HSE Audit and Risk Committee Meeting Minutes 12 September 2025

Members Present

Yvonne Traynor (Chair), Anne Carrigy, Michael Cawley, Éimear Fisher, John Moody and Sharon Keogh

HSE Executive Attendance

Joseph Duggan (Chief Internal Auditor), Stephen Mulvany (Chief Financial Officer), Mairead Dolan (Asst Chief Financial Officer), Joe Ryan (ND Public Involvement, Culture and Risk Management/Chief Risk Officer), Kate Killeen White (REO Dublin & Midlands), Dara Purcell (Corporate Secretary), Rebecca Kennedy (Office of the Board)

Joined the Meeting

Maire Lennon (Head of Legal), Gavin O’Neill (AND National Productivity Unit), Mary Coghlan (Director National Productivity Unit), Colm Henry (Chief Clinical Officer), Elaine Kilroe (AND Enterprise Risk Management), Brian O’Connell (ND Head Strategic Health Infrastructure & Capital Delivery), David Langton (AND Central Compliance Function), Leonard Clinton (Asst CFO Finance Shared Services), Valerie Plant (Asst CFO & IFMS Programme Director), Gareth Morton (ND Procurement), Brian Long (AND Procurement).

Minutes reflect the order in which items were considered and are numbered in accordance with the original agenda.  All performance/activity data used in this document refers to the latest information available at the time.

The Chairperson held a private session to consider the agenda, papers and the approach to conducting the meeting.

The Chief Internal Auditor (CIA) joined the Committee at the end of its private session, and provided an update regarding an Internal Audit report.

2.1 Conflicts of Interest

No conflicts of interest were declared.

2.2 Minutes

The Committee approved the minutes of the 11 July 2025 meeting subject to amendments.

2.3 Action Log and Follow Up Items

The Committee reviewed the action log and expressed dissatisfaction regarding progress on actions being closed. They requested that all outstanding actions be reviewed with SLT members and an update be brought to the October Committee meeting.

CFO, CRO, M Dolan ACFO, and REO Dublin Midlands joined the meeting

3.1 Memo from CEO to SLT Non-Pay Control dated 15 July 2025

The Committee noted the above correspondence.

3.2 Progress of Task and Finish Group – HSE Financial Position

The Chair updated that Committee on the work of the Task and Finish Group (TFG) which was established following consideration of the HSE year-end financial projections and agreement of the Breakeven Plan at the 17 July Board meeting.

The TFG met on 19 August and 05 September 2025. At both meetings, the REO West and North West and CFO provided assurances, on behalf of the Regions and the Centre respectively, regarding the implementation of the CEO Breakeven plan. The CFO also provided June and July YTD versus breakeven plan spend limit (straight line basis other than pay awards); July and August YTD cash summaries; June YTD Savings Reports; and a Q2 Forecast to end year. It was agreed that the CFO would bring a paper to the Committee re annual profiling and additional spend limits. The TFG may, if required, meet in advance of the next Board meeting scheduled for Friday 26 September 2025.

3.3 Health Regions Implementation Programme Update

The Committee noted the update provided by the CPO regarding staff levels at AND and above pre and post Health Regions Implementation Programme which had been requested at a previous meeting. The Committee discussed the status of Consultants not on the Specialist Register and requested assurance that this is sufficiently monitored at Board Committee level.

3.4 Briefing from REO Dublin and South East re podiatric medicine

The Committee noted the update provided by the REO Dublin and South East regarding engagement with the Department of Education in relation to podiatric medicine which had been requested at a previous meeting.

The Committee reviewed the availability of training placements for therapists and while noting that the approval of additional training places is a policy decision, sought assurance that these are being robustly monitored and strategically managed, with all potential avenues actively pursued to enhance resource capacity.

3.5 Ill health retirements update

The Committee noted the update provided by the CPO which was presented in response to queries raised by the Committee at a previous meeting. The Committee requested that a further briefing be presented to the Committee at its November meeting which should set out reasoning behind the higher rates of Ill health retirements for the HSE compared with an external benchmark.

4.1 Q2 2025 report (IA Reports and IA Recommendations Monitoring)

The CIA provided a report to the Committee which included Audit Activity and Plan Status and Planned Audits Q3 2025; Audits Issued and Key control findings from Audit Reports in Q2 2025; Implementation of audit recommendations at 30 June 2025; and open recommendations by area.

The Committee noted the update in relation to the Internal Audit Plan Status at 31 August 2025; with 5 audit reports issued in Q2 2025 and a summary of their key findings. The Committee acknowledged the improvement in the implementation rate of recommendations due within agree timeframes, increasing from 44% in Q1 2025 to 82% in Q2 2025, alongside a 21% reduction in overdue recommendations. The Committee also noted that the majority of remaining overdue recommendations are concentrated within two Health Regions.

Head of Legal, AND National Productivity Unit, and Director National Productivity Unit joined the meeting

5.1 Review of the Office of Legal Services

The Head of Legal and AND National Productivity Unit updated the Committee on the implementation of strategic enhancements to the Office of Legal Services (OLS) operating model which seek to strengthen its capacity and capability to deliver its enhanced role in the oversight of the HSE’s legal cost and legal risk management as mandated in a CEO Memorandum dated 19 June 2024.

The update covered progress made in relation to: Expansion of In-House Legal Capacity; Enhanced Governance of External Legal Engagements; Cost Containment Measures; Enhanced Oversight and Knowledge Management; and New Technology Adoption. The Committee discussed in particular the impact of the changes on HSE Estates, and the governance surrounding shared learning between HSE Regions and between the HSE and the State Claims Agency and new key performance indicators KPIs (metrics) that will support the OLS reporting.  The CFO noted there are discussions ongoing with OLS to examine the feasibility of strengthening in house legal capacity for procurement and related contract matters.

The Committee welcomed the progress outlined and it was agreed that a report on the implementation of the strategic enhancements of the OLS would be added to the Committee workplan for late 2026.

Head of Legal, AND National Productivity Unit, and Director National Productivity Unit left the meeting

AND Enterprise Risk Management and AND Central Compliance Function (CCF) joined the meeting

6.1 Q2 2025 CRR Report

The Chief Risk Officer (CRO) presented to the Committee the Q2 2025 Corporate Risk Register (CRR) Report. The Committee noted the 11 Open risks and 5 Watched risks on the Register, of which 5 Open risks were rated High, 6 Open risks rated Medium. All risks had been updated to reflect the Risk Appetite categories and levels as set out in the HSE’s Risk Appetite Statement 2025 as approved by the Board in April.

The Committee noted that the Q2 2025 CRR reflects updates arising from quarterly risk assessments and engagements with relevant senior managers. In relation to R011 Scheduled Care Services, this was previously W001 Delivery of Care but following input from relevant SLT it is now considered ‘Open’ rather than ‘Watched’.

The Committee noted risks R003 Disruptive Events, R005 Financial Management, R006 Major Infrastructure, R009 Compliance, R010 Data Protection and W006 Climate Change, and held a discussion relating to R004 Health Care Acquired Infections and Anti-microbial Resistance. The Committee noted the KPIs in this area which are monitored at Board Committee level, and discussed

aligning KPIs using a root cause analysis rather than relying wholly on extant data and using external benchmarks/standards wherever possible.

6.2 Central Compliance Function- Compliance Reports

The ND Public Involvement, Culture and Risk Management (ND PICRM) provided the Committee with the following updates as of June 2025.

KPMG Report Implementation Plan Update

The AND CCF presented to the Committee the quarterly update in relation to the KPMG Compliance Project Implementation Plan and progress to date. The Committee noted the update and the overview of the recommendations completed since the June 2025 meeting.

3LOD Assurance Map

The Committee noted the Three Line of Defense (3LOD) Assurance Map which was circulated for its information. The Assurance Map seeks to provide the HSE with a clear understanding of risk and assurance coverage throughout the organisation.

COR Update – Q2 2025

The AND CCF presented the Compliance Obligations Register (COR) Q2 2025 to the Committee, which included engagement with the Office of the CEO and the OLS to identify any new obligations that had arisen since the last update. It was noted that Internal Obligations have increased by 14 (2%) from 819 to 833; and External Obligations have increased by 16 (3%) from 445 to 461.

PCOR Metrics Report – Q2 2025

The AND CCF presented the Principal Compliance Obligations Register (PCOR) Metric Reporting Q2 2025 to the Committee, with 12 obligations listed on the PCOR with an associated metric to demonstrate compliance and outlined the alignment to the CRR principal risks. The Committee noted that 2 of the 12 metrics showed a compliance rate within 10% of the target range set and 7 of the 12 (58%) show improved compliance rates in the quarter.

PCRS Governance Pathway

At the March Audit and Risk Committee meeting a Maturity Assessment of 1st Line of Defence Functions (1LOD) that perform compliance related activities was presented. This paper highlighted a governance pathway gap in relation to PCRS, in that the area had no reporting relationship into any board committee despite managing an annual budget of circa. €4billion.

The ND Services and Schemes and the AND Central Compliance Function proposed that a quarterly report from the Primary Care Reimbursement Service be provided to the Committee to close this governance gap. It was agreed that this would be added to the ARC work plan annually for the March, June, September and December meetings.

6.3 Protected Disclosures

The AND CFF presented to the Committee the draft HSE Procedures for the Handling of Protected Disclosures which provide a comprehensive guide for workers to report workplace wrongdoings securely and confidentially, in compliance with the Protected Disclosures Act 2014 and its 2022 amendment.

The Committee considered and approved, subject to minor amendment, the HSE Procedures for the Handling of Protected Disclosures. It was agreed that it would be brought to the Board for noting as part of the ARC update at the September 2025 Board meeting.

The AND CCF provided an update to the Committee in relation to the HSE protected Disclosures Half-Year Report. The National Office for Protected Disclosures (NOPD) has seen a marked increase in activity during the first 6 months of 2025, both in terms of an increasing number of reports received, and closure activity across the system. The Committee noted that 79 reports were received in the period, circa 44% more than the same period in 2024; and 81 reports were closed during the period which equates to 72% of the total number of closures recorded during the entirety of 2024. It was noted that 66 reports remain open across the organisation as at 30 June 2025.

The long standing issue regarding legacy cases (i.e. pre-2023 cases that were under management before the establishment of the NOPD) is almost addressed with 7 further cases closed to date in 2025, 4 cases remain open, and the average time taken to close cases continues to fall. The Committee acknowledged the work of the NOPD with regard to the closure of legacy issues.

The Committee noted the Half-Year Report which outlined: Summary of activity in the reporting period, 1 January 2025 – 30 June 2025; Open Cases prior to 2025; Protected Disclosures Process – Monitoring Performance and Outcomes; Organisational Intelligence and Learning; Notification of Serious Issues; and Continuous Improvement Initiatives;

AND CCF and AND ERM left the meeting.

CCO joined the meeting

7.1 Update on Clinical Audit Plan and Audits

The HSE National Centre for Clinical Audit (NCCA) Report August 2025 was presented by the CCO to the Committee. The report provided updates in relation to: Four New National Audits approved by the National Steering Group for Clinical Audit and are in progress or commencing; Five National Audit reports published since the March report to the Committee; Four new National Registries approved; One preliminary registry report published; Completion of Service Level Agreements (SLAs) with Clinical Audit service providers; the HSE National Clinical Audit Strategy 2025-2030; and Local clinical audit enablers.

The Committee highlighted that the audits are largely hospital focused and queried whether this will change as the Health regions are further established. The CCO advised that the hospital focus is due to data availability and the process by which audits are requested by clinicians. The Committee observed that clinical audit is currently a reactive process which begins after an incident occurs and suggested that consideration be given as to how the process could be changed to allow it to become more proactive and targeting of areas which are identified as high risk.

CCO left the meeting.

Brian O’Connell, ND, Head Strategic Health Infrastructure & Capital Delivery (ND SHICD) joined the meeting

8.1 HSE National Equipment Replacement Programme Capital Funding Requirements 2025 to 2029

The Committee noted the update from the ND SHICD in relation to the HSE National Equipment Replacement Programme Capital Funding Requirements 2025 to 2029, which was requested by the Committee at its June 2025 meeting and outlined improvements and achievements made from a previous investment; and the issue of medical equipment not being used over weekends.

8.2 Quarterly Report on delegated authority for property transactions

The Committee noted the Quarterly Report from the ND SHICD in relation to delegated authority for property transactions.

8.3 Quarterly Report - final account for completed construction projects – verbal update

ND SHICD provided a verbal update confirming that there are no completed construction projects for this quarter.

8.4 Building Contracts and Properties

The Committee considered the following contract which was presented by the ND SHICD.

1. Property disposal - Centenary House, 35 York Road, Dun Laoghaire, Co Dublin, noted by Committee.

The Committee considered the details of the above proposed contract and agreed to recommend it to the Board for approval.

The NDSHICD provided a verbal update in relation to the following contract which was noted by the Committee at its July meeting:

1. Property disposal – Errill Health Centre, Co Laois.

This contract is due to be brought to the September Board meeting in line with the HSE’s Code of Governance, as the proposal is to dispose of the asset to a HSE staff member.

NC SHICD left the meeting

9.1 YTD Expenditure and Financial position July 2025 Q2 Projections 2025

The CFO provided a briefing to the Committee on the YTD Financial Position as at 31 July 2025, noting that the HSE is over the overall expenditure budget by €21.0m / 0.1%, (€70.9m surplus Department of Health (DoH) and €91.9mm deficit Department of Children, Disability and Equality (DCDE)). He advised that within DoH funded services, Health Regions are reporting a (€29.6m) surplus against their updated limit, Corporate a (€57.4m) surplus against their limit, and Demand Led Services are reporting a €16.1m deficit against their limit.

The CFO advised that no cash acceleration was required for the month of August and the HSE did not draw €49.1m of its August month profile. This improved the YTD cash position by €49.1m since 31st July. The Committee noted that the current cash position for the HSE is €148.1m over profile as at 31st August, where DoH is over profile by €79.4m and DCDE over profile by €68.7m. The closing draft cash at bank for HSE Revenue as at 31st August stands at €61.8m.

9.2 Health Budget Oversight Group (HBOG) (i) Lessons Learnt from HBOG meetings

The Committee noted the update provided by the CFO in relation to December 2024 HBOG Minutes / Estimates Process 2025 which was requested at the April Committee meeting.

9.3 Approach to minimising Duplicate and Incorrect Payments

Leonard Clinton (Asst CFO Finance Shared Services), Valerie Plant (Asst CFO & IFMS Programme Director), Gareth Morton (ND Procurement), and Brian Long (AND Procurement) joined the meeting

The Committee noted the update from the CFO in relation to Invoice Overpayment & FSS Payment Services Approach to identifying and avoiding duplicate and incorrect invoice payments which covered: IFMS Enhanced Controls; Approach to Duplicate Invoice and Incorrect Invoice Checks (Historical Data, Real Time in advance of the processing of payments, and Creditor Reconciliations); Local Service Areas - End User Requirements & Additional Controls; and a Summary Report on an Incorrect Payment Processed by HSE in May 2020.

Éimear Fisher, John Moody and Leonard Clinton left the meeting

9.4 IFMS Stage 2 rollout to Voluntary organisations

The Committee noted the update from the CFO in relation to the Integrated Financial Management and Procurement System (IFMS) which included: an IFMS Project Summary Report; Stage II Rollout to Voluntary Organisations - Business Case Update including High Level Plan; and Finance Reform Programme Governance.

The Committee discussed the process of engagement with voluntary organisations and the limits which will be in place regarding the influence of IFMS on their governance. The CFO highlighted that

the HSE will not by virtue of the implementation of IFMS, seek to second guess the judgement of voluntaries by inserting a requirement for additional “approvals from the centre” to be obtained via IFMS for example before a purchase can be made or an accrual or other journal entry posted.

Where such transactions are initiated by a voluntary organisation in the absence of available budget or similar, this will, where appropriate, be taken up post “close and reporting” as part of the normal performance management process.

The Committee recommended to the Board for approval a contract extension of the IFMS System Integrator for the completion of Stage II rollout to voluntary organisations, subject to the finalisation of commercials.

The Committee asked that Section 38 budget allocations be presented to the November Board meeting, and that an update be provided to the October Committee meeting in relation to Activity Based Funding.

Asst CFO & IFMS Programme Director left the meeting

9.5 2025 Controls Assurance Review Process

The Committee noted the update from the CFO in relation to progress for the 2025 Review of Effectiveness of System of Internal Control within the HSE – Controls Assurance Process (CARP) which covered: Controls Reporting; Eligible Scope Agreement; CARP coordinators for each SLT member; CARP Statements and Filter review; Management Controls Handbook; Training and supports; Communications; Progress Metrics; and the Mandated Process for eligible staff.

9.6 Update to existing Bank Mandate

The Committee reviewed and recommended to the Board for approval a Bank Mandate to remove and add a Main Signatory on the HSE bank accounts.

9.7 Procurement Compliance Self-Assessment Programme

The Committee noted the update from the CFO in relation to i) Q1 & Q2 2025 procurement compliance self-assessment returns completed as at 18 August 2025 and ii) Full & Final Report on 2024 Invoices Above €25k. The full year 2024 returns taken on 31st August 2025 achieved a return rate compared to the previous year of 100% versus 92.8% (by value) and an improved compliance rate of 91% versus 88%.

In relation to the 2025 update, A snapshot of the 2025 returns taken on August 18th 2025 shows by value a compliance rate of 95% and a return rate to date of 68% By comparison this reflects an increase in declared compliance of 5%, and a decrease in percentage assessed by value of 8%, for the same period last year. A further update re Q1- Q3 2025 will be available to the Committee for the December meeting.

AND Procurement left the meeting

9.8 Contract Approval Requests

The CFO and AND Procurement presented to the Committee the following Contract Approval Requests (CARs):

1. Biochemistry Managed Laboratory Service (MLS) for UHW, WGH, TUH and SLGH
2. Cervical Check Screening Programme Information Management System (IMS)
3. Supply of Enteral Feeding System
4. Provision and Support of a Home Peritoneal Dialysis Service
5. Temperature Controlled Supply Chain Management Services for Vaccines

The Committee considered the details of the proposed CARs and agreed to recommend to the Board for approval.

The Chair thanked the Committee and SLT members. The meeting ended at 13:40pm.

Terms of Reference: Audit and Risk Committee