HSE Audit and Risk Committee Meeting Minutes 22 March 2024

Members Present

Brendan Whelan (Chair), Fergus Finlay, John Moody, Éimear Fisher and Sharon Keogh

Apologies

Michelle O’Sullivan and Pat Kirwan

HSE Executive Attendance

Stephen Mulvany (CFO), Mairead Dolan (Asst CFO), Joseph Duggan (CIA), Patrick Lynch (Acting CSO), Trevor O’Callaghan (CEO Dublin Midlands Hospital Group), Dara Purcell (Corporate Secretary), Patricia Perry (Office of the Board)

Joined the Meeting

Peter Smyth (AND Capital & Estates)(Item 3), Colum Maddox (Asst CFO)(Item 4), Elaine Kilroe (AND Enterprise Risk Management)(Item 5), Tom Malone (AND IA), Cora McCaughan (AND IA)(Item 6).

Minutes reflect the order in which items were considered and are numbered in accordance with the original agenda. All performance/activity data used in this document refers to the latest information available at the time.

The Chairman held a private session to consider the agenda and papers and the approach to conducting the meeting.

2.1 Conflicts of Interest

No conflicts of interest were declared.

2.2 Minutes

The Committee approved the minutes of 19 February 2024.

2.3 Action Log

The ARC Action Log was noted.

2.4 Annual Report of Audit and Risk Committee 2023

The Committee approved its draft Annual Report 2023 which had been circulated in advance of the meeting.

2.5 Review of Committee Effectiveness 2023

The Committee reviewed feedback received and agreed seven actions for improvement.

Peter Smyth, AND Capital & Estates joined the meeting

3.1 National Children’s Hospital (NCH) Project and Programme Update

The CSO provided an update to the Committee in relation to the National Children’s Hospital (NCH) Project and Programme noting that a previous update was presented in February 2023 and October 2023 to the Committee.

He advised the Committee of the significant issues and risks with this large and complex programme particularly the significant challenges in securing time and cost certainty, effective performance from the contractor, and the CHI Integration and Operational Readiness Programme.

The Committee noted that the National Paediatric Hospital Development Board (NPHDB) are responsible for the design, build and equipping of the NCH, including monitoring Contractor progress on site, and that the HSE and the NPHDB have commenced discussions on the dissolution of the NPHDB.

The Committee outlined their concerns but noted that both the HSE Board and the ARC had no accountabilities for the NCH, but that this would change at the next stage and discussed the operational and governance accountabilities, for which the Children’s Hospital Ireland (CHI) will be responsible for.

The CRO advised the Committee that the HSE has implemented two substantive additional measures in 2024 to provide a greater level of assurance over CHI’s programme. This includes commissioning an external assurance review by an international expert, Prof. Melvin Samsom supported by KPMG, and establishing a dedicated HSE Integrated Assurance Group chaired by Prof. Mary Day, to specifically focus on supporting the CHI programme. A further update will be brought to the Committee once the external assurance review is completed.

3.2 Building Properties and Contracts

The AND Capital & Estates presented the following proposed contract to the Committee.

The Committee held a discussion in relation to the tender value, contingency figure and costs versus estimated costs of the contract, and agreed to recommend to the Board for approval with the addition of a section more clearly describing the associated risks and contingency.

The Committee queried previous tenders received relating to PPP and the cost per bed, and it was agreed that the CSO would provide the information to the Committee.

P Smyth AND Capital & Estates left the meeting.

Colum Maddox, Asst CFO joined the meeting.

4.1 YTD Expenditure and 4.2 Health Budget Oversight Group (HBOG)

The CFO advised the Committee that the Fórsa industrial action had substantially delayed the close out of 2023 reporting, and that a single final commentary covering the period September to December 2023 was on track for completion by the week beginning 25th March 2024. He advised the Committee that there were implications for commencement of 2024 reporting, and the Committee noted the expected timelines for the first quarter reporting for 2024.

The Committee noted that the draft revenue I&E financial position before supplementary and first charge at the end of December 2023 shows a YTD deficit of €1,520.5m or 6.8%, of this €95.4m is driven by the impact of COVID-19 with the remaining €1,425.0m relating to core activity.

This core variance includes a net deficit of €970.1m in Acute Operations, €217.8m in Community and €323.9m in Pension and Demand Led areas which is slightly offset by a surplus of (€86.8m) in Other Operations / Support Services.

The Committee noted that there have been two HBOG meetings held so far in 2024, and that a proposal for the 2024 process was that a high level meeting would be held once every quarter in order to ensure that a more strategic discussion on expenditure and staffing control and longer term issues would be held. The CFO advised the Committee that a discussion was held regarding the backlog of financial reporting, and that a joint DPER/DoH/HSE reporting schedule would be put in place for 2024, which is expected to be finalised before the end of March. Employment levels and the status of the Public Number Strategy 2024 was also discussed at HBOG and the plans to address financial challenges including agency and agency conversion.

4.2 Draft Annual Financial Statements (including draft SIC) / Significant Accounting judgement areas / Management update on C&AG Audit progress

The Asst CFO presented to the Committee the draft Annual Financial Statements (AFS) for review. The Committee noted that these draft AFS have been submitted to the C&AG and to the Department of Health and the Department of Children, Equality, Disability, Integration and Youth on 11 March 2024 and will be presented to the Board for adoption at its meeting on 27 March 2024.

The Committee noted that the Draft AFS 2023 reports the Revenue I/E Deficit of €645.2m (including supplementary and first Charge from 2022 of €185.2m) and Capital I/E Surplus of €138.6m.

The Committee discussed the Statement of Internal Control (SIC), noting that the HSE has conducted a review of the requirements of the DPER Code to ensure that the SIC is compliant with same. On the basis of that review the Committee were advised of amended wording in the conclusion which was deemed more appropriate in that context. The Committee agreed that this wording is the most appropriate in the context of the SIC to be presented to the Board.

The Committee were advised that the audit is on-going and the accounts will not be considered final until the audit has concluded and any material changes that may arise have been considered and actioned. It is expected subject to the progression of the C&AG audit that the final draft will be brought to the EMT, ARC and the Board in May and any material changes to the AFS and disclosures will be explained.

The Committee agreed to endorse the draft AFS including SIC for onward submission to the HSE Board for consideration and adoption.

The Committee thanked the CFO, Asst CFO and team for all the hard work in the preparation of the AFS’s and agreed to send a communication of appreciation.

4.3 Integrated Financial Management and Procurement System (IFMS)

IFMS Update

The CFO presented to the Committee an update in relation to the significant challenges relating to invoice processing for Implementation Group 1 (IG1), which was previously discussed by the Committee at its meeting on 13 October 2023. The Committee noted the measures for achieving a steady state for invoice processing which had been identified, with target metrics put in place to be achieved initially for Fit Validation with IG2 and IG3 in April 2024, and then incrementally, until overall steady state is achieved in IG1 by 30 June 2024.

The Committee welcomed that Finance Shared Services and all service areas have achieved month on month improvements in invoice processing, noting that the key to achieving the steady state was the elimination of non-compliant procurement practice, and recent targeted communications to suppliers is expected to assist in further reducing the number of invoices being received without a valid IFMS Purchase Order, and other documents not valid for IFMS processing. Additional VIM enablement training continues to be made available to IG1 staff.

Change Control Note – IFMS System Integrator Contract

The CFO presented to the Committee a paper seeking the approval of the Change Control Note (CCN) to the IFMS System Integrator contract for SAP Implementation Support for a new Integrated Financial Management System for the HSE.

He advised that the CCN falls within the scope of the provisions under Article 72 Directive and at €19.9m (33.5%) does not exceed 50% of the value of €59.4m of the original contract. The Committee noted that the Head of Procurement has confirmed that the contract extension complies with the applicable Public Procurement rules.

The Committee held a discussion in relation to the CCN, relating to the performance of the contractor, the capacity of the HSE to manage and lessons learnt from the first roll out of IFMS, and agreed to recommend to the Board for approval.

Committee member Fergus Finlay; CFO, T O’Callagan, C Maddox left the meeting at 10.55am.

E Kilroe, AND Enterprise Risk Management joined the meeting at 11.05am.

5.1 Corporate Risk Register 2024

The CRO presented to the Committee the Corporate Risk Register (CRR) 2024, for consideration and further comment. The Committee considered the CRR presented and provided feedback to the CRO and AND Enterprise Risk Management, which would be incorporated and brought back to the Committee to be recommended to the Board for consideration at its meeting in April 2024.

5.2 Enterprise Risk Management

Awareness and training

The AND Enterprise Risk provided the Committee with an update of the engagement and training programme associated with the roll-out of the Enterprise Risk Management Policy and Procedures in 2023, and of the priority in 2024 for further development and delivery of training and enhanced communications in relation to risk.

The Committee welcomed the engagement and training programme and welcomed that Risk Management is becoming embedded in the different layers of the organisation which represents good progress over recent years.

Regional Structures – verbal update

The CRO provided an update to the Committee in relation to the position of Risk Management within the Health Regions. He advised that the final design of Regional Executive Officers Management Team has not been completed as yet and that ongoing discussions are taking place with the National Director Health Regions Programme.

The CRO advised the Committee that he will be taking over a new role in the coming months, as National Director Performance & Planning and Mr Joe Ryan will take on the role of the CRO.

E Kilroe, AND left the meeting.

5.3 Protected Disclosures

Statutory Report

The ND Governance & Risk noted that the Committee had approved the submission of the Statutory Report 1 to the Minister of DPER by 01 March 2024 at its meeting in February 2024. He advised that the requirement for a second report, Statutory Report 2 to the Minister of DPER, was advised to the HSE after the February ARC meeting, and which must also be submitted to the Minister. He outlined that Statutory Report 2 (the form for Prescribed Persons under the Act), relates to the HSE as a ‘suitable person’ under the Act to whom the Office of the Protected Disclosures Commissioner (OPDC) transmits disclosure reports. The Committee noted that DPER had acknowledged the short notice of the requirement in the context of the inaugural year of these new reporting requirements, and noted that both statutory reports (1 & 2) were in compliance with the deadline, and submitted to the Minister by 01 March 2024 and published by the HSE by 31 March 2024.

Annual Report 2023

The Committee noted the Protected Disclosures Annual Report 2023, which is a more detailed report and fulfils the statutory obligation to publish a statement confirming that the HSE has internal reporting channels in place, which once approved would be published by the statutory deadline of the 31 March 2023 and included in the HSE’s Annual Report 2023.

National Office for Protected Disclosures Report for January – December 2023

The ND GR presented to the Committee the NOPD Report for January – December 2023, which is a more detailed biannual report on protected disclosures activity in the HSE.

The Committee noted that there were 98 reports submitted to the HSE in 2023, and all were assessed, with 49 being valid protected disclosures within the meaning of the Act, with 32 closed in the period and 3 reports under assessment in the NOPD at year end. 15 out of the 49 valid disclosures were received anonymously, and as a result of an anonymous protected disclosure and following subsequent investigation and negotiation, the HSE recouped €3.7 million in overpayments from an agency staff supplier.

The Committee discussed the reduction in open legacy protected disclosures, noting that the HSE received 366 reports between 2017 and 2022, with 68% of reports closed prior to 31 December 2022, and 117 remained open on 01 January 2023. The Committee welcomed that as of 31 December 2023 this figure was reduced to 23 that remained open, and with the 49 additional protected disclosures opened in 2023, 32 of which are closed, there was a total carryover of 40 open protected disclosures into 2024. The Committee acknowledged and welcomed the work completed by the NOPD to close out such a high proportion of cases.

6.1 Internal Audit Annual Report 2023

ANDs IA T Malone and C McCaughan joined the meeting.

The Chief Internal Auditor (CIA) presented to the Committee the Annual Audit Opinion 2023 which documents the overall audit opinion of the CIA. He informed the Committee that based on the results of internal audit work completed during 2023, that Limited assurance can be provided in respect of the governance, risk management and control systems operating in the subject areas audited and outlined the reasons for his opinion, which were included in the report.

He advised that sufficient and appropriate audit procedures had been conducted and evidence gathered to support the accuracy of the conclusions reached and contained in the report. The conclusions were based on a comparison of the situations as they existed at the time against the audit criteria, and that the conclusions are only applicable to the HSE, and not of funded agencies.

The Committee discussed the report presented noting the good progress on actioning of Audit Recommendations and the modest improvement of the Audit Ratings. The Committee outlined its aspiration for 2024, that is, for an improvement in the ratings but accepted that while it should continue on an upward trajectory, the improvement will unlikely be dramatic. The CIA advised the Committee that an Access and Cooperation Escalation Protocol, which came out of the ARCs request for escalating instances of audit delays or non-cooperation and dealing with long overdue actions will be brought before the ARC at its April meeting.

6.2 Internal Audit Monthly Report - verbal

The CIA provided an update to the Committee in relation to the IA Strategic Review and Industrial Relations, and advised that he had recently met with Fórsa and staff representatives along with the AND National Employee Relations. At the request of the ARC, he also held a discussion with the CEO.

6.3 ICT Auditing Update - verbal

Further to a request from the Committee at its meeting in December 2023, the CIA provided an update in relation to the tender for an outsourced ICT audit provider. He advised the Committee that responses had been received and evaluated, and Mazars, the current provider was the successful tenderer. This will also have the benefit of continuity of service provision, and they have been appointed for 2 years commencing in April.

The CIA advised the Committee that in-house resourcing of ICT and data analytics capabilities is being considered, and he should have clarity as the HSE Centre functional design is progressed, and will provide further update to the Committee at a future meeting.

ANDs IA left the meeting.

There was no further business.

The Chair thanked the Committee and EMT members. The meeting ended at 12:30pm.