HSE Audit and Risk Committee meeting minutes 6 September 2024

Members Present

Brendan Whelan (Chair), Michelle O’Sullivan, Pat Kirwan, John Moody, Éimear Fisher and Sharon Keogh

HSE Executive Attendance

Stephen Mulvany (Chief Financial Officer), Mairead Dolan (Asst Chief Financial Officer), Tom Malone (Asst ND Internal Audit), Joe Ryan (ND Public Involvement, Culture and Risk Management/Chief Risk Officer), Niamh Drew (Deputy Corporate Secretary), Patricia Perry (Office of the Board)

Apologies

Joseph Duggan (Chief Internal Auditor), Trevor O’Callaghan (CEO Dublin Midlands Hospital Group)

Joined the Meeting

Francis Mollen (Acting ND Procurement)(Item 3.4), Elaine Kilroe (AND Enterprise Risk Management)(Item 4), David Langton (Asst ND Central Compliance Function)(Item 4), Patrick Lynch (National Director Planning & Performance)(Item 6), Brian O’Connell (Interim ND Capital & Estates)(Item 6)

Minutes reflect the order in which items were considered and are numbered in accordance with the original agenda. All performance/activity data used in this document refers to the latest information available at the time.

The Chairman held a private session to consider the agenda, papers and the approach to conducting the meeting.

1.1 Brief of Board Meeting – 26 July 2024

The Chair provided the Committee with an update of discussions held at the HSE Board Meeting of 26 July 2024.

1.2 Brief Review of Audit and Risk Committee

The Committee reviewed its activities since April 2023.

2.1 Conflicts of Interest

No conflicts of interest were declared.

2.2 Minutes

The Committee approved the minutes of 12 July 2024.

2.3 Action Log and Follow Up Items

The Chair advised that he had reviewed the ARC Action Log with the Board Office and all actions were being progressed as per the Update Report.

2.4 Matters for Mention

1. ARC Risk Workshop of 25 January 2024 - Status of actions.

The Committee noted the paper circulated, and it was agreed that once the new Board Committees are agreed, the Committee Chairs will agree a schedule of risk reviews as part of the annual work plans.

3.1 YTD Expenditure and projection to Year-end

The CFO provided a briefing to the Committee on the Financial Position as at 31 July 2024. He advised that in relation to the Supplementary Funding of €1.702bn received from the Department of Public Expenditure NDP Delivery and Reform and the Department of Health in June, and in line with the memorandum issued by the CEO on 16 July 2024 following national and regional engagements, I&E expenditure limits had been implemented system wide. He advised that full compliance by all members of the HSE Senior Leadership Team with the expenditure limits is required and savings need to be achieved in order to operate within the limits, while delivering fully on planned activity levels as set out in the National Service Plan 2024 and the Waiting List Action Plan and Urgent and Emergency Care Plan.

The Committee noted that the current cash projections to 30 September 2024 indicate that expenditure measures within the Health Regions are having limited effect on the cash demands of the HSE, whilst also failing to have impact on the achievement of the Regions I&E expenditure limits to 31 July 2024. It was noted that it is now estimated that by end September 2024 the HSE will have drawn down €1.615bn of the proposed maximum €1.702bn Supplementary funding from Department of Health, which would leave €87m of additional funding available for the remaining 3 months of 2024.

The CFO advised the Committee that National Schemes / National Services and Corporate areas had offset the overspend against limits in the Regions, however this is not expected to continue to year end and was a temporary offset to 31 July 2024. As at July a total of €317.6m of savings will need to be achieved by Health Regions by end of year in order to achieve their expenditure limits, which compares to an original savings target for Health Regions of €220.1m.

The Committee noted that the HSE Capital Plan has July YTD expenditure of €506.7m against a YTD budget profile of €419.3m leading to a negative variance against profile of €87.4m or 20.8% with the main driver being the National Children’s Hospital over profile by €48.9m.

The Committee noted the update and outlined their concerns that if not addressed successfully, it would be significant in respect of the reputation and credibility of the organisation. They outlined that further controls in non-pay would be required to achieve the expenditure control targets, and provided their support to the CFO in the efforts being made to address these issues.

The CFO advised the Committee that the CEO and the SLT were scheduled to meet in the afternoon and a further update would be brought to the Committee meeting in October.

3.2 Health Budget Oversight Group (HBOG)

The Committee noted the update in relation to the Health Budget Oversight Group meeting of 23 July 2024.

3.3 Controls Assurance Review Process (CARP) 2024

The Asst CFO provided an update of the Plan for the Control Assurance Review Process (CARP) 2024 and the Committee welcomed that it is underway and was reporting to be on schedule.

The Committee will monitor the execution of the CARP Plan, noting that it was an important project. The Committee highlighted their concerns in relation to compliance culture in the HSE and of the importance for an improvement in this area. The Committee requested further metrics and trends be included in a status update which will be brought back to the Committee meeting in December 2024.

3.4 Contract Approval Requests

The Acting ND Procurement presented to the Committee the following Contract Approval Request (CAR).

• cleaning services for HSE Health facilities Galway

The Committee considered the detail of the proposed CAR and agreed to recommend to the Board for approval.

4.1 Corporate Risk Register Q2 2024

The Chief Risk Officer (CRO) presented to the Committee the Q2 2024 Corporate Risk Register (CRR) Report. The Committee noted the 10 Open risks and 7 Watched risks on the Register, of which 3 Open risks were rated High, 7 Open risks rated Medium, and that there was no movement in residual risk ratings between Q1 2024 and Q2 2024. It was noted that a key development in Q2 is the inclusion of initial reporting of metrics of ‘Open’ risks that will accompany the CRR, and that these metrics will continue to be established in line with the 2024 Board Strategic Scorecard and other relevant reports.

The Committee noted the interim arrangement of risk ownership that is in place since 01 June 2024 for risks currently recorded against a role that did not form part of the new structure. These risks will continue to be monitored by the relevant Corporate Risk Support Team (CRST) member and Risk Management Lead. The SLT are to review and identify an SLT owner and initial engagement occurred with the Regional Executive Officers and the Chief Risk Officer on 06 September 2024.

The Committee held a discussion relating to risks R001 Delivery of Care, R005 Financial Management, R007 Cyber Security, W005 Health and Wellbeing of the Workforce, noted the key actions to reduce risks. The Committee queried compliance of third parties with the Digital Operational Resilience Act (DORA), and it was agreed that the CRO would discuss with the CTTO.

The Committee discussed the engagement of Section 38 agencies, and the ability of the REO to have a clear visibility of risks in these agencies. It was noted that there is some engagement with the agencies, and that the CRO and AND Enterprise Risk Management (ERM) would review further.

4.2 Risk Framework Assessment Update

The AND ERM provided to the Committee a high level summary assessment of the risk management framework of the organisation. She advised that an assessment had previously been carried out by a review of the HSE’s risk management system in 2019, and the components of this assessment were used to demonstrate the current level of development of the risk management framework, and presented the HSE Risk Framework Maturity Assessment comparison between 2019 to 2024.

The Committee noted that the assessment related to the corporate level of the organisation only, and that further maturity assessments outside of this level will be developed in due course.

4.3 Moody Review Update

The ND Public Involvement, Culture and Risk Management (PICRM) provided the Committee with an update on the recommendations proposed by the review of the HSE’s risk management framework which was carried out in July 2021 by John Moody, and outlined the 50 recommendations grouped into three themes of Risk governance, Building risk capability and capacity, and Risk management process. The Committee noted that many recommendations were contingent on the establishment of the Enterprise Risk Management (ERM) team and policy, and that the recommendations continue to inform the work programme of the ERM unit.

The Committee welcomed the update and the progress made, and asked that an anticipated target date be considered for those recommendations that are not complete. It was agreed going forward that the ERM team would consider the development of a new strategic plan for the unit which would be informed by those recommendations.

4.4 Central Compliance Function Implementation Plan

At the July 2024 Committee meeting, an overview was provided on the work undertaken by the AND Central Compliance Function (CCF) to date and next steps, and a request was made by the Committee for the draft multi-year implementation plan which had been developed by the CCF.

The AND CCF presented to the Committee the plan which included the development of the compliance framework, compliance improvement plans, an annual compliance monitoring plan, the establishment of a Compliance Obligations Register for the HSE, stand-alone compliance reporting and the provision of compliance training going forward.

The Committee noted that the adequate resourcing of the CCF continues to be an identified risk at present. The resourcing of the National Office of Protected Disclosures (NOPD) is being progressed at present to mitigate the risk. One position has been filled since the July update, with a further position at offer stage. Once filled the current NOPD assigned resources will be facilitated to return to the CCF to enable progression on the next steps of the Compliance Project.

It was noted that implementing the Compliance Framework Future Operating Model represents a significant change to the way in which the HSE manages compliance activity across the organisation, and the achievability of implementing the Framework will be dependent on a significant organisational commitment.

The Committee requested that a paper be brought forward at the November meeting, which would outline the different functions in the HSE in the risk/compliance space and how they all relate to each other, and it was agreed that Compliance Reports and updates would be included on the Committee Workplan on a quarterly basis.

5.1 Internal Audit Activity Report Q2 2024

The Asst ND Internal Audit provided a report to the Committee regarding Internal Audit activity, which assists the Committee in discharging its responsibilities to oversee and advise on matters relating to the operation and development of the HSE’s Internal Audit function. The report included information with regard to Audit Activity and Plan Status; Key findings from Audit Reports in Q2 2024; Implementation of audit recommendations at 30 June 2024; National Performance Indicator; and open and overdue recommendations.

The Committee noted the update in relation to the Internal Audit Plan Status at 30 June 2024; with 26 audit reports issued in Q2 2024 and an outline of the key findings from 4 of those reports.

The Committee noted the moderate improvement in the audit ratings (Satisfactory, Moderate, Limited and Unsatisfactory), but highlighted their concern that circa 50% remain in the categories Unsatisfactory and Limited.

In relation to the implementation of audit recommendations, the Committee noted that the rolling trend for closure of recommendations was positive with 119 recommendations closed since Q1 2024, but that the timely closure of recommendations by agreed due dates remain an ongoing issue, which was reflected in the National Performance Indicator of 39% YTD.

5.2 Internal Audit Operating Model – update

The Committee approved the Internal Audit Strategy on a Page at the July meeting, which outlined the strategic considerations and direction of the Internal Audit function and the revised structure that supports it. The Asst ND Internal Audit provided the Committee with the update on the implementation progress, which included union and staff consultation, staff transition arrangements and ICT and planned advertisement of new roles.

The Committee discussed the ongoing Internal Audit Industrial Relations matter, and outlined their serious concerns relating to a timely resolution, noting that this matter has been ongoing and that successive attempts to resolve the issue has been unsuccessful. The Committee re-emphasised the potential risks relating to the ongoing non-cooperation of some auditors, the impact on the timely delivery of the Internal Audit Plan, and on the Committee’s ability to provide assurance to the Board. The Committee noted the Employee Relations plan to have it resolved this month, and requested a further update be brought to the October meeting.

The Committee discussed the plan for Healthcare audit to transition out of Internal Audit and proposed reconfiguration from central services by the Chief Clinical Officer and the Committee requested assurance that Healthcare Risk would be on an equal footing with Clinical Risk under the new arrangements.

6.3 Building Contracts and Properties

The National Director Planning & Performance and the Interim ND Capital & Estates presented the following proposed contracts to the Committee, who considered with close scrutiny the detail, and agreed to recommend to the Board for approval.

1. Contract Award for the Architect Integrated Design Team for the Elective Hospital Programme Phase 1.
2. Contract Award for the Project Controls Team for the Elective Hospital Programme Phase 1.
3. Contract Award for the construction of St. Josephs Community Nursing Unit [CNU] 43-bed extension Dublin road, Longford.
4. Contract Award for the construction of St Colman’s New 95 Bed Community Nursing Unit [CNU], Ballinderry Road, Rathdrum, Co. Wicklow.

The ND P&P advised the Committee that the paper relating to the construction of St Colman’s New 95 Bed Community Nursing Unit would be amended, prior to being submitted to the Board, due to the withdrawal of the first ranked contractor and move to the second ranked which the Committee noted.

The Committee asked for a paper to be brought forward to show the major capital programmes, their remit, relationships, strategy linkage, size and status, and queried the extent to which the additional running costs from the capital projects are factored into future ongoing expenditure commitments by the HSE. It was agreed that this matter would be considered at a future Committee meeting.

6.1 Capital & Estates Strategy - Update on progress

The Committee noted the update on progress in relation to the Capital & Estates Strategy, which is an essential enabler to providing the healthcare infrastructure to support current and future service needs.

The Interim ND Capital & Estates outlined that the strategy sets out a clear strategic direction for the future management and development of the estate, which seeks to achieve six strategic objectives. The Committee discussed the objective Developing our People and Capabilities, which is determined on the workforce capability and capacity required to deliver projects in support of healthcare services, and noted the update on the continued progress in relation to the 60 posts approved as part of the 2024 National Service, which includes two new Regional ANDs. The Committee welcomed the update in relation to the recruitment process for the National Director for Major Capital & Infrastructure, which will build capability at national level for both the planning and implementation of major infrastructure projects.

6.2 Update on Capital Plan 2024

The Interim ND Capital & Estates provided the Committee with an update on the Capital Plan 2024, and provided the breakdown of expenditure to the end of July 2024. The Committee noted that the overall expenditure compared with the profile position is €86.60m ahead of profile. Expenditure on the National Children’s Hospital to the end of April amounts to €162.09m, which is €48.88m ahead of profile, and expenditure on all other projects/programmes are ahead of profile by €37.72m due to the acquisition of Elm Park.

The Interim ND Capital & Estates outlined the impact of the NCH project on in year capital expenditure and noted that any changes to the expenditure will impact on the remainder of the HSE’s capital programme, including the Capital Plan 2025. He advised that monthly engagement continues with the National Paediatric Hospital Development Board to monitor progress with a view to taking early decisions to address either further slippage in the cash flow or a potential increased cash flow requirements.

The Committee noted that Capital & Estates are carrying out a Quarter 3 review of all projects on the Capital Plan to establish the projected out-turn in 2024 as well as the required allocation per project for 2025 and beyond, and quarterly updates with regard to any material adjustments and any significant Contract Awards and significant Property Acquisition will be brought to the Committee.

There was no further business.

The Chair thanked the Committee and SLT members.

The meeting ended at 1pm.