The seventh in our fortnightly series of guest blog posts focusing on sector specific challenges from an internal audit perspective.
Take a look through the lens of the NHS.
Adapting to the risk landscape is critical for internal audit. Sticking to the plan is not always an option.
When lockdown first hit in March 2020, internal auditors, like the rest of world, were faced with immediate issues to overcome so that they could continue to function. My internal audit and counter fraud teams were relatively well placed to continue with normal business. Our technology and flexibility meant we were able to cope and function surprisingly well. Unfortunately, our NHS clients soon became totally immersed in their response to the pandemic and asked that we stop audits, so we redeployed our teams to support front line services.
Many of the challenges have been in the headlines over the last year: from securing PPE of appropriate quality and volume and managing oxygen supplies, to the logistics of feeding staff on shift and dealing with the backlog of non-covid conditions.
As an organisation that fully embraces a risk-based approach, we needed to recognise and develop the skills needed and the volume of technical resource required to address the dramatic shift in the assurance needs of the NHS.
The pandemic has introduced new priorities for internal audit assurance in relation to the risks associated with the management of intensive care units, delivery of the vaccination programme, understanding the impact of long-covid and continuity plans for further potential new outbreaks.
All on top of existing diverse and complex risks.
An article in the British Medical Journal reflects on key strategic issues such as inequalities in social care and health, rising demand on both adult and children services, plus the challenge of effective mental health support.
In March NHS England set out its priorities for the year ahead – these are directly relevant to our assurance plans and the needs of governance leaders. Part of our challenge as internal auditors is to ensure that the risk management framework enables efficient and effective delivery against these priorities with appropriate controls in place to mitigate risk.
Here are the priorities:
As we closed out last year we looked for and achieved efficiency savings and remarkably managed to deliver sufficient work to give the head of internal audit opinions expected of us. As an organisation, we thought we had risen to the challenges presented by the pandemic. But we hadn’t accounted for a significant shift in the NHS.
The digital and data revolution may already have been developing, but the pandemic has dramatically propelled its use and development. Embracing technology has been essential to function. From outpatient appointments via MS Teams, to the use of artificial intelligence to support clinical practice, the risk environment had changed. Executive and non-executive directors quickly told us that their assurance needs had shifted focus to the digital and data space and asked if we could pivot to provide that assurance.
The NHS is not alone in this rapid digital shift.
Many of the technologies that enabled organisations and internal audit function to operate during crisis mode have now become embedded ways of working.
The challenge we now face is to re-engineer our teams to remain relevant to the expectations of our stakeholders whilst continuing to provide a value adding service. This will not be easy or immediate. But change we must.