IM&T Assurance

Information Governance controls, together with IT processes and controls are key to safeguarding assets, maintaining data security, integrity and the operational effectiveness of an organisation.

We have a team of QiCA and CISA qualified Audit staff who can offer advice and guidance on all aspects of IM&T assurance.

In addition to assessing current computer applications, IM&T Audit consults on the development and implementation of new systems to ensure that internal controls are established and comply with industry standards. As part of this we have supported NHS Wales in the implementation of a number of national projects including the E-financials oracle business suite and E-Expenses through on-going advice on controls design and formal gateway reviews.

We also undertake specific reviews designed to improve information governance and controls in the following areas: -

Information Governance e.g. Data Protection Legislation/Freedom of Information compliance;
Records management/ Caldicott Guardian compliance;
Strategic management and IM&T Strategy development;
IM&T risk management processes;
IM&T project management;
Information Security and General IT Control Environment;
Application and systems controls;
Networking and IT infrastructure;
Data Quality;
Disaster Recovery and Business Continuity arrangements;
Compliance with best practice e.g. ITIL/COBIT/ISO27001/Cyber essentials;

We also undertake interrogation of business critical systems using Computer Assisted Audit Tools and Techniques. In addition, we provide a data analytics service which can help an organisation to provide insights to its operations by developing deeper understanding of risks and controls effectiveness.

FAQs

What are the Public Sector Internal Audit Standards for NHS Wales?

The Public Sector Internal Audit Standards (PSIAS) are mandatory for all NHS Wales organisations and are issued by the Welsh Government who are the standard setter for NHS Wales.

The standards are based on the mandatory elements of the International Professional Practices Framework (IPPF) of the Global Institute of Internal Auditors (IIA). The PSIAS define the nature of internal auditing across the UK public sector setting basic principles and a framework that provides value to all NHS Wales organisations.

Further details can be found here: http://www.wales.nhs.uk/governance-emanual/internal-audit/

What is an Internal Audit plan?

In providing independent assurance that all NHS Wales organisations’ risk management, governance and internal control processes are operating effectively, we carry this out by developing a risk based annual internal audit plan for each organisation.

The plan details all the audit reviews to be undertaken in the coming financial year. In compiling the plan, the Head of Internal Audit meets with Executive Directors and Senior Managers in the organisation along with Independent Members of the Audit Committee, which is a Sub-Committee of the Board that oversees Internal Audit.

The purpose of these meetings is to identify areas where the organisation faces the most risk.

The Head of Internal Audit will review the outcome of each meeting along with the corporate risk register, Board and Sub-Committee meetings to gain further awareness of new developments/strategies which may expose the organisation to risk.

The draft plan is then shared with the Board Secretary and then submitted to the Audit Committee for approval.

Where do our audit reports go?

For each review in the audit plan, unless otherwise agreed with management, we will issue an audit report which includes an assurance opinion on how effective the internal controls are in the process/service/function.

We issue a draft report to our main key contact(s) to discuss and review for factual accuracy. We then obtain management responses to recommendations, if any, that we have made. Once the management responses have been accepted as addressing the risks and the timescales are acceptable, we seek Executive Director Approval to issue the report as final.

A copy or summary of each report is then presented at the next Audit Committee meeting.

Get in Touch

If you have a query for our Audit and Assurance Services. Please contact us below: