Paper 14 Minutes of NHS Ayrshire & Arran Audit Committee Meeting held on Wednesday 22 November 2017 at 14:15 hours in meeting room 1, Eglinton House, Ailsa Hospital Present Mr Alistair McKie, (Chair) Non-Executive Board Member Mr Stewart Donnelly, Non-Executive Board Member Lisa Tennant, Non-Executive Board Member Mr Robert Martin, Non-Executive Board Member In attendance Mr Bob Brown Mr John Burns Mr Derek Lindsay Mr Andy Grayer Ms Claire Sweeney Ms Kirsty Whyte Karlyn Watt Ms Kelly MacFarlane Ms Lindsay Paterson Paul Reynaulds Mr Paul Doak Assistant Director of Finance (Governance and Shared Services) Chief Executive Director of Finance Assistant Director, ehealth & Information Services Associate Director, Audit Scotland Audit Manager, Audit Scotland Senior Manager, Deloitte PricewaterhouseCoopers PricewaterhouseCoopers PricewaterhouseCoopers Senior Manager Chief Internal Auditor, North Ayrshire Council Mrs Frances Forsyth (Minutes) 1. Apologies Mrs Janet McKay, Non-Executive Board Member Cllr Douglas Reid, Non-Executive Board Member Board Member 2. Declaration of interests There were none 3. Audit Scotland report: NHS in Scotland 2017 Committee members received a presentation from Audit Scotland explaining the role of public audit in Scotland and the specific areas reviewed on an annual basis relating to health and social care. The Associate Director from Audit Scotland 1 of 6
noted that the emphasis for the report presented to the Committee was a little different from previous years in that there was greater focus on the financial balance and performance against targets to demonstrate the scale and size of the challenge facing the NHS in 2017. Audit Scotland posed the question, What needs to happen when it is evident that more of the same is not enough? The Audit Manager told Committee members that in spite of changes which had been made in the NHS, there were still marked inequalities amongst those accessing healthcare. Audit Scotland identified areas where there were opportunities for progress towards the Government s vision for the provision of healthcare in the future, including a general consensus on the direction of travel, committed and hard working staff, and integration. However, the key findings were that the NHS faced significant challenges: Lack of financial flexibility and the need to balance the books each year meant there was a lack of ability for long term planning Growing demand Issues facing general practice Crucial to achieving the Government s 20:20 Vision was Health and Social Care Integration. Audit Scotland again found many challenges with Councils under pressure and a need for financial planning in the medium/long term. There was also a need for NHS Boards and Integration Joint Boards to do things differently and to make fundamental decisions about how services will be provided and funded. The Director of Finance was pleased that the report acknowledged that the increasing use of non-recurring sources to achieve cost savings was unsustainable. One of the Non-Executive Committee members asked Audit Scotland if they believed that the Government understood that savings brought about by changes to service delivery couldn t happen overnight. The Associate Director for Audit Scotland believed that the scale of the challenge was recognised; she felt optimistic that once the financial plan, expected in February, was in place, that the delivery plan for the movement of services to the community would move forward. The Chair thanked the representatives from Audit Scotland for their interesting and informative presentation. 4. Minutes of the meeting held on 6 th September 2017 4.1 The minutes were approved as an accurate record of the meeting. 5. Matters arising/action Log 5.1 The status of all actions was noted as appropriate. 5.2 Internal Audit: Laboratory Controls The Committee received information demonstrating progress against recommendations made in an internal audit report on Laboratory Controls which had been noted as outstanding at the previous Audit Committee meeting. It was noted that the recommendation that additional resource be put in place to support the transition in accreditation standards within the laboratories had been completed. 2 of 6
The transition to ISO 15189 accreditation complete for microbiology and nearing completion for biochemistry, haematology and pathology. Committee members were satisfied that the audit recommendations were being taken forward and were provided with assurance that the annual audit follow-up report conducted by the Internal Auditors would review progress. 6. Internal Audit 6.1 Internal audit activity report The Board s Chief Internal Auditor noted progress against the 2017/18 plan explaining that four reports had been issued to date, which was a little behind schedule. Nonetheless, plans were in place to ensure completion of the programme of reviews and there was no risk to the annual assurance statement. Two reports had been finalised since the previous meeting and were presented to the Committee. 6.2 Gifts, Gratuities and Hospitality The Auditor explained that the report had been conducted in line with a Scottish Government directive that all Health Boards should be able to provide assurance that controls were in place to comply with the Bribery Act 2010. The report had been graded as medium risk resulting from the identification of four medium and two low risk recommendations. The Auditor recognised that it was difficult for the Board to know that all gifts, gratuities and hospitality had been recorded. Key to achieving this, was to ensure that policies and procedures were clear and that staff were aware of the requirements and knew that all offers must be recorded, including those which were declined. Actions had been agreed with management and would be taken forward. 6.3 Cyber Security A detailed overview of the report was provided to the Committee by the auditor who had conducted the review of the Board s Cyber Security. The objective of the review was to determine the Board s current and desired cyber maturity levels across the six critical cyber security domains, defined in PricewaterhouseCooper s diagnostic tool. The auditor reported that NHS Ayrshire and Arran was in line with its peer group in relation to maturity of cyber security controls and in a number of areas was more mature; there was a dedicated cyber security team, cyber security was well integrated across ehealth, security awareness was high and there were strong technical processes in place. However, there were a number of areas where improvements could be made to strengthen the security control framework. The Assistant Director, ehealth & Information Services welcomed the report and confirmed that ehealth had already started to address some of the points raised, particularly around Shadow IT/Data Loss Prevention. The Committee were told that Ayrshire and Arran were part of a West of Scotland Group which was considering the Technology Domain including the hardening of standards for the building of servers and network devices and user attestation and that penetration testing was being considered at a regional / national level due to the cost. 3 of 6
The report would be passed to the Information Governance Committee which would take the lead in monitoring progress against the actions. The Director of Finance suggested that the Information Governance Committee may wish to consider the classification of cyber security in the Strategic Risk Register to reflect the fact that there were plans in place to treat the risk which was currently classified as a risk which would be tolerated. 7. External Audit 7.1 2017/18 Planning A progress report and timeline for the 2017/18 external audit was provided to the Committee. Auditors had been on site at the Board at the beginning of November to complete the planning work. Details from Audit Scotland about the input required in relation to performance audits and impact reports on Changing Models of Health and Social Care and also Health and Social Care Integration (part 2) were still awaited. The draft audit plan would be submitted to management in December 2017 for comments and feedback before being submitted to the Audit Committee at its meeting on 21 st February 2018. 8. Governance 8.1 North Ayrshire Health and Social Care Partnership The Audit Committee received a copy of the Internal Audit plan for 2017/18 noting that the timing of the Integration Board had meant that the report had not been available for the September meeting of NHS Ayrshire and Arran s Audit Committee. In line with East and South Ayrshire, 25 audit days had been set aside; 10 to support the North Ayrshire Council Chief Internal Auditor, and 15 to carry out a review of complaints procedures and governance. The Committee was also provided with a copy of the North Ayrshire Council audit plan in which areas relevant to Health had been highlighted. The Director of Finance noted that the work of the North Ayrshire Health and Social Care Partnership was referenced twice in the Audit Scotland Overview report which had been discussed earlier in the meeting. 8.2 Strategic Risk Register The Audit Committee received a complete copy of the Strategic Risk Register in accordance with its role of having an overview of all risks. The Committee accepted the progress report. 8.3 Tender exception report Four exceptions to the tender protocols approved since the previous meeting were notified to the Committee. 4 of 6
The Director of Finance gave assurance that waiver applications were carefully considered by himself and the Assistant Director of Finance and that not all applications were approved. The Committee was satisfied that the exceptions presented had been considered appropriately and met the criteria. 9. Counter Fraud Four new referrals had been received by the Board s Fraud Liaison Officer in the period 25 th August to 14 November 2017. One of these cases was an allegation involving a conflict of interest between NHS employment and private practice. Following investigation by Human Resources the case was closed as the allegation was considered un-founded. The status and actions taken in all cases was noted by the Audit Committee. Referrals where investigations were ongoing were also reported. The Assistant Director of Finance advised that Counter Fraud Services (CFS) had submitted a report on their national investigation into alleged mis-use of the tender process relating to two telecoms suppliers to the Procurator Fiscal. The Annual Fraud Prevention Plan for 2017/18 had been prepared following the annual visit from CFS. The Assistant Director explained that further Cybercrime awareness raising sessions would be offered to staff and that Board management were considering the CFS workshop on Bribery and Corruption, both areas which had been raised in internal audit reviews to this meeting. 10. Any other competent business John Burns left the meeting prior to discussion of the next item. 10.1 The Chair of the Audit Committee sought approval to engage the internal auditors, PricewaterhouseCoopers, to conduct a review of governance arrangements in relation to the Board s relationship with dental practitioners. The Chair had been asked by the Board Chairman to establish a sub group of the Audit Committee following an industrial tribunal earlier in the year and subsequent questions during a ministerial visit. The chief internal auditor explained that the review would look at governance arrangements, performance monitoring, the complaints procedure and grievance and disciplinary process including the Board s links with the General Dental Council. The auditors would produce a report to be considered by the subcommittee prior to reporting to the Board on 29 th January 2018, (prior to the next Audit Committee). Audit Committee members approved the proposal. 11. Date of next meeting The next meeting will take place on Wednesday 21 st February at 14:15 in meeting room 1, Eglinton House, Ailsa Hospital, Ayr. 11.1 Meeting dates 2018/19 Dates were noted as below: 5 of 6
Date Time Venue Wednesday 2 nd May 14:00 Room 1, Eglinton House, Ailsa Hospital Friday 15 th June 10:00 Room 1, Eglinton House, Ailsa Hospital Wednesday 19 th September 14:00 Room 1, Eglinton House, Ailsa Hospital Wednesday 21 st November 14:00 Board Room, Ayr Hospital Wednesday 6 th February 2019 14:00 Room 1, Eglinton House, Ailsa Hospital Approved by Chair of the Committee:... Date:... 6 of 6