Case study: Health sector

RSM were initially appointed as internal auditors to a well-known hospital in 2018 and our contract was extend for a further term.

During our time at the client we conducted a range of internal audit reviews across the varying functional areas and have built strong professional working relationships with key stakeholders across the organisations.

We have received positive feedback from management on the outcomes of our internal audit reviews and how RSM has been flexible in engaging with the business to minimise impact on ongoing service delivery.

Project Objectives:

Provide outsourced internal audit function to the Client.

Key Deliverables:

• Develop and maintain a Strategic Internal Audit Plan - that was balanced in managing mandatory & compliance obligations, and operational / performance internal audit reviews. As well as having a risk-based approach to conducting internal audit reviews.
• Detail Scope documents - prepare a detailed scope document for each internal audit review
• Internal Audit Reports – prepare an internal audit report after completing each review.
• Presenting to Audit Committee – present each of our reports to the Audit Committee for discussion of key issues and approval.

Complexities:

The Client operates within a very complex environment that has multiple layers that it needs to contend with such as:

• Victorian public sector (VPS) agency - needs to comply with VPS requirements, policies and procedures
• Health Agency – required to report to the Department of Health (lead Portfolio Department) on a range of financial and operational matters, including patient related datasets
• Health Share Victoria (HSV) – as a Health Agency the Client is required to comply with HSV procurement and contract management protocols
• Clinical Governance – the Client is required to implement robust clinical governance across the organisation to ensure it complies with a range of factors such as National Health Standards, better practice guides issued by Safer Care Victoria
• Leader in Client Health – as the first and leading specialist hospital in it’s field, the Client is often the front runner for new technologies and processes. This required a risk based and flexibile approach to ensure the internal audit program supported the Client ambitions and did not hinder progress. 

Internal Audits delivered:

• Asset Management
• Blood Management Governance
• Business Continuity and Emergency Management
• Clinical Governance Framework
• Clinical Incident Management
• Procurement/Corporate Cards and Staff Expenses
• Credentialing and Scope of Practice
• Cyber Security – Vulnerability Assessment
• Cyber Security - Penetration Testing
• Data Integrity (i.e. VCDC, ESIS, VEMD, VINAH)
• Governance and Management of Telehealth Sevices
• HSV Compliance
• Human Resource and Payroll
• Infection Control
• Integrity, Fraud and Corruption Control
• Information Privacy Compliance
• Management of Key Contracts
• Management of Own Source Revenue
• Medical Staff Management
• Pharmacy and Drugs Management
• Patient Billings and Receivables
• Research and Grants Management
• Risk Management (including delivery of risk management workshop to upskill Executive in risk management)
• Rostering, Time and Attendance
• Standing Directions
• Strategy Implementation and KPI Monitoring
• Workplace Health & Safety Review

RSM successfully delivered the services under this contract as evidenced by RSM being re-appointed for a further three years after the initial three term of the contract. RSM met the KPIs for the delivery of services to the Client.  Particularly during extremely challenging times during the COVID panndemic.  RSM demostrated flexibility in engaging with management to cater for other operational priorities throughout the pandemic. RSM did:

• Deliver the internal audit plan year on year
• Assisted management in lifting their maturity with respect to risk management across the organisation
• Assisted management in implementing assurance mapping to better target their internal audit efforts
• Balanced operational focus internal audit activity with compliance / mandatory
• Made several practical recommendations in a wide range of operational areas to assist management raise the maturity on their internal control environment.
• Worked collaboratively with management to unpack complex challenges and work recommendations to improve operational efficiency and effetiveness.

For further information:

For further information, please get in touch with Jayesh Kapitan