Home / Audit & Assurance / Internal Audit Programme

Internal Audit Programme

Our internal audit programme provides independent internal audit, assurance and advisory work for health sector and other organisations.

The span of experience, qualifications and certifications within the TAS audit team and affiliated resources allows us to work on a variety of audit, assurance and advisory engagements.

These include, but are not limited to the areas of:

  • Governance
  • Business
  • Finance and accounting
  • Information systems
  • Information security and privacy
  • Risk management and assessment
  • Operations
  • Contracts
  • General controls
  • Quality assurance
  • Various clinical areas.

Staff have performed these services in a variety of sectors including health, life and health insurance, financial services, electric and gas utilities, Government and university level academic/education. 

Staff qualifications include:

  • Certified Internal Auditor (CIA)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
  • Chartered Accountant (CA)
  • PRINCE2 Practitioner.

Business, finance and human resources

All successful organisations have:

  • Well-functioning business operations
  • Robust financial management processes
  • Relevant controls.

Our staff have the audit, advisory and operational experience in these areas.

Financial assurance and advisory reviews work we've completed includes:

  • General controls assessment
  • Accounts payable
  • Accounts receivable
  • Transaction analysis.

Our transaction analysis skills include:

  • Irregular transaction patterns
  • Fraud assessment
  • Payroll
  • Procurement
  • Contracting
  • Purchasing
  • Investment
  • Cash management.

Business process assessment reviews we’ve completed include various business as usual (BAU) areas:

  • Operational efficiency and effectiveness assessments
  • Shipping and receiving
  • Plant and equipment
  • Inventory
  • Physical plant
  • Public relations.

Human resources reviews we’ve completed include:

  • Recruitment
  • Induction
  • Retention
  • Exiting
  • Performance assessment
  • Retention and termination
  • Licensing and professional education.

Staff qualifications in this area include Certified Internal Auditor (CIA), Chartered Accountant (CA) and operational experience.

Information systems

Information systems are developed to support key organisational goals, and should perform this function efficiently and effectively.

However, the requirements for developing, maintaining, changing and integrating these systems into the environment are sometimes overlooked or discounted - resulting in fewer benefits to the organisation than expected.

Audit and advisory services focused on these areas, as an objective third party, can bring focus to issues unable to be satisfactorily raised by internal personnel.

Our capabilities
We have staff with information systems audit and advisory experience.

These staff have lead and/or participated in engagements, covering areas in:

  • General controls
  • Access control testing
  • Transaction processing validation
  • Disaster recovery
  • Business continuity reviews
  • System development life cycle
  • Environment assessment
  • Large project implementation consulting
  • Network and firewall configuration reviews
  • Network, infrastructure and wireless scanning and penetration assessments
  • Information systems regulatory compliance reviews
  • ICT operational and stakeholder effectiveness reviews.

Staff qualifications in this area include Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).

Information security

Information security is a top-of-mind concern, given the increasing awareness of the importance of maintaining the confidentiality, integrity and availability of sensitive or proprietary information owned, managed or relied upon by organisations of all sizes.

We employ staff with information security assurance and operational experience, including:

  • Managing information security compliance at a large US University (with a large health sciences campus)
  • Identifying security weaknesses in enterprise and cloud-based systems
  • A practical approach to implementing and increasing ‘common sense’ compliance and constituent support for information security across organisations.

These staff have:

  • Performed information security and privacy maturity assessments (to ISO 27001, COBIT, NZISM, NIST, PCI-DSS and other standards),
  • Developed and assessed appropriate policies, standards and procedures
  • Completed security weakness evaluations
  • Developed and implemented information security awareness programmes
  • Developed training materials to required standards
  • Delivered training both in person and using on-line platforms.
  • Qualifications of staff in this area include Certified Information Security Manager (CISM).

Risk management

Effective risk management is crucial to an organisation’s proper allocation of resources. A clear and understood risk appetite, as defined by the Board, should be supported by an appropriate risk management framework. Accurate, timely and appropriate identification, mitigation and reporting of risks from within operational units to executive management and the board enables the organisation to effectively respond and manage risks.

Our team has experience assessing, evaluating and implementing risk management and risk assessment systems. One member of our team developed the approach, wrote the design specifications, tested and assisted with the implementation of a large US financial services company’s field audit risk assessment software.

The statistical approach they took with the software, significantly increased the accuracy and validity of the risk assessment ratings over prior risk assessment software. The reports generated were embraced and relied on by operational management since they proved effective and identified areas where management should focus some of their time.

Another staff member has extensive experience developing risk management frameworks, leading risk management workshops and helping organisations implement a sound risk management approach.

Governance

Effective governance of an organisation sets both the strategic direction and foundation upon which a successful organisation operates.

There are a number of aspects of organisational governance:

  • Governance design
  • Strategic vision
  • Objectives and priorities
  • Board performance
  • The monitoring of organisational performance, accountability, transparency, and responsiveness.

Our team has extensive experience assessing the quality of governance of large and small health sector organisations throughout New Zealand.

Several members of the our team also have experience working with, reporting to and assessing governance of other organisations in the New Zealand, Australia, the US and the UK.

One staff member is currently serving on the board of the Wellington Information Systems Audit and Control Association (ISACA).

Quality assurance

Members of the team have consulted on and provided quality assurance (QA) services for programmes and projects, including:

  • Large system implementations in New Zealand and the US
  • Foundational work for an eHealth exchange in the US.

QA experience of the TAS team has ranged from point in time project health checks to broader programme QA or general QA review of units and departments. Team members have PRINCE2 qualifications.

For more information, contact:

Jared McGillicuddy
Regional Internal Audit Manager
Mobile: 027 240 6118
Email: Jared.McGillicuddy@tas.health.nz 

Last updated: 31/7/19