Procedure Number Version Nos:

Internal Audit Procedure WCDHB-PF-0013 4

1. Purpose
This Procedure outlines the process for internal audit which is to assist the West Coast District
Board (WCDHB) and its staff members in the effective discharge of their responsibilities and to
promote effective management and control at reasonable cost through the provision of
information with analysis, appraisals, recommendations and pertinent comments concerning the
activities reviewed.

2. Application
This Procedure is to be followed by all WCDHB members and staff members.

3. Definitions
For the purposes of this Procedure:
Internal Audit is taken to mean a managerial tool with its primary function being to measure
and evaluate the adequacy and effectiveness of internal control systems, including financial and
operational controls but excluding clinical and quality audits.

Internal Auditor(s) is taken to mean the person or person who are given the responsibility of
undertaken an internal audit. The Internal Auditor is to have no line responsibility or authority
over any of the activities reviewed, and is to have no responsibility or authority over any
WCDHB activities except to incur and approve expenditures in accordance with the agreed
internal audit plans and budgets.

4. Responsibilities
For the purposes of this Procedure:
Audit Committee is required to:
- oversee all aspects of this Procedure.

Internal Auditors are required to:

- undertake internal audits in an independent manner, in accordance with relevant Standards
and instructions from the Audit Committee;
- observe all requirements relating to privacy and confidentiality;
- provide a draft report to management for consultation
- ensure management comments are incorporated into or accompany the final report for the
Audit Committee

Management is required to:

- provide assistance (as and when required) to the Internal Auditors;
- provide feedback on the draft internal audit report;
- incorporate findings of the internal audit into operational activities (as and when required).

5. Resources Required

This Procedure requires no specific resources.

1
Uncontrolled Document – West Coast District Health Board
 Procedure Number Version Nos:
Internal Audit Procedure WCDHB-PF-0013 4

6. Process
1.00 Independence is essential to the effectiveness of the internal audit function. This
independence is to be achieved primarily through the reporting lines and objectivity.
Drafting policy and procedures, designing and installing operating systems are not internal
audit functions as they are likely to impair audit objectivity, and are to be excluded from
any activities undertaken by Internal Auditors.

1.01 Internal Auditors are to be given full access to any WCDHB records, properties, resources
and personnel as may be necessary to fulfill internal audit objectives and responsibilities.
Access to personal information will however be restricted in accordance with the
requirements of the Privacy Act (1993), the Health Information Privacy Code (1994) and
the Official Information Act (1982).

1.02 All information made available to Internal Auditors, by the WCDHB, its staff members
and/or other parties, is to be treated in the strictest confidence by the Internal Auditors.

1.03 The Audit Committee is responsible for approving and monitoring a three-year internal
audit programme, which should include:
i) Identification and prioritisation of audit areas;
ii) Risk assessments;
iii) Resource requirements;
iv) indicative scope for each review.

1.04 The internal audit programme is to be discussed with the Chief Executive Officer and
members of the executive management team before finalisation. In preparing the
programme, the Audit Committee are to be sensitive to the peak workload periods and
other sensitivities of operations to be audited.

1.05 The annual budgeted cost of the internal audit programme will be managed by the Chief
Financial Manager.

1.06 It is recognised that a three year audit programme will be indicative relative to the resources
required for each audit topic, as well as appropriate scope. Accordingly the final scope of
individual audit topics are to be set out in detailed workplans with the individual line
manager responsible for the audit topic. these workplans are to be copied to the Chief
Executive Officer or Chief Financial Manager as appropriate.

1.07 Where an audit topic differs from the agreed audit programme or the scope of an audit
topic varies considerably from that first indicated, then the audit topic is to be referred
back to the Audit Committee for approval.

1.08 Where the cost of an individual audit topic or the cumulative cost of topics exceeds the
indicative cost of the original audit programme by more than 10%, then this is to be
referred back to the Audit Committee for approval.

1.09 Variations in 1.07 and 1.08 may be approved directly by the Chair of the Audit Committee
and ratified at the Audit Committee’s next scheduled meeting. However, the Chair may
convene a special meeting of the Audit Committee to consider these variations.

2
Uncontrolled Document – West Coast District Health Board
 Procedure Number Version Nos:
Internal Audit Procedure WCDHB-PF-0013 4

1.10 The internal audit programme may include the review of any activity where it can be of
service to management as an independent appraisal activity and systems
assurance/evaluation. This may involve going beyond the financial and information
systems to obtain a full understanding of the operations under review, and may include the
following:
i) Financial, Statistical and Operating Information
a) Reviewing the reliability and integrity of financial, statistical and operating information
and the means used to identify, measure, classify and report such information.
b) Examining information systems and, as appropriate, ascertain whether financial,
statistical and operating records and reports contain complete, accurate, reliable and
timely information and that controls over record keeping and reporting are adequate
and effective.

ii) Significant Projects

a) From time to time the WCDHB may undertake significant projects involving new
systems or changes to existing systems. Internal audits may assist project teams and
steering committees by advising on systems development issues such as adequacy of
testing, documentation and controls.

iii) Economical and Efficient Use of Resources

a) Management is responsible for setting operating standards to measure whether
resources are being used in an economic and efficient manner. Internal audits can assist
management by determining and advising whether:
• Appropriate standards have been established to measure economy and efficiency.
• Established standards are understood by staff and are being measured correctly.
• Deviations from standard are identified, analysed and communicated by management to
those responsible for corrective action, e.g. under or over utilised facilities non
productive work procedures which are not cost effective over or under staffing.
• Inadequate physical security or safety measures.
• To identify if corrective actions has been taken.

iv) Chief Executive Officer Requests

a) The internal audit function can be required to complete special reviews requested by the
Chief Executive Officer. Reporting on these reviews will be directly to the Chief
Executive Officer. Internal audits may also investigate and report on instances of
suspected fraud at the Chief Executive Officer's request.

1.11 The Internal Auditor may also be required to follow up on previous internal audit findings,
recommendations and agreed actions.

1.12 The Audit Committee will appoint an Internal Auditor(s) for the audit activities contained
within the internal audit programme. The Internal Auditor is to have no line responsibility
or authority over any of the activities reviewed. The Internal Auditor may also be an
external contractor. The appointment is to be in writing with the Audit Committee
providing the Internal Auditor with an audit plan and budget, outlining the specific
requirements for the internal audit.

3
Uncontrolled Document – West Coast District Health Board
 Procedure Number Version Nos:
Internal Audit Procedure WCDHB-PF-0013 4

1.13 The Internal Auditor is to have no responsibility or authority over any WCDHB activities
except to provide audit reports and recommendations regarding WCDHB activities that
have been audited in accordance with the agreed Internal Audit Plan and budgets.

1.14 The Internal Auditor is to report directly to the Audit Committee. In addition, it is
expected that the Internal Auditor will report in person to the Chief Executive Officer on a
regular basis or where, for example, a significant issue, risk or breakdown in control has
arisen and been identified.

1.15 On completion of the audit, the Internal Auditor will discuss draft report findings and
recommendations with the auditee(s). The auditee(s) will have a maximum of 10 working
days to respond and clear the draft report prior to circulation to senior management.
Every effort will be made to ensure all matters of factual content are resolved at this time.
Where appropriate, the reports will acknowledge satisfactory performance as well as
corrective action taken.

1.16 A written draft report will then be issued promptly by the internal auditor to the Chief
Executive Officer.

1.17 Management have one calendar month (30 working days) from receipt of the report to
provide the internal auditor (via the Chief Executive Officer) with a formal written
response to the internal audit findings and recommendations including timeframes for any
corrective actions. Non-receipt of management responses are to be taken as an indication
of agreement by management with the report.

1.18 The Internal Auditor is to incorporate the management response into the internal audit
findings and provide a finalised version to the Audit Committee.

1.19 The Internal Auditor shall record findings in a manner which can be easily used to
substantiate findings and support reports in accordance with relevant professional
standards.

1.20 All internal audits are to be conducted in compliance with the Code of Ethics and
Standards for the Professional Practice of Internal Auditing (issued by the Institute of
Internal Auditors) as well as NZS 10011 “Guidelines For Auditing”

7. Precautions And Considerations

Independence is essential to the effectiveness of the internal audit function.

Internal Auditors are to be given full access to any WCDHB records, properties, resources
and personnel as may be necessary to fulfill internal audit objectives and responsibilities.

The Internal Auditor reports directly to the Audit Committee.

4
Uncontrolled Document – West Coast District Health Board
 Procedure Number Version Nos:
Internal Audit Procedure WCDHB-PF-0013 4

8. References
Code of Ethics and Standards for the Professional Practice of Internal Auditing
NZS 10011 “Guidelines For Auditing”

9. Related Documents

WCDHB Quality Auditing Procedure

WCDHB Clinical Auditing Procedure

Version: 4
Developed By: Risk and Quality Manager
Revision Authorised By: Audit, Risk and Finance Committee
History Date Authorised: August 2006
Date Last Reviewed: August 2006
Date Of Next Review: August 2008

5
Uncontrolled Document – West Coast District Health Board
 Procedure Number Version Nos:
Internal Audit Procedure WCDHB-PF-0013 4

This Page Is Deliberately Blank

6
Uncontrolled Document – West Coast District Health Board