The Internal Audit Office is responsible for providing an independent, objective and impartial appraisal of the activities of the Hospital so as to contribute to the Board assessment of the effectiveness of the systems of governance, risk management, controls and compliance. Internal Audit is independent of the management of the Hospital. The Internal Auditor reports directly to the Hospital’s Audit Committee, a Principal Committee of Board, on professional matters. The Office is attached to the Chief Executive Office for administrative purposes only.
- Internal Audit assist Hospital’s management and the Audit Committee of the Board in effectively fulfilling their responsibilities. Internal Audit is charged with examining and evaluating the policies, procedures and systems which are in place to ensure: the reliability and integrity of information; compliance with policies, plans, laws, and regulations; the safeguarding of assets; and, the economical and efficient use of resources.
An Internal Audit plan is prepared by Internal Audit and submitted to the Audit Committee for approval. The development of the annual internal audit plan is based on information gathered through a broad consultation across Tallaght Hospital and a formal assessment of existing and emerging risks.
- Internal Audit perform a wide range of audit services to the Hospital including: financial audits, compliance audits, operational audits, information technology audits, departmental audits, investigative audits and follow up audits. A brief description of each is as follows:
- Financial Audits: A historically oriented, independent evaluation performed for the purpose of attesting to the fairness, accuracy, and reliability of financial data.
- Compliance Audits determine the degree of adherence to laws, regulations, policies, and procedures of the Hospital and other regulatory agencies.
- Operational Audits review the use of resources and procedures/practices in the department being audited to determine if goals and objectives are being met in the most effective and efficient manner. A key component of operational audits is to assess the internal control environment of the unit to manage and mitigate inherent risks.
- Information Technology Audits evaluate system processing controls, data security, physical security, systems development procedures, contingency planning, and systems requirements.
- Department Review: An analysis of administrative functions, to evaluate the adequacy of controls, safeguarding of assets, efficient use of resources, compliance with related laws, regulations and Hospital policy and integrity of financial information.
- Investigative audit: This is an audit that takes place as a result of a report of unusual or suspicious activity on the part of an individual or a department. It is usually focused on specific aspects of the work of a department.
- Follow-up audits: These are audits conducted approximately six months to one year after an internal audit report has been issued. They are designed to evaluate corrective action that has been taken on the audit issues reported in the original report.
The Audit Process
In general, a typical audit includes the following sequential steps:
- Scheduling of a planning meeting with relevant stakeholders to discuss the audit objectives, timing, and report format and distribution.
- Terms of reference agreed between Internal Auditor and relevant member of Senior Management.
- Commencement of fieldwork which concentrates on transaction testing and informal communications. It is during this phase that Internal Audit determine whether the controls identified during the preliminary review are operating properly and in the manner described by the client. The fieldwork stage concludes with a list of significant findings from which the auditor will prepare a draft of the audit report.
- Discussing with management all preliminary observations.
- Preparing the draft report, issuing to management for comments. Management will assign a responsible owner for each recommendation and advice of an implantation date for the comment.
- Audit report will be brought to Audit Committee and issues raised in report will be discussed.
- Following up on critical issues raised in audit reports to determine if they have been successfully resolved.
Internal Audit approach all work on a positive basis and do not seek to find fault or attribute blame but focus on the future improvement of current governance, risk management, internal controls and systems and processes.