Skip to page content Search
Home / Audit & Assurance / What we do / Internal Audit Services

Internal Audit Services

Our Internal Audit Programme provides Independent Internal Audit, Assurance and Advisory work within TAS itself, for health sector organisations, and other organisations.

The span of experience, qualifications and certifications within the TAS audit team and affiliated resources allows us to work on a variety of audit, assurance and advisory engagements. These include, but are not limited to the areas of governance, business, finance and accounting, information systems, information security and privacy, risk management and assessment, operations, contracts, general controls, quality assurance and various clinical areas.

Staff have performed these services in a variety of sectors including health, life and health insurance, financial services, electric and gas utilities, government and university level academic/education. Staff qualifications include CIA, CISA, CISM, CRISC, CA, PRINCE2 Practitioner.


Business, Finance and Human Resources

Well functioning business operations, and financial management processes and relevant controls are a key part of a successful organisation’s well oiled machine. Several TAS staff have audit, advisory and operational experience in this area.

Financial assurance and advisory reviews work completed includes financial assurance and advisory reviews such as general controls assessment, accounts payable, accounts receivable, transaction analysis including irregular transaction patterns, fraud assessment, payroll, procurement, contracting, purchasing, investment and cash management. Business process assessment reviews completed including various programme, project and “business as usual” areas operational efficiency and effectiveness assessments, shipping and receiving, plant and equipment, inventory, physical plant, and public relations. Human resources reviews completed have included ing recruitment, induction, retention, exiting, performance assessment, retention and termination, licensing and professional education.

Staff qualifications in this area, not counting several staff members operational responsibiolities during their careers include Certified Internal Auditor (CIA) and CA (Chartered Accountant).


Information Systems

Information systems are developed to support key organisational goals and should perform this function efficiently and effectively. However, the requirements for developing, maintaining, changing, and integrating these systems into the environment are sometimes overlooked or discounted resulting in fewer benefits to the organisation than expected. Audit and advisory services focused on these areas, as an objective third party, can often bring focus to issues unable to be satisfactorily raised by internal personnel.

TAS employs three staff who have information systems audit and advisory experience. These staff have lead and/or participated in engagements covering areas such as general controls, access control testing, transaction processing validation, disaster recovery and business continuity reviews, system development life cycle and environment assessment, large project implementation consulting, network and firewall configuration reviews, network, infrastructure and wireless scanning and penetration assessments, information systems regulatory compliance reviews, ICT operational and stakeholder effectiveness reviews, and numerous other areas. Staff qualifications in this area include Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).


Information Security

Information security is a top of mind concern given the increasing awareness of the importance of maintaining the confidentiality, integrity and availability of sensitive or proprietary information owned, managed or relied upon by organsisations of all sizes.

TAS employs three staff with information security assurance and operational experience including managing Information Security compliance at a large U.S. University (with a large health sciences campus), identifying security weaknesses in enterprise and cloud based systems relied on by a large number of organisations and a practical, approach to implementing and increasing “common sense” compliance and constituent support for information security across organisations.

These staff have performed information security and privacy maturity assessments (to ISO 27001, COBIT, NZISM, NIST, PCI-DSS and other standards), developed ment and assessed ment of appropriate policies, standards and procedures, completed security weakness evaluations, developed and implemented information security awareness programmes development and implementation, developed ment of training materials to required standards and delivered ing training both in person and using on-line platforms. Qualifications of staff in this area include Certified Information Security Manager (CISM).


Risk Management

Effective risk management is crucial to an organisation’s proper allocation of resources. A clear and understood risk appetite, as defined by the board, should be supported by an appropriate risk management framework. Accurate, timely and appropriate identification, mitigation and reporting of risks from within operational units to executive management and the board enables the organisation to effectively respond and manage risks.

The TAS team have experience assessing, evaluating and implementing risk management and risk assessment systems. One member of the team developed the approach, wrote the design specifications, and tested and assisted with the implementation of a large U.S. financial services company’s field audit risk assessment software. The statistical approach taken with the software significantly increased the accuracy and validity of the risk assessment ratings over prior risk assessment software. The reports generated were embraced and relied on by operational management since they proved effective and identified areas where management should focus some of their time. Another staff member has extensive experience developing risk management frameworks, leading risk management workshops and helping organisations implement a sound risk management approach.


Governance

Effective governance of an organisation sets both the strategic direction and foundation upon which a successful organisation operates. Governance design, strategic vision, objectives and priorities, board performance, monitoring of organisational performance, accountability, transparency, and responsiveness are aspects of organisational governance.

The TAS team has extensive experience assessing the quality of governance of large and small health sector organisations throughout New Zealand. Several members of the TAS team also have experience working with, reporting to and assessing governance of other organisations in the New Zealand, Australia, the U.S. and the U.K. One TAS staff member is currently serving on the board of the Wellington Information Systems Audit and Control Association (ISACA).


Quality Assurance

Members of the TAS team have consulted on and provided QA assurance services for programmes and projects, including large system implementations in New Zealand and the U.S. as well as and foundational work for an eHealth exchange in the U.S. QA experience of the TAS team has ranged from point in time project health checks to broader programme QA or general QA review of an units and departments. Three members of the team have PRINCE2 qualifications.

 

For more information please contact:

Jared McGillicuddy
Regional Internal Audit Manager

Mobile: 027 240 6118
Email:Jared.McGillicuddy@tas.health.nz