training.

COO/HR Q2/3

Rotas / Rostering 6.7 Review process for the development of rotas,

skill mix, gaps in hours planned breaks.

COO/HR Q2

Recruitment – filling vacancies 6.7 vacancy review and authorisation

Cost of holding vacancies to cost of temp staff

COO/HR Q2

Staff Flow / Medacs ( Medical locums) 6.7 Examination of controls in place for management of risks associated with locums and payments

Medical

Director

Q3/4

Capital and Estates (130)

Sustainability Reporting

6..4 To provide an opinion that the Health Board has

robust systems in place to record and report

minimum sustainability requirements as

required by the Welsh Government.

Director of

Planning

Q2

Carbon Reduction Commitment 6.4 To ensure the Health Board complies with the

requirements of the Order and that the

information held is accurate, complete and the

purchase of the credits is based upon actual

usage or informed estimates.

Director

Planning

Q2



Appendix D



Lead

Outline

timing

Capital Scheme - Neo Natal 6.4 Review scheme in an proving advisory support

and assurance work. Director

Planning

Q3

Capital systems - compliance with new

capital manual for discretionary and major

capital

6.4 Review scheme/ against requirements of new

manual Director

Planning

Q3

Backlog Maintenance Follow up 6.4 Follow up of previous report recommendations. Director

Planning

Q3

Primary Care Estate 6.4 Review of how the UHB is planning to manage

resource implications of the primary care

estate.

Director of

Planning

Q2/2

Capital / Estates Assurance

Equipment or energy management TBA

6.4 Director

Planning

Q4

Audit Management and Reporting 210

Contingency & Assurance and Advisory

(75)

This element of the plan allows the flexibility to

respond to management requests in order to

meet specific Health Board needs throughout

the course of the financial year.

Director of

Finance

Follow-up (45) We will conduct follow-up reviews throughout

the year to provide the Audit Committee with

assurance regarding management’s

implementation of agreed actions.

Director of

Finance



Appendix D



Lead

Outline

timing

Planning, Management and Audit

Committee (90)

An allocation of time is required for the

management of the service to the Health

Board:-

Planning liaison and management –

Incorporating preparation and attendance at

Audit Committee; completion of risk

assessment and planning; liaison with key

contacts and organisation of the audit

reviews; and

Reporting and meetings – Key reports will

be provided to support this, including

preparation of the annual plan and progress

reports to the Audit Committee.

Director of

Finance

Documents

Internal Audit Operational Plan 2015/16 and Audit … · of our approach to developing the strategic audit plan is Figure 1 below. Cardiff and Vale University Health Board ... Internal