Audit & Risk Assurance Committee Annual Report For the period 1 April 2017 to 31 March 2018

Transcription

1 Paper: PB /10.iv Audit & Risk Assurance Cmmittee Annual Reprt Fr the perid 1 April 2017 t 31 March 2018 Intrductin 1. The purpse f the Cmmittee is t prvide an independent and bjective view f financial reprting, internal cntrl and risk assurance. 2. The Cmmittee is authrised t take decisins n behalf f NHS England n matters relevant t the purpse f the Cmmittee (but nt reserved t the Bard), t btain utside legal r ther independent prfessinal advice, and t secure attendance f utsiders with relevant experience and expertise if they cnsider this t be necessary. Overview f the Year 3. ARAC kept a clse watch n internal cntrl issues this year, including the tracking f internal audit actins, t maintain the frward mmentum frm previus years. It is pleased t reprt an verall imprvement in gvernance and internal cntrl, recgnised in the Head f Internal Audit pinin. Primary Care Services cntinued t be majr fcus f attentin and the issue f Cyber Security remains n the Cmmittee agenda particularly in light f the Wannacry incident. 4. There was a change f membership with Jhn Burn succeeding David Rberts. In the cming year we lk frward t welcming Jhn s successr and t increasing ur fcus n risk management. Meetings f the Cmmittee 5. During this perid, the Cmmittee met n five ccasins. 6. The members f the Cmmittee were as fllws: Janne Shaw (Chair) David Rberts (t December 2017) Wendy Becker Jhn Burn (frm December 2017) * nte that his membership ended in May 2018 Gerry Murphy (c-pted frm DH) 7. A summary f members attendance is given at annex 1.

2 Delivery f the Wrk Prgramme 8. During the perid f this reprt, the key issues cnsidered by the Cmmittee were: Internal Audit Apprved a plan f wrk fr and mnitred against that plan, including the cnsideratin f issues arising and high pririty recmmendatins being raised by Delitte; Cnsidered the Head f Internal Audit Opinin fr ; Fcussed n verdue audit recmmendatins t bring the number dwn; Cnsidered an update frm the Natinal Directr fr Strategy and Innvatin n the key cntrl pririties, risks and status f internal recmmendatins within that Directrate Mnitred prgress n the re-prcurement f the Internal Audit and Service Auditr reprting service, which resulted in the reappintment f Delitte. Mnitred arrangements fr service auditr reprting t clients f cmmissining supprt units. Cunter Fraud Apprved the creatin f an in-huse team t deliver the reactive cunter fraud service frm 1 April Reviewed the Tackling Fraud, Bribery and Crruptin Plicy Cnsidered the utcme f the NHS Cunter Fraud Authrity (NHSCFA) Review Assessment f NHS England against the Standards fr Cmmissiners: Fraud Bribery and Crruptin Apprved a practive plan fr ; and, Mnitred reactive and practive fraud wrk, prvided by Delitte, and received reprts n the vlume f cases under investigatin and strategic updates frm NHS Prtect. External Audit & Financial Reprting Cnsidered and recmmended the Annual Reprt & Accunts fr signature; Mnitred the timetable and delivery f the Annual Reprt & Accunts fr This included the prductin f Mnth 9 accunts and early draft f the Annual Reprt and Gvernance Statement; and, Received updates frm the NAO n their wrk thrughut the year, including the NAO planning risks and management s respnses t thse risks and ther issues raised. Cnsidered the Value fr Mney prgramme delivered by the NAO Gvernance Received updates n the Accuntabilities fr Data and Cyber Security in the NHS including the respnse t the Wannacry incident; Reviewed arrangements fr the implementatin f the General Data Prtectin Regulatins (GDPR) and the Natinal Data Opt-ut Prgramme;

3 Received updates n the issues arising frm the delivery f Primary Care Services supprt; Reviewed the arrangements fr btaining assurance ver Primary Care Cmmissining delegated t CCGs; Reviewed Gvernance and Assurance prcesses arund IT and Digital funding; Cnsidered and recmmended t the Bard fr apprval, updated Standing Orders, Standing Financial Instructins and Scheme f Delegatin; Received reprts n lsses and special payments made during the financial year; Received reprts n breaches f Standing Financial Instructins and, Received reprts n the Crprate Risk Register Cmmittee Matters Cnsidered the Cmmittee s frward wrk prgramme, including the timing f activities and, Reviewed the Cmmittee s Terms f Reference Wrk Prgramme fr 2018/19 Internal Audit Cnsideratin and apprval f the IA wrk prgramme; Mnitring delivery against the internal audit wrk prgramme t include a half year review; and, Mnitring management s delivery against agreed actins arising as a result f audit wrk undertaken. Cunter Fraud Review f NHS England s existing Ecnmic Crime Strategy; Cnsideratin and apprval f arrangements fr practive wrk Review f prgress n reactive wrk Mnitring delivery against the strategy and practive wrk prgramme; and, Mnitring management s delivery against agreed actins arising as a result f wrk undertaken. External Audit & Financial Reprting Cnsideratin and recmmendatin f the Annual Reprt & Accunts t the Accunting Officer fr signature; and, Mnitring the planning and delivery f the Annual Reprt and Accunts, including reprts received frm the NAO Gvernance Cnsideratin f Risk Management; Cnsideratin f any prpsed changes t Standing Orders, Standing Financial Instructins r the Scheme f Delegatin; Cnsideratin f prgress with Cyber Security; Further mnitring f the delivery f Primary Care Services supprt.

4 Cnsideratin f third party assurance and the management f significant cntracts. Review f gvernance arrangements between NHS England and NHS Imprvement in light f jint wrking. Cnsideratin f system assurance ver CCGs Cmmittee Matters On-ging cnsideratin f the Cmmittee s frward wrk prgramme; The Cmmittee has cnducted a review f effectiveness during the year Review f Terms f Reference 9. Revised terms f reference are attached at Annex 2 fr apprval. Assurance Statement 10. As Chair, I can cnfirm that the Audit and Risk Assurance Cmmittee has reviewed its business ver and met its delegated duties. There are n significant issues f cncern fr the Bard in this Annual Reprt. Recmmendatins 11. The Bard is asked t: Nte the reprt; Take assurance frm the Cmmittee with regard t delivery f the wrk prgramme; and, Adpt the revised Terms f Reference. Janne Shaw Chair, Audit & Risk Assurance Cmmittee

5 Summary f members attendance fr the perid 1 April 2017 t 31 March Janne Shaw Yes Yes Yes Yes Yes David Rberts Yes Yes Yes Yes Wendy Becker Yes Yes Yes Yes Yes Gerry Murphy Yes Yes Yes Yes Yes Jhn Burn N Annex 1

6 Annex 2 Terms f Reference AUDIT AND RISK ASSURANCE COMMITTEE Dcument file name: Terms f Reference Directrate: FINANCE Dcument reference ARAC V2.00 Owner Head f Status Draft Assurance Authr Head f Versin 2.00 Assurance Versin issue date 03/07/2018 Dcument management Revisin histry Versin Date Summary f changes 1.00 January 2017 New Template 2.00 June 2018 Minr amendments as part f annual review Apprved by This dcument must be apprved by the fllwing peple: Name Signature Title Date Versin Audit and Risk Assurance Cmmittee Via minutes n/a Annually NHS England Bard Via minutes n/a Annually Related dcuments Title Owner Lcatin Dcument cntrl The cntrlled cpy f this dcument is maintained by NHS England. Any cpies f this dcument held utside f that area, in whatever frmat (e.g. paper, attachment), are cnsidered t have passed ut f cntrl and shuld be checked fr currency and validity.

7 Cntents 1. Purpse Duties and Respnsibilities Membership Attendees Declaratin f Interest Meetings Qurum Infrmatin Requirements Reprting Terms f Reference Review Appendix 1: Membership 2017/

8 1. Purpse The Bard has established an Audit and Risk Assurance Cmmittee as a cmmittee f the Bard t supprt them in their respnsibilities.the Audit & Risk Assurance Cmmittee prvides an independent and bjective view f internal cntrl. The Cmmittee is authrised t take decisins n behalf f NHS England n matters relevant t the purpse f the Cmmittee (but nt reserved t the Bard) and t btain utside legal r ther independent prfessinal advice and t secure attendance f utsiders with relevant experience and expertise if they cnsider this t be necessary. The Cmmittee is authrised t c-pt additinal members fr a perid nt exceeding a year t prvide specialist skills, knwledge and experience. 2. Duties and Respnsibilities The Audit and Risk Assurance Cmmittee will advise the Bard and Accunting Officer n: The strategic prcesses fr risk, cntrl and gvernance and the Gvernance Statement; The accunting plicies, the accunts, and the annual reprt f NHS England, including the prcess fr review f the accunts prir t submissin fr audit, levels f errr identified, and management s letter f representatin t the external auditrs; The planned activity and results f bth internal and external audit; Adequacy f management respnse t issues identified by audit activity, including external audit s management letter; Assurances relating t the management f risk and crprate gvernance requirements fr NHS England; Prpsals fr tendering fr Internal Audit services r fr purchase f nnaudit services frm cntractrs wh prvide audit services; and, Anti-fraud plicies, whistle-blwing prcesses, and arrangements fr special investigatins. The Cmmittee will als peridically review its wn effectiveness and reprt the results f that review t the Bard. Nte: NHS England, and thus the Cmmittee, fulfils a dual rle with regard t the activities f NHS England itself and its versight f the wider NHS cmmissining system. While the gvernance f individual CCGs is a matter fr their respective Bards and Audit Cmmittees, the NHS England Audit & Risk Assurance Cmmittee will seek assurance that NHS England s versight and management f the cmmissining system is effective in securing delivery f the verall NHS strategy and in eliminating r mitigating strategic, financial and peratinal risks Gvernance, Risk Management and Internal Cntrl The Cmmittee will review the establishment and maintenance f an effective system f gvernance, risk management and internal cntrl, cvering all f NHS England s activities (including any hsted bdies) and supprting achievement f NHS England s bjectives

9 In particular, the Cmmittee will review the adequacy and effectiveness f: All risk and cntrl related disclsure statements (in particular the annual gvernance statement), tgether with the accmpanying Head f Internal Audit Opinin, external audit pinin r ther apprpriate independent assurances, prir t endrsement by the Bard, where necessary; The underlying assurance prcesses that indicate the degree f achievement f crprate bjectives, the effectiveness f the management f principal risks and the apprpriateness f the abve disclsure dcuments; The plicies fr ensuring cmpliance with relevant regulatry, legal and cde f cnduct requirements and related reprting and selfcertificatin; and, The plicies and prcedures fr all wrk related t fraud and crruptin as set ut in the Secretary f State Directins and as required by the NHS Cunter Fraud Authrity. The Cmmittee will primarily utilise wrk f internal audit, external audit and ther assurance functins but will nt limit itself t these surces. It will als seek reprts and assurances frm Officers as apprpriate, cncentrating n the ver-arching systems f gvernance, risk management and internal cntrl, tgether with indicatrs f their effectiveness. This will be evidenced thrugh the Cmmittee s use f NHS England s Bard Assurance Framewrk t guide its wrk and that f the audit and assurance functins that reprt t it. Internal Audit The Cmmittee will ensure there is an effective internal audit functin that meets mandatry Gvernment Internal Audit Standards and prvides apprpriate independent assurance n the full range f strategic, financial and peratinal risks t the Audit Cmmittee, Chief Executive and Bard. This will be achieved by: Cnsideratin f the prvisin f the internal audit service, the cst f the audit and any questins f resignatin and dismissal; Review and apprval f the internal audit strategy, peratinal plan and mre detailed prgramme f wrk ensuring that this is cnsistent with the audit needs f NHS England as identified in the Bard Assurance Framewrk; Cnsidering the majr findings f internal audit wrk (and management s respnse), and ensuring c-rdinatin between the internal and external auditrs t ptimise audit resurces; Ensuring that the internal audit functin is adequately resurced and has apprpriate standing within NHS England; and An annual review f the effectiveness f internal audit. External Audit The Cmmittee will review the wrk and findings f the external auditrs and cnsider the implicatins f and management s respnse t their

10 wrk. This will be achieved by: Cnsideratin f the appintment and perfrmance f the external auditrs, as far as the rules gverning their appintment permit; Discussin and agreement with the external auditrs, befre the audit cmmences, f the nature and scpe f the audit as set ut in the annual plan, and ensuring c-rdinatin, as apprpriate, with ther external auditrs perating within the NHS; Discussin with the external auditrs f their evaluatin f audit risks, their assessment f NHS England and the assciated impact n the audit fee; and Review f all external audit reprts, including the reprt t thse charged with gvernance, agreement f the annual audit letter befre submissin t the Bard, and any wrk undertaken utside the annual audit plan, tgether with the apprpriateness f management respnses. Other Assurance Functins The Cmmittee will review findings f ther significant assurance functins, bth internal and external t NHS England, and cnsider the implicatins fr the gvernance f NHS England. These will include, but will nt be limited t, any reviews by the Department f Health and Scial Care. In additin, the Cmmittee will review the wrk f ther Cmmittees within NHS England, whse wrk can prvide relevant assurance t the Cmmittee s wn scpe f wrk. The Cmmittee will review reprts and assurances frm Officers n the verall Crprate Perfrmance f NHS England, and the implementatin f NHS England s agreed plicies and standards. Cunter Fraud The Cmmittee will satisfy itself that NHS England has adequate arrangements in place fr cuntering fraud and will review the utcmes f cunter fraud wrk. The cmmittee will review arrangements by which staff may, in cnfidence, raise cncerns abut the pssible imprprieties in matters f financial reprting r ther matters. Management The Cmmittee will request and review reprts and psitive assurances frm Officers n the verall arrangements fr gvernance, risk management and internal cntrl. The Cmmittee may als request specific reprts frm individual functins within NHS England as they may be apprpriate t the verall arrangements. The Cmmittee will receive assurance n cmpliance with Standing Financial Instructins.

11 Financial Reprting The Cmmittee will mnitr the integrity f the financial statements f NHS England and any frmal annuncements relating t NHS England s financial perfrmance. The Cmmittee shuld ensure that the systems fr financial reprting t the Bard, including thse f budgetary cntrl, are subject t review bth as t the cmpleteness, accuracy and fitness fr purpse f the infrmatin prvided t the Bard and with regard t the effectiveness f the Bard s cnsideratin f this infrmatin. The Cmmittee will review the annual reprt and accunts befre submissin t the Bard, fcusing particularly n: The wrding in the annual gvernance statement and ther disclsures relevant t the terms f reference f the Cmmittee; Changes in, and cmpliance with, accunting plicies, practices and estimatin techniques; Unadjusted mis-statements in the financial statements; Significant judgments in preparatin f the financial statements; Significant adjustments resulting frm the audit; Letter f representatin; and Qualitative aspects f financial reprting. 3. Membership The Audit and Risk Assurance Cmmittee membership will be as fllws: Chair a Nn-executive directr wh shuld have a financial qualificatin r recent and relevant financial experience (in the absence f the Chair anther Nn-executive directr wh is a member f the Cmmittee). At least tw ther Nn-executive directrs. The fllwing members f the Audit and Risk Assurance Cmmittee have been appinted by the Bard: Janne Shaw ( Chair) Wendy Becker David Rberts (t December 2017) Jhn Burn (frm December 2017) Gerry Murphy (c-pted frm the Department f Health) The Chair f the NHS England Bard reserves and exercise the right t attend any r all meetings f this Cmmittee. Attendees The fllwing individuals will attend as apprpriate t prvide advice, supprt and infrmatin but are nt members f the Audit and Risk Assurance Cmmittee and therefre, d nt have vting rights: Chief Executive as required. As a minimum this shuld be when the Cmmittee cnsiders the draft internal audit plan and the annual accunts

12 and, at least annually, t discuss the prcess fr assurance that supprts the Annual Gvernance Statement. Chief Financial Officer. Natinal Directr: Transfrmatin and Crprate Operatins Directr f Financial Cntrl Directr f Gvernance. Representative(s) f External Audit. Representative(s) f Internal Audit. The Audit and Risk Assurance Cmmittee may ask any ther fficials f the rganisatin t attend and assist it with its discussins n any particular matter; The Audit and Risk Assurance Cmmittee may ask any r all f thse wh nrmally attend but wh are nt members t withdraw t facilitate pen and frank discussin f particular matters. At least nce a year the Cmmittee will meet privately with the Internal and External Auditrs 4. Declaratin f Interest All members and attendees f the Audit and Risk Assurance Cmmittee must declare any relevant persnal, nn-persnal, pecuniary r ptential interests at the cmmencing f any meeting. The Chair f the Cmmittee will determine if there is a cnflict f interest such that the member and/r attendee will be required t nt participate in a discussin. The Bard Secretariat can prvide advice n this matter and in additin, guidance n reprting Declaratin f Interests can be fund at SO9.1 f the Standing Orders and Standards f Business Cnduct. A template fr the Declaratin f Interest can be fund here. 5. Meetings The Audit and Risk Assurance Cmmittee will be prvided with a secretariat functin by the Head f Assurance frm the Finance team. The Bard r the Accunting Officer may ask the Audit and Risk Assurance Cmmittee t cnvene further meetings t discuss particular issues n which they want the Cmmittee s advice. Qurum The Audit and Risk Assurance Cmmittee will meet at least 5 times a year. The Chair f the Audit and Risk Assurance Cmmittee may cnvene additinal meetings, as they deem necessary; A minimum f 2 members will be present fr the meeting t be deemed qurate.

13 In additin, the Chief Financial Officer will nrmally be expected t attend unless the Cmmittee expressly decides that it has business that needs t be restricted t Members nly 6. Infrmatin Requirements Fr each meeting the Audit and Risk Assurance Cmmittee will be prvided (nt less than five wrking days prir t the meeting) with a full set f papers t be discussed at the meeting. These will all be available n Bardpad r ther system recmmended by the Bard secretariat. 7. Reprting The Audit and Risk Assurance Cmmittee will reprt in writing t the Bard and Accunting Officer after each meeting. The Audit and Risk Assurance Cmmittee will prvide the Bard and Accunting Officer with an Annual Reprt in July each year, timed t supprt finalisatin f the accunts and the Gvernance Statement, summarising its cnclusin frm the wrk it has dne during the year. 8. Terms f Reference Review The Audit and Risk Assurance Cmmittee Terms f Reference will be reviewed as a minimum n an annual basis.

14 Appendix 1: Membership 2017/18 Membership Members: Janne Shaw Nn Executive member Wendy Becker Nn Executive member David Rberts Nn Executive member (t December 2017) Jhn Burn Nn Executive member ( frm December 2017) Gerry Murphy Nn Executive member (c-pted frm DHSC) Regular Attendees: Simn Stevens Chief Executive Paul Baumann Chief Financial Officer Matthew Swindells Natinal Directr Operatins and Infrmatin Emily Lawsn Natinal Directr Transfrmatin and Crprate Operatins Adrian Snarr Directr f Financial Cntrl Steve Verdn Directr f Gvernance (last meeting July 2017) Kath Ibbtsn Interim Directr f Gvernance and Legal Services (first meeting February 2018) David Nn Delitte LLP Mrag Childs Delitte LLP Mike Newbury Natinal Audit Office David Hakin Natinal Audit Office Lisa Mses Department f Health and Scial Care Secretariat: David Prcter Senir Finance Manager Assurance