PUBLIC
Minutes of the Audit Committee,11 June 2014

Audit Committee

[DRAFT] Minutes of theextraordinary meeting
held on 11 June 2014 at 12:30
in the Boardroom, Chancellor Court, Oxford OX4 2GX

Present:
Alyson Coates / Non-Executive Director (Chair/AC)
Anne Grocock / Non-Executive Director (AG)
Cedric Scroggs / Non-Executive Director (CS)
Lyn Williams / Non-Executive Director (LW)
In attendance:
Paul Grady / Head of Internal Audit, TIAALtd (PG)
Gareth Robins / Counter Fraud Manager, TIAALtd (GR)
Hannah Smith / Assistant Trust Secretary (Minutes) (HS)
1. / Welcome and Apologies for absence
a / Apologies for absence were received from: Sue Dopson, Non-Executive Director; Stuart Bell, Chief Executive; Mike McEnaney, Director of Finance; and Justinian Habner, Trust Secretary.
INTERNAL AUDIT AND COUNTER FRAUD
2.
a
b
c
d
e
f
g
h
i
j
k / Internal Audit Planning 2014/15
PG tabled:
  • for discussion: (i) an Internal Audit and Counter Fraud Planning Update; (ii) a revised Internal Audit Plan 2014/15; and (iii) a revised Counter Fraud Plan 2014/15; and
  • for information: (i) an example IT risk assessment; (ii) an Audit Committee Chairs’ briefing note; and (iii) a digest of the implementation of Francis Report recommendations.
PG referred to page 3 in the Planning Update report which responded to comments from the previous meeting. PG highlighted that:
  • a red/amber/yellow/green (RAYG) rating had been used in the Internal Audit Plan. Areas such as financial systems and financial management had been given a default red rating in the absence of further risk evaluation but it was anticipated that this would change once further work had taken place and that any final risk rating was likely to only be red for some specific areas such as the Cost Improvement Programme which the Trust had already red-rated in its Board Assurance Framework (BAF);
  • further work was planned to: (i) integrate the Counter Fraud risk assessment with the financial risk assessment; and (ii) undertake an early audit around IT risk identification, measurement and response. The tabled example IT risk assessment demonstrated the type of output which could result from the informatics risks audit; and
  • further to discussion with the Trust Secretary and the Head of Quality and Safety, it was proposed to reallocate 5 days in the Internal Audit Plan from review of the Integrated Governance Framework to review of the BAF, risk registers and risk management.
The Chair reminded Internal Audit that the Committee had previously found it helpful to receive and comment upon the proposed brief for internal audits, once the scope had been discussed with management. This had sometimes resulted in more focus in internal audits. PG replied that Internal Audit would continue to involve the Committee in scoping audits and referred to page 4 in the Planning Update report which confirmed that terms of reference for individual audits would be shared with Executive Leads and the Committee for comment. The Committee considered the proposed 10 working day time target for comments and noted that this should be more than sufficient and that the Committee was likely to comment within 5 working days if comments were necessary.
The Chair noted that the Committee’s practice on late management responses to Internal Audit recommendations had been to invite management to attend Committee meetings and respond in person to the recommendations. PG referred to page 4 in the Planning Update report and the section on performance monitoring/progress reporting. Internal Audit proposed producing regular monitoring reports, as part of standard contract monitoring, which could also be shared with the Committee to provide early feedback on progress with internal audits and management responses to recommendations. PG proposed circulating a monitoring report to the Committee prior to the next meeting in September 2014 for comments.
The meeting discussed proposals for the allocation of Internal Audit days not previously allocated, as set out on page 3 in the Planning Update report:
  • violence and aggression had been suggested by management as a topic to cover under harm reduction priorities. PG noted that TIAA Ltd had previously conducted similar audits elsewhere in the context of NHSLA standards around security management services. TIAA Ltd would look to liaise with the Trust’s security management specialist. The Committee noted that violence and aggression may be particularly relevant for some forensic mental health services. Other recent SIRIs had also highlighted the impact of staff changes, departure of experienced staff and continuity of treatment;
  • care plan management, subject to taking account of related clinical audit assurance. LW highlighted that there had been inconsistencies with storing care plan information through the current electronic health record. The implementation of the next generation electronic health record may resolve these inconsistencies. The Chair added that it would be worth Internal Audit considering: how information was recorded, especially in cases when initial care plans were revised or amended; where the information was recorded; and how accessible it was. PG noted that Internal Audit could review the outcomes of clinical audits and consider whether the next generation electronic health record would give better assurance in relation to care plans; and
  • health and safety and a review of the implementation of an action plan developed in relation to risk of falling from windows. The Committee suggested that it would also be useful if Internal Audit undertook a wider review of the processes for identifying and providing assurance against other health and safety risks. The Chair noted that at present assurance was available against specific risks which were already being monitored, such as ligature risks, but that there should also be assurance that other or new risks were being identified. AG added that review of the relevant local risk registers may be useful.
The Chair asked how many unallocated Internal Audit days remained. PG replied that there were no unallocated days remaining but that there was still flexibility in the plan depending upon how days against Area 5 (Developing Leadership, People and Culture) were used.
The Chair asked what Internal Audit could contribute in more clinical areas and how the 10 days planned for internal audits of clinical audit arrangements would be used. PG replied that these days would be used to review how clinical audit was organised, how topics were identified and linked to risk, the practicalities of delivery and action planning. If specific clinical issues were identified then these could form the basis of Internal Audit focus in future review periods.
The Committee discussed the relative independence of clinical auditors. LW expressed concern as to the assurance available that clinical audits had been undertaken sufficiently rigorously if clinical auditors were not independent. PG replied that the opposite could sometimes be the case and that TIAA Ltd had previously undertaken a review which had demonstrated that clinicians in the same NHS Trust acting as clinical auditors had been too harsh upon their colleagues in their audit. The Chair added that it would still be useful to review how the clinical audit programme had been chosen, whether the right areas had been chosen, the independent governance surrounding clinical audits and the visibility and scrutiny available on clinical audits. AG noted that although some clinical audits were chosenbecause of national requirements, internally recommended clinical audits may be more critical and useful and should perhaps be afforded a higher ranking if one were available.
The Chair noted that the new NHS Audit Committee Handbook had clarified the Committee’s responsibilities in relation to whistleblowing. The Board already received reporting on the number and progress of whistleblowing cases. However, the Committee noted that it would be useful if Internal Audit could consider whether the right cases had been identified and correctly classified, how whistleblowing arrangements were working, whether appropriate teams were investigating and assessing these and whether more Non-Executive Director involvement would be appropriate. PG replied that Internal Audit could include a review of whistleblowing as part of the work to be carried out on governance and CQC compliance.
The Committee highlighted that Internal Audit should focus when possible upon clinical quality and elements of HR and Estates. PG noted that HR was already included within the Internal Audit Plan and the Counter Fraud Plan. GR added that pre-employment checks within HR would be considered as part of the Counter Fraud Plan.
The Committee noted the reports and the revised Internal Audit Plan 2014/15 and the revised Counter Fraud Plan 2014/15. / PG
PG
PG
PG
PG
PG
PG
3.
a / AOB
None.
The meeting was closed at: 13:24.
Date of next meeting: Thursday, 18 September 2014 09:30-12:00

1

PUBLIC
Minutes of the Audit Committee,11 June 2014

1