Internal Audit

Man using calculator when analysing reports

Internal Audit is an independent, mandatory function that provides an objective assurance and, where requested, consultancy service to the whole of NHS Wales.

Our aim is to help the whole of NHS Wales deliver a safe, high quality citizen-centered service through evaluating the effectiveness of the systems of internal control which underpin the provision of healthcare to service users.

We provide the Accountable Officer, Board and Audit Committee in each organisation with an independent opinion on the degree to which risk management, control and governance arrangements are embedded to support the achievement of the organisations strategic aims/objectives.

Our Internal Audit teams have a depth of both public and private sector experience and can deliver our services in compliance with the Welsh Language Act.

We have a significant number of qualified CMIIA/CCAB colleagues supported by other qualified and experienced staff in other specialisms including PRINCE2® Foundation Level, capital assurance and informatics assurance.

We pride ourselves on being a local service, to meet our clients’ needs and have offices the length and breadth of Wales.

We comply with the Public Sector Internal Audit Standards for the NHS by adopting a risk based approach to our work, utilising the organisations’ Assurance Frameworks, thus bringing together both risks and gaps in assurance which may undermine the organisation delivering on its statutory responsibilities and defined strategic aims/objectives. Through this approach we focus our audit resources on the areas of greatest risk.

We develop the Audit Plan in accordance with the Public Sector Internal Audit Standards – Standard 2010 – Planning, to enable the Head of Internal Audit to provide internal audit services in a way which facilitates:

The provision to the Accountable Officer of an overall annual opinion on the organisation’s risk management, control and governance, which, in turn, supports the preparation of the Annual Governance Statement;
Audit of the organisation’s risk management, control and governance through operational audit plans, in a way which affords suitable priority to the organisation’s objectives and risks;
Improvement of the organisation’s risk management, control and governance by providing focused recommendations arising from audit work;
Effective co-operation with the external audit and other review agencies i.e. Healthcare Inspectorate Wales.
Provision of both assurance and advice by internal audit.

The internal audit plans will include, as a minimum, coverage of mandatory assurance areas of core financial cycles; Standards for Health Services; Governance and Accountability Module and Welsh Risk Pool defined standard for claims management compliance.

To keep the Board aware of risks, we provide progress reports to the Audit Committee in compliance with the Audit Committee Handbook and Public Sector Internal Audit Standards, detailing the assurance provided on set reviews and updating the Committee on management’s progress in implementing previously agreed recommendations.

As we are part of NHS Wales, we are committed to ensuring the delivery of a high quality service to all the organisations. Accordingly we will regularly meet with the nominated Director responsible for the service as well as routine attendance at all-Wales Board Secretaries meetings and all-Wales Assistant Committee Chair's meeting.

FAQs

What are the Public Sector Internal Audit Standards for NHS Wales?

The Public Sector Internal Audit Standards (PSIAS) are mandatory for all NHS Wales organisations and are issued by the Welsh Government who are the standard setter for NHS Wales.

The standards are based on the mandatory elements of the International Professional Practices Framework (IPPF) of the Global Institute of Internal Auditors (IIA). The PSIAS define the nature of internal auditing across the UK public sector setting basic principles and a framework that provides value to all NHS Wales organisations.

Further details can be found here: http://www.wales.nhs.uk/governance-emanual/internal-audit/

What is an Internal Audit plan?

In providing independent assurance that all NHS Wales organisations’ risk management, governance and internal control processes are operating effectively, we carry this out by developing a risk based annual internal audit plan for each organisation.

The plan details all the audit reviews to be undertaken in the coming financial year. In compiling the plan, the Head of Internal Audit meets with Executive Directors and Senior Managers in the organisation along with Independent Members of the Audit Committee, which is a Sub-Committee of the Board that oversees Internal Audit.

The purpose of these meetings is to identify areas where the organisation faces the most risk.

The Head of Internal Audit will review the outcome of each meeting along with the corporate risk register, Board and Sub-Committee meetings to gain further awareness of new developments/strategies which may expose the organisation to risk.

The draft plan is then shared with the Board Secretary and then submitted to the Audit Committee for approval.

Where do our audit reports go?

For each review in the audit plan, unless otherwise agreed with management, we will issue an audit report which includes an assurance opinion on how effective the internal controls are in the process/service/function.

We issue a draft report to our main key contact(s) to discuss and review for factual accuracy. We then obtain management responses to recommendations, if any, that we have made. Once the management responses have been accepted as addressing the risks and the timescales are acceptable, we seek Executive Director Approval to issue the report as final.

A copy or summary of each report is then presented at the next Audit Committee meeting.

Get in Touch

If you have a query for our Audit and Assurance Services. Please contact us below: