HSE Audit & Risk Committee Meeting Minutes 14 April 2025

Members Present

Yvonne Traynor (Chair), Anne Carrigy, Michael Cawley, Pat Kirwan, Éimear Fisher and John Moody

Apologies

Sharon Keogh

HSE Executive Attendance

Joseph Duggan (Chief Internal Auditor), Stephen Mulvany (Chief Financial Officer), Mairead Dolan (Asst Chief Financial Officer), Brian O’Connell (ND, Head Strategic Health Infrastructure & Capital Delivery), Joe Ryan (ND Public Involvement, Culture and Risk Management/Chief Risk Officer), Tony Canavan (REO West North West), Dara Purcell (Corporate Secretary), Patricia Perry (Office of the Board)

Joined the Meeting

Anne Marie Hoey (Chief People Officer), Elaine Kilroe (AND Enterprise Risk Management), Hugh Brady (Assistant National Director of HR, Corporate Compliance & Resource Optimisation), Karen Loughrey (General Manager, HR Pay Assurance Unit), David Langton (AND Central Compliance Function)

Minutes reflect the order in which items were considered and are numbered in accordance with the original agenda. All performance/activity data used in this document refers to the latest information available at the time.

The Chairperson held a private session to consider the agenda, papers and the approach to conducting the meeting.

2.1 Conflicts of Interest

No conflicts of interest were declared.

2.2 Minutes

The Committee approved the minutes of 07 March 2025.

2.3 Action Log and Follow Up Items

The Chair advised that she had reviewed the ARC Action Log with the Board Office and all actions were being progressed as per the Update Report.

2.4 Matters for Noting

The Committee noted the briefing note regarding the Acute Mental Health Unit (AMHU) at Cork University Hospital, and asked that it be forwarded to the Performance Committee.

3.5 YTD Expenditure incl. Non Pay Savings 2025

The CFO provided a briefing to the Committee on the YTD Financial Position as at 28 February 2025, noting that the HSE is over the overall expenditure budget by €65.3m / 1.5%, (€42.3m Department of Health (DoH) and €22.9m Department of Children, Disability and Equality (DCDE)). He advised that within that the Health Regions are over their respective expenditure budgets by €150.3m / 5.5%, offset by a surplus at the centre of (€85.0m).

He advised that there is now a requirement to commence tracking and reporting against specific initiatives within regional and national savings plans, and that each region and any national areas at risk of deficit in 2025, share savings initiatives by 16 April 2025. Per initiative these plans should show spend per month to end 2025 without the initiative, amount to be saved and residual spend each month to end 2025 by implementing the initiative, along with summary of the actions that will deliver the saving and how it will be reported on.

The CFO advised in relation to the cash position at the end of March which shows the HSE has drawdown €6,809m which was €113m over profile, and has applied for a cash acceleration of €115m (DoH €95m and DCDE €20m).

In relation to non-pay savings, the CFO referred to his previous paper of 27 February 2025 regarding the initial non-pay savings initiatives being co-ordinated by National Finance and Procurement Division and outlined to the Committee more details with regard to the tracking of the actions. The Committee requested that more details and the target for full year savings be brought back to the May meeting.

3.1 Health Budget Oversight Group (HBOG) Minutes

The Committee noted the minutes of HBOG dated 09 April, 06 May, 23 July, 12 November and 16 December 2024. The Committee referred to the minutes of 16 December and asked what lessons have been learned from the Estimates process, to which the CFO agreed to revert.

3.2 Procurement Compliance Self-Assessment 2024 – Full Year Update

Further to the update presented at the February 2025 meeting and following an independent verification exercise, the CFO presented a paper outlining the Procurement Compliance Self-Assessment returns for the full year of 2024 based on data received as of 31 March 2025,

which recorded an improved return rate compared to the previous year of 96.9% versus 92.8% (by value) and an improved compliance rate of 91% versus 88%. It was noted that considerable progress has been made since 31 March 2025 with respect to outstanding returns which will be reflected in the final report, and that the Procurement Assessment Compliance Tool (PACT) system will remain accessible for end users to continue to make returns to reach a target 100% return rate.

The Committee discussed the reasons for non-compliance with procurement processes and preventative actions available to ensure improvement, including the full roll out of IFMS, and the internal control governance that is required. It was agreed that a paper would be circulated to the Committee outlining the reason codes.

3.3 Controls Assurance Review Process (CARP) – Update on completion rate

The Committee were presented with a further update in relation to the 2024 Controls Assurance Review Process (CARP). The CFO advised that since the update provided at the February 2025 meeting, a supplementary process was developed and ran for a period of 3 weeks, with the support of the SLT, which resulted in a further 667 staff completing the process, achieving 67% participation rate compared to 58% as outlined to the Committee previously. The Committee highlighted the need for support to continue to assist the SLT in closing off the 2024 process, in particular with respect to fulfilling the 100% participation objective, progressing action plans to address issues highlighted as non-compliant and the issuing of quarterly control updates as part of the controls management reporting process.

The Committee discussed the level of participation in some areas, and outlined the critical importance of staff awareness relating to the implementation of obligations relating to Children First.

The Committee discussed the key requirements needed for the 2025 process including a review of the eligible scope, which will include agreement with SLT & unions, where relevant, and mandate participation for the agreed scope.

3.4 Contract Approval Requests

The CFO presented to the Committee the following Contract Approval Requests (CARs).

The Committee considered the details of the proposed CARs and agreed to recommend to the Board for approval.

CIO joined the meeting

The CIO presented to the Committee the following Contract Approval Request

The Committee considered the details of the proposed CAR and requested further information in relation to a cost risk assessment. The Committee agreed to recommend to the Board for approval.

3.6 Controls Environment

The CEO’s memorandum of 23 March 2025 was noted, and the CFO provided an update to the Committee in relation to Spend Approval Levels and Duplicate Payments.

The CFO referred to a previous briefing paper with regard to Spend Approval Levels, which had informed the CEO’s proposal to the Board at its meeting on 28 March 2025, which set out a summary of the issues and provided an understanding of the risks and opportunities. He advised that the CEO’s proposal had been accepted by the Board and is now being actioned with REOs and a set of next steps and timelines are being agreed. The CFO and REOs will then submit the proposed revised expenditure approval levels to the Committee for consideration and endorsement at a future meeting.

The CFO provided an update in relation to Duplicate Payment, which is a key risk that the overall system of internal controls in the Purchases to Pay (P2P) process area is seeking to mitigate and outlined the main causes of duplicate payments, process controls to prevent duplicate payments and the IFMS P2P Lifecycle checks and controls.

The Committee discussed creditors reconciliations and their use in avoiding the risk of paying twice for the same service. The CFO advised that once the IFMS roll out is completed, IG3 go-live on 01 July 2025, the issue of creditors reconciliations will be reviewed and an evaluation of cost benefit, with a further update to be brought back to the Committee in September 2025. In the interim, the CFO advised the Committee that Financial Shared Services are working on developing a report to allow a search for potential duplicate payments across all of the existing financial systems, within threshold of €2,000 / €5,000.

The Committee discussed segregation of duties by staff when ordering products and highlighted the need for a 2 person approval process and requested that an update in relation to the number of staff in each grade who can order products as well as the number of transactions over €100,000 be brought back to the Committee.

The Committee discussed the issue where service users are unable to make payment other than by cheque, and the CFO advised that a communication has issued to the system in relation to a process to be put in place to enable card payments at time of service provision.

4.1 Internal Audit Monthly Report

The Committee noted the update provided by the Chief Internal Auditor (CIA) in relation to Industrial Relations issues.

4.2 Review of Open Internal Audit Recommendations and 4.3 Internal Audit Overdue Recommendations

The CIA advised the Committee that Internal Audit has reviewed all open recommendations as at 31 December 2024 from 2022 and 2023 to identify factors contributing to delays, and opportunities to improve the position. Of the 220 open recommendations, Internal Audit identified that a significant number reported as “In Progress” could be deemed implemented. Of 110 possibilities for closure based on Internal Audit’s review, it was agreed with recommendation owners that 106 should be closed. It was noted that this will be reflected in status reports for Quarter 1 2025. The review also noted deficits in the provision of regular quarterly status reports to Internal Audit. The CIA advised that when status updates are not being provided, there can be little assurance that the recommendations are being progressed, and that it is the responsibility of management to provide these updates.

The Committee discussed the status of open recommendations in the regions, and the REO West North West noted that with the appointment of audit liaisons in each Region, engagement with Internal Audit is expected to improve.

The Committee requested that the CIA highlight a specific area where there is a particular issue with delayed responses, and a request will be made to management to attend a Committee meeting to explain the overdue recommendations in the area of their control, where the delay poses an increased risk, and to address the reasons and planned action.

4.3 Internal Audit Reports re Payroll – verbal update

The CPO introduced Mr Hugh Brady, AND HR - Corporate Compliance & Resource Optimisation, and Ms Karen Loughrey, GM Human Resources Pay Assurance Unit (HRPAU), to the Committee and were provided with an overview of the HRPAU, noting the main objectives of the Unit.

The current status of pay related overpayments for 2022, 2023 and 2024 were outlined to the Committee along with a breakdown of new overpayments by reasons for January 2024 – December 2024, and the Committee discussed the causes of pay related overpayments and noted the HPRAU’s approach.

The Committee were provided with an update in relation to risks identified with regard to two IA reports: Suspected Irregularity Regarding Payroll CHO3 HSE Mid-West and CHO4 HSE South-West, HSE Weaknesses; and Recommendations Report AND Management of National Payroll (Pay Related) Overpayments, which the Committee had reviewed at the March meeting.

The Committee discussed HR processes outside of the HSE, relating to voluntary agencies who were not included in the audits, and it was agreed that the HRPAU would provide a further update on the progress to controls improvement later in the year.

The Committee discussed overpayment figures presented in a recent press article and requested a reconciliation between the figures in the article and the HSE figures.

The Committee were provided with an update in relation to regional structures for Workplace Health and Wellbeing.

Brian O’Connell, ND, Head Strategic Health Infrastructure & Capital Delivery joined the meeting

5.1 Reportable Property Transactions under Delegated Authorities Q2 2024 – Q4 2024

On foot of a request from the Committee at the February meeting and as outlined in the CEO memo of 23 March 2025, the ND, Head Strategic Health Infrastructure & Capital Delivery (ND SHICD) provided a report to the Committee in relation to the reportable property transactions under delegated authorities from Q2 2023 to Q4 2024, noting the processing of 100 transactions by the National Director of Capital & Estates.

The Committee reviewed the paper presented and agreed that:

1. Transactions up to €2m (excl VAT) will continue to be approved by the ND SHICD, with retrospective reporting to the Committee on quarterly basis.
2. Individual Property Papers will be brought for approval to the Committee for each transaction with value between €2m to €10m (excl VAT) prior to entering into any contractual commitments.
3. Nominal property disposals (freehold and leasehold) at nominal value to Charities, Approved Housing Bodies or Local Authorities, will be approved by ND SHICD, with retrospective reporting to the Committee on quarterly basis.
4. Transactions previously considered by the Board will continue to be brought as individual Property Papers to the Committee and Board for approval.

The Committee asked if there is an unusual transaction under €2m that it be brought to the Committee’s attention.

5.2 Building Contracts & Properties

The ND, Head Strategic Health Infrastructure & Capital Delivery presented to the Committee the following contract.

The Committee considered the details of the proposed contract and agreed to recommend to the Board for approval.

The ND SHICD provided an update to the Committee in relation to progressing the steps being taking in relation to disposing of HSE vacant property.

Elaine Kilroe, AND ERM and David Langton, AND Central Compliance Function joined the meeting

6.1 HSE Risk Appetite Statement 2025

Further to a request by the Committee in November 2024 that a comprehensive review of the Risk Appetite Statement (RAS) be undertaken in 2025, the CRO presented the draft HSE RAS 2025. He advised the Committee that the draft RAS was informed by a consultation process, which involved a survey to the SLT, the Corporate Risk Support Team (CRST), and key stakeholders, to assess their agreement with the proposed risk appetite levels. It was noted that a key premise of the update to the risk appetite levels is that each appetite level has been informed by the content of the National Service Plan 2025 and current draft Corporate Plan.

The Committee considered the draft RAS 2025 and agreed to recommend to the Board for approval, and noted the importance of the narrative when communicating the RAS to the system.

6.2 Risk - Treatment in HSE Annual Report 2024

The Committee noted the draft Risk Management report which is to be included in the HSE Annual Report 2024, and queried the in-depth information included in the report and the possible redaction of cyber security. The CRO advised that he would engage with the Planning Team.

6.3 Principle Compliance Obligations Register and associated metric reporting – Q1 2025

The AND CCF presented the updated Principle Compliance Obligations Register (PCOR) and associated metrics report which had been requested at the March meeting. He advised that a workshop was held at the SLT meeting on 01 April 2025, with SLT members committing to assessing data issues to enable further key obligation inclusion and monitoring on the PCOR going forward.

The Committee noted the 12 obligations listed on the register with an associated metric to demonstrate compliance, with the alignment to the CRR principal risks.

The Committee discussed obligations including mandatory training in children first, public procurement guidelines and Open Disclosure.

6.4 National Records Retention 2024 - update

The Committee noted the update in relation to the implementation of the National Records Retention policy 2024.

AND Enterprise Risk Management and AND Central Compliance Function left the meeting

There was no further business.

The Chair thanked the Committee and SLT members. The meeting ended at 18.30.

Terms of Reference: Audit and Risk Committee