Audit and Assurance Committee - Public Agenda

Digital Health and Care Wales SpecialHealth Authority - Audit andAssurance Committee - PublicTue 06 July 2021, 09:00 - 11:30

Teams Call

Agenda

1. PRELIMINARY MATTERS

1.1. Welcome and introductions

For Noting Chair

1.2. Apologies for Absence

For Noting Chair

1.3. Declarations of Interest

For Noting Chair

1.4. Matters Arising

For Noting Chair

2. MEETING BUSINESS

2.1. Approval of Minutes from the last Public Committee

For Approval Chair

2.1 20210511 Audit and Assurance draft minutes- PUBLIC.pdf (17 pages)

2.2. Approval of Minutes from the last Private Committee

For Approval Chair

2.2 20210511 Audit and Assurance draft minutes - PRIVATE - abridged.pdf (3 pages)

2.3. Action Log

For Discussion Chair

2.3 Action Log.pdf (1 pages)

2.4. Committee Forward Work Plan

For Noting Board Secretary

2.4 Audit and Assurance Committee Forward Workplan.pdf (3 pages)

3. AUDIT & COUNTER FRAUD

09:00 - 09:000 min

09:00 - 09:000 min

09:00 - 09:000 min

Fuller,Sophie

06/29/2021 12:39:32

3.1. Internal Audit Update

For Assurance NWSSP Internal Audit

3.1 Internal Audit Progress Cover Report.pdf (3 pages) 3.1i DHCW 2122 - Internal Audit Update Report - July 2021.pdf (4 pages)

3.2. IM&T Advisory Internal Audit Report

For Discussion NWSSP Internal Audit

3.2 IM&T Advisory Internal Audit Cover Report.pdf (3 pages) 3.2i Audit IMT Advisory Reviews Report.pdf (16 pages)

3.3. Audit Wales Update

For Assurance Audit Wales

3.3 Audit Wales Update Cover Report.pdf (4 pages) 3.3i 2458A2021-22 DHCW Audit Wales Update (July 2021).pdf (8 pages)

3.4. DHCW Audit Action Log

For Discussion/Review Head of Corporate Services

3.4 DHCW Audit Action Log- v1.0.pdf (4 pages) 3.4i DHCW Audit Action Log 210621 Redacted.pdf (4 pages)

3.5. Counter Fraud Update

For Noting Cardiff & Vale Counter Fraud Services

3.5 Local Counter Fraud Update Cover Report.pdf (3 pages) 3.5i DHCW Local Counter Fraud Update.pdf (4 pages)

3.6. Public Accounts Committee Review of NWIS Report

For Noting Chief Operating Officer

3.6 Public Accounts Committee Review of NWIS Update Report.pdf (6 pages) 3.6i Public reports pack 01032021 0830 Public Accounts Committee.pdf (62 pages)

3.7. COMFORT BREAK

For Noting Chair

4. CORPORATE REPORTS

4.1. Risk and Board Assurance Framework Strategy Update Report

For Discussion Board Secretary

4.1 Risk Management and Board Assurance Framework Update Report.pdf (4 pages) 4.1i Risk Management & BAF Milestone Plan v3.pdf (2 pages)

4.2. Corporate Risk Register

For Noting Head of Corporate Services

4.2 Corporate Risk Register Public v1.0.pdf (4 pages) 4.2i RR_DHCW Corporate May 21-v1.0.pdf (3 pages)

4.3. Financial Update

09:00 - 09:000 min

Fuller,Sophie

06/29/2021 12:39:32

4.3.1. Financial Losses and Special Payments

Verbal for Noting Executive Director of Finance

4.3.2. Audit of 20_21 Velindre Accounts

For Noting Deputy Director of Finance

4.3.2 Audit of 20_21 Accounts Cover Report.pdf (4 pages) 4.3.2i Appendix A - Final ISA260 report - Velindre NHS Trust - 2020-21.pdf (22 pages)

4.3.3. Banking Financial Control Procedure Report

For Approval Deputy Director of Finance

4.3.3 Banking Financial Control Procedure Report.pdf (4 pages) 4.3.3i Appendix A FCP-FBA-012 Banking Arrangements-v1.pdf (9 pages)

4.3.4. High Value Purchase Order Report

For Noting Deputy Director of Finance

4.3.4 High Value Purchase Order Cover Report.pdf (4 pages) 4.3.4i Appendix A - High Value Purchase Orders Tracker F-01.pdf (1 pages)

4.4. Procurement and Scheme of Delegation Compliance Report

For Noting Head of Commercial Services

4.4 Procurement and Scheme of Delegation Compliance Report.pdf (4 pages) 4.4i Appendix A - Procurement Activity Overview.pdf (1 pages)

4.5. Declaration of Gifts and Hospitality


4.5 DHCW Declarations of Interest, Gifts, Hospitality and Honoraria.pdf (6 pages) 4.5i Declarations of Interest Register June 2021.pdf (3 pages) 4.5ii DHCW Gifts & Hospitality Declarations v1-0.pdf (1 pages)

4.6. Estates Compliance Report


4.6 REP-Estates Compliance v1.0.pdf (4 pages) 4.6i Estates Compliance Report - May 2021-v2.pdf (19 pages)

4.7. Annual Quality and Regulatory Plan

For Approval Head of Quality & Regulatory Compliance

4.7 DHCW Quality and Regulatory Annual Plan.pdf (16 pages)

4.8. Quality & Regulatory Compliance Report

For Noting Head of Quality & Regulatory Compliance

4.8 DHCW Quality and Regulatory Update Report.pdf (5 pages)

4.9. Welsh Language Scheme Update Report

For Discussion Corporate Governance and Assurance Manager

4.9 Welsh Language Scheme Update Report.pdf (4 pages) 4.9i Appendix A - Welsh Language Scheme Timeline Plan.pdf (1 pages)

4.10. Special Health Authority Project Closure Report

For Noting Chief Operating Officer

Fuller,Sophie

06/29/2021 12:39:32

4.10 SHA Transition Project Closure Cover Report.pdf (4 pages) 4.10i Appendix A Closure Report - SHA Transition Project v1.0.pdf (14 pages)

5. CLOSING MATTERS

5.1. Items for Chair's Report to Board


5.2. Any Other Urgent Business


5.3. Date of next meeting

For Noting Chair

Tuesday 5th October 2021 09:00-13:00

09:00 - 11:30150 min

Fuller,Sophie

06/29/2021 12:39:32

100521-DHCW-ITAMG-MDA-d01 1 Amanda Murray

09:00 – 11:30 11/05/2021

Teams Call

Chair Marian Wyn Jones

Present (Members) Title Organisation

Marian Wyn Jones MWJ Independent Member, Chair of the Audit and Assurance Committee

DHCW

Grace Quantock GQ Independent Member, Vice Chair of the Audit and Assurance Committee

DHCW

David Selway DS Independent Member DHCW

Attendees

Claire Osmundsen-Little COL Director of Finance DHCW

Chris Darling CD Board Secretary DHCW

Mark Cox MC Deputy Director of Finance DHCW

Julie Ash JA Head of Corporate Services DHCW

Michelle Sell MS Chief Operating Officer DHCW

Amanda Murray AM Secretariat DHCW

Dave Thomas DT Audit Director Audit Wales

Darren Griffiths DG Audit Manager Audit Wales

James Quance JQ Head of Internal Audit NWSSP Internal Audit

Martyn Lewis ML IT Audit Manager NWSSP Internal Audit

MINUTES, DECISIONS & ACTIONS TO BE TAKEN

Audit and Assurance Committee - PUBLIC

1/17 1/284

Fuller,Sophie

06/29/2021 12:39:32


Simon Cookson SC Director of Audit & Assurance NWSSP Internal Audit

Nigel Price NP Local Counter Fraud Specialist Cardiff and Vale University Health Board

Apologies

Ruth Glazzard RG Independent Member DHCW

Acronyms

DHCW Digital Health and Care Wales NWIS NHS Wales Informatics Service

SHA Special Health Authority A&A Audit and Assurance

KPI Key Performance Indicator PAC Public Accounts Committee

SO’s Standing Orders SFI’s Standing Financial Instructions

HEIW Health Education and Improvement Wales

FCP Financial Control Procedures

Item No Item Outcome Action

1 PRELIMINARY MATTERS

1.1 Welcome and introductions

The Chair commenced by welcoming everyone to the inaugural meeting of the Digital Health and Care Wales (DHCW) Audit and Assurance (A&A) Committee. Digital Health and Care Wales was established on the 1 April 2021 with the remit to support the health and care system and enable delivery of high-quality health and care across Wales. DHCW touches every other NHS body in the work it does, and digital has never been more important in delivering health and care than the past twelve months.

The Chair asked that members introduce themselves and those in attendance introduce themselves as part of items they are presenting. The Chair noted the apologies earlier from the final Independent Member, Ruth Glazzard, Vice Chair of DHCW who has a strong background and experience in audit and governance.

The Chair noted that there will be opportunity for Committee members to meet in a closed session with colleagues from Internal and External Audit and Counter Fraud to prepare for

Noted None

2/17 2/284

Fuller,Sophie

06/29/2021 12:39:32


meetings.

DHCW is committed to being open and transparent and the Audit and Assurance Committee will ensure papers and minutes are uploaded to the DHCW website for members of the public to access.

The Chair noted that she had been fortunate to have had the opportunity to meet with Audit colleagues and thanked them for their time and support.

In line with current advice and guidance in relation to Covid-19 with respect to public gatherings, DHCW have decided not to hold Committee meetings in public, a decision taken in the best interests of protecting the public, DHCW staff and Committee members. This position will be monitored on an ongoing basis as restrictions ease.

The Chair noted there will be occasions where it is necessary for the Committee to receive items in a private session due to the sensitivity of the material presented. Today’s Committee will include a short private session.

1.2 Apologies for Absence

It was noted that Ruth Glazzard (Independent Member) has tendered her apologies.

Noted None

1.3 Declarations of Interest

There were no declarations of Interest received.

Noted None

2 MEETING BUSINESS -

2.1 Closure Report from Velindre University Trust Audit Committee

The Chair invited the Board Secretary, Chris Darling (CD) to present the closure report.

The Board Secretary provided some background to the arrangements in place between NHS Wales Informatics Service (NWIS) and Velindre University NHS Trust. NWIS was established on 1st April 2010 and hosted by Velindre University NHS Trust who were responsible for the governance and assurance of NWIS activities.

The DHCW Chair, Bob Hudson met with the Chairs of the Velindre Quality, Safety and Performance Committee and the Audit Committee to go through a handover and discuss the closure report, no issues were identified.

CD informed the Committee the last Velindre Audit Committee took place on 22nd March. Minutes have yet to be received however there are no known outstanding Velindre Audit Committee actions. Actions on the audit

Noted None

3/17 3/284

Fuller,Sophie

06/29/2021 12:39:32


tracker will continue to be reviewed at the DHCW Audit and Assurance Committee. There is an outstanding action from the VHNHST Quality Safety & Performance Committee regarding a Microsoft Team Tenancy issue which will be tracked through DHCW Digital Governance & Safety Committee.

DHCW was established as a Statutory body on 1st April 2021 and will receive assurance through the new Committee structure outlined in the Standing Orders. Work was undertaken as part of the SHA transition project to map each of the responsibilities identified in the hosting arrangements to one of the transition project workstreams in Appendix A of the report and all actions are either complete or on target.

CD asked the Committee to note Section 3.1, lease approvals and high value contract awards (Over £750k) will now be submitted to the DHCW Board for approval.

Two Audit Reports did not go to the last Velindre Audit Committee and will be considered at today’s Committee meeting.

Corporate Risks will become a standing agenda item for the DHCW Audit and Assurance Committee.

The Chair asked for clarification on the five Single Tender actions and two Change Control Notices, asking would that sum be typical commitments? Claire Osmundsen-Little (COL), the Director of Finance confirmed that most high value contracts related to Covid-19 and were reported to the committee for noting. Michelle Sell (MS), the Chief Operating Officer agreed there were circumstances driven by Covid-19 requiring urgent action however, these were exceptions in terms of the activity and rigorous scrutiny internally and specific justifications would be drafted to support these tenders.

2.2 Terms of Reference (ToR)

The Chair invited CD to present this item.

CD confirmed the Committee were being asked to approve the Terms of Reference.

CD outlined the key responsibilities within the Terms of Reference that were to assure the Board and Chief Executive of good governance, advise on the assurance framework and approve on behalf of the Board relevant policies, procedures and written controlled documents.

The Terms of Reference have been developed in line with section 3.3 of the Standing Orders with eight areas of focus and have incorporated comments and feedback from Internal and External Audit colleagues. The Chair clarified the

Approved None

4/17 4/284

Fuller,Sophie

06/29/2021 12:39:32


composition and membership of the Committee for noting that the four Independent Members would include the Chair.

The Committee resolved to:

Approve the Terms of Reference

2.3 Audit and Assurance Committee Annual Cycle of Business and Forward Workplan.

CD presented the Annual Cycle of Business and the Forward Work Plan. The Committee will receive the Annual Cycle of Business prior to 31st March 2022 in readiness for approval for 2022/2023. This identifies the reports to be regularly presented for consideration and ensures that the Audit and Assurance Committee has the appropriate reporting to effectively carry out its role.

CD explained the Forward Work Plan would be a live document, there will be additional items added for future meetings with discussions already highlighting additions to the work programme. CD asked that the members and attendees undertake some horizon scanning for potential items for inclusion and share those details with himself or the Chair. The Committee will meet on a quarterly basis with additional meetings being scheduled to consider annual reporting requirements in order to report to the DHCW SHA Board and Welsh Government.


Approve the Annual Cycle of Business and note the Forward Work Plan.

Approved None

3 AUDIT AND COUNTER FRAUD

3.1 Internal Audit 2021/22 Plan

The Chair invited Simon Cookson (SC) and James Quance (JQ) to present the item.

SC provided some background of the Programme of Audit work undertaken in conjunction with the Welsh Government and NWIS over the last four years. On average five to six audits a year were undertaken after agreement from the NWIS management team. These were subsequently reported and approved by Velindre’s Audit Committee.

JQ outlined the proposed internal audit plan for the coming year. This has been presented to and approved by the DHCW senior leadership team in readiness for presentation at this Committee for approval. The initial plan concentrates on baseline work focusing on the key functions and processes of the organisation.

JQ outlined the items included in the submission to the

Noted

Approved

None

5/17 5/284

Fuller,Sophie

06/29/2021 12:39:32


Committee including the Charter, which provides details for the rules of engagement, the associated internal resource requirements and the Key Performance Indicators (KPI’s) which can be noted in the appendix.

COL noted the Executive team worked with Internal Audit colleagues to finalise the plan and the paper presented today has the full support of the Executive team.

The Chair noted the plan’s activity was focused towards the end of the year and questioned if this would pose a problem in delivering the planned work? JQ confirmed that although there were risks including the reduced time to address any concerns or potential limited assurance findings, discussion would take place regularly with DHCW colleagues to ensure work is on target and can be managed.

JQ confirmed that there was flexibility within the plan and if the Committee advised a change of focus was required this could be accommodated.


Approve the Internal Audit 2021/22 plan and note the associated charter, resource requirements and KPI’s within the appendix.

3.2 Internal Audit Reports

Supplier Management Follow-up Report – Final Report

The Chair confirmed that the Supplier Management follow up audit has been completed as part of the Internal Audit Plan for 2020/21 for NWIS. This is the final report in respect of 2020/21. It will also be reported to the Velindre NHS University Trust Audit Committee as the Committee that approved the plan for the year 20/21

The Chair invited Internal Audit to present this item.

Martyn Lewis (ML) reiterated this was a follow up piece of work to ensure the actions from the initial audit were progressing appropriately. The finding was that good progress has been made to date with a number of key actions having been addressed. Noting the overall contract review process is slightly behind due to resource constraints within the Commercial Service team, the risk of this has been reported to the Executive team and is being mitigated by focusing on management of contracts with the highest risk, which Internal Audit deem to be the correct action.

The remaining item to make progress is the requirement for recording sign off for contract specifications. The delay in progress on this action is largely due to Covid-19, overall Internal Audit are satisfied with the progress.

Assured None

6/17 6/284

Fuller,Sophie

06/29/2021 12:39:32


The Chair enquired as to the expected timescale for completion of the remaining action?

Julie Francis (JF) confirmed to the Committee that the remaining action would be completed by the end of May 2021. There will be specific and targeted training for the Commercial Services team and across the organisation to ensure embedding of defined procedures. JF noted that the Commercial Services team would continue to review and update the policies and procedures in line with best practice to reflect the changing needs of the business of DHCW. The team will also be undertaking internal department six-month audits to ensure compliance on the areas reviewed.


Receive the Supplier Management Follow-up Report for assurance.

3.3 External Audit 2021/22 Plan

The Chair invited Dave Thomas (DT) and Darren Griffiths (DG) to present the item.

DT explained he was the named Engagement Director for DHCW on behalf of Audit Wales. DG will manage the performance audit work moving forward. DT noted that other colleagues would join for the DHCW Audit and Assurance Committees in the future depending on the nature of the work being reported. DT noted the external audit operational plan does not follow the financial year, so the plan presented to the Committee is a part year plan. Early work would make use of working arrangements for Auditor General annual work with DHCW which as a public body include review of the Statutory audit of the annual accounts and conclusions on the arrangements in place for the organisations use of resources.

Early activity will include work to assess the DHCW governance arrangements established, and this work would be scheduled taking into account the fact that DHCW have only recently established as a statutory body, and the team would work closely with DHCW colleagues to time this work to take place when it would be most effective.

The Chair sought clarification on how delivery was being tracked for the outstanding recommendations highlighted in the Public Accounts Committee/Audit Wales reports into NWIS in 2018. External Audit advised the importance of it appearing on the audit tracker for management and assurance and as the report went to previous Public Accounts Committee (PAC), there would be a requirement for the new PAC to have a legacy view.

Approved None

7/17 7/284

Fuller,Sophie

06/29/2021 12:39:32



Approve the External Audit 2021/22 Plan.

3.4 DHCW Audit Action log

The Chair invited Julie Ash (JA) to present the item and give context to how the audit tracker action log has been managed in NWIS previously.

Historically actions were recorded on an Audit Tracker and presented to the Velindre Audit Committee.

JA outlined the current status of the Audit Tracker, there were 11 open actions reported to the last Velindre University NHS Audit Committee, 2 were closed with a further 4 added from the Internal Audit resilience audit. Previous discussions have taken place and agreement was made to show 2 actions separately as the completion of these are dependent on external partners and out of our control as an organisation. With regard to progress, there are 4 green, 6 yellow, 1 amber and no red. There is now clarity on the organisation’s position with regard to Networks and Information Systems (NIS) Directive. DHCW have identified Information Asset owners for all of our systems and have registered with the Information Commissioner’s Office as a new statutory body.

JA outlined the details of the amber item which described the associated action required for migration from legacy infrastructure. There is now a validated plan with Management Board sign off, the next step will be to discuss this with Internal Audit colleagues.

David Selway (DS) commented on the New NHS Digital System delay in the provision of the payment system and how this would affect NHS Wales? JA advised the timescales were out of our control but DHCW colleagues in the demographics team were aware of the requirement and there is no need for concern with regard to negative impact.

Grace Quantock (GQ) asked for the reasoning behind the RAG ratings? COL advised this was a historic choice, DHCW have worked closely with Internal Audit to ensure it was consistent with other NHS Wales approaches. The RAG ratings in use are a simple and quick way of being able to understand priorities and target resources where needed. As an organisation we have made progress on our management of the audit actions including reviewing on a weekly basis. DHCW would be pleased to work with Independent Member colleagues to improve the process further.

DS referred to the handover report and questioned the criticality with regard to the Legacy Application with old code (LASPAR) and the limited skills DHCW have in order to

Discussed Arrange a meeting with GQ, COL, SC, CD and JA to share approaches and learnings on RAG ratings.

8/17 8/284

Fuller,Sophie

06/29/2021 12:39:32


maintain that code moving forward. JA advised a plan was in place to migrate to a controlled environment where skills were available with options being worked through currently.

The Chair acknowledged the progress to date made on audit actions and welcomed the current proposed split of actions of those under DHCW control and those that are not.

ACTION - 20210511 – A01: Arrange a meeting with GQ, COL, SC, CD and JA to share approaches and learnings on RAG ratings.


Discuss the DHCW Audit Action log and note the current position on progress including the 4 actions to be closed.

3.5 Counter Fraud

The Chair invited Nigel Price (NP) the DHCW Counter Fraud lead from Cardiff and Vale University Health Board to present the report.

NP explained that no counter fraud work had been undertaken to date with DHCW, due to the establishment of the organisation only taking place on the 1st April 2021.

NP is organising Counter Fraud awareness presentations for all the staff in the organisation. There are no active investigations linked to DHCW at present.

NP gave an overview of the National Fraud Initiatives and the steps that Counter fraud undertake to ratify the data produced. The National Fraud Initiative has been included in the plan for this year as some employees for DHCW may have transferred from Health Boards.

The Chair referenced the breakdown of the planned activity and queried that zero days had been allocated to prevention and was interested in understanding the approach to prevention and how the financial procedures will be linked to the counter fraud work. How will learning and awareness of policies be embedded to help avoid fraud?

NP responded that learnings would be tailored to the audience to ensure the appropriate information is shared. NP will work with colleagues to embed the preventative actions required to help staff stop and consider what they are being asked to do.

The Committee discussed appointing a Counter Fraud Champion within DHCW to act as the link to the work with NP. DHCW are adopting new training approaches including making counter fraud e-learning part of the mandatory package.

ACTION – 20210511 – A02: Executive team to select a

Assured Executive team to select a champion for counter fraud to lead internally for the organisation.

9/17 9/284

Fuller,Sophie

06/29/2021 12:39:32


champion for counter fraud to lead internally for the organisation.


Receive the Counter Fraud report for assurance and note the planned activity information.

4 CORPORATE REPORTS

4.1 Corporate Risk Register

The Chair invited JA to present the item.

JA outlined the current processes in place for the management of risk in the Organisation. The risks are assessed by the risk management group and the monthly Management Board review the Corporate Risk register

The categorisation of the current risks (excluding Cyber) are:

4 x Business and Organisational

2 x Clinical

1 x Health and Safety

2 x Information Governance

1 x Projects

6 x Service Interruption

JA highlighted several risks for the Committee,

NWIS0207 – Document Management

This risk has been at this level for some time, a third party has since been engaged and a plan is now in place to deliver a series of workshops led by Service Management.

NWIS0280 – Welsh Language Standards Consultation

As a new SHA the Welsh language standards do not apply however, in line with the requirements of the Welsh Language Act a scheme will be established over the next four to five months by JA and CD.

The Chair asked for clarification of the DHCW position on the Welsh language Standards. JA advised the Welsh Language Standards were introduced in 2011 and did not include Special Health Authorities. There is currently no indication from Welsh Government as to the timeframe for including Special Health Authorities in the legislation, however JA believes it will not take longer than a year. NWIS previously worked to the standards when hosted by Velindre and DHCW will continue to do so via the scheme to be developed. The Chair emphasised the importance of getting a timeline in terms of delivery of the scheme and asked for an update as

Noted JA to ensure the lift is ventilated and will look at the Covid-19 SOP to ensure the requirements for wheelchair users are explicitly outlined.

COL and CD to develop the DHCW approach to the corporate risk register for the next meeting.

Update on the progress of the Welsh language Scheme creation to be reported to the July Committee

10/17 10/284

Fuller,Sophie

06/29/2021 12:39:32


soon as available.

NWIS0262 – Medical Devices Regulations

This risk has been assessed at a recent risk management group and the decision has been taken to de-escalate it from the Corporate Risk register as this was now being managed as part of business as usual whilst the new regulations are being developed.

NWIS0236 – Accessible lift at Tŷ-Glan yr Afon.

Work by the landlord has now commenced and is due to be completed by the end of the month.

GQ raised the issue of the accessible lift and how this will work with Covid-19 restrictions? JA confirmed there was an alternative entrance via the ground level carpark.

ACTION – 20210511 – A03: - JA will ensure the Covid-19 SOP to ensure the requirements for wheelchair users are explicitly outlined.

The Chair then opened questions out to the floor.

NWIS0259 – Vacancy factor and niche skills requirements

DS asked how risk NWIS0259 relating to current staffing issues were going to be addressed. Michelle Sell (MS) The Chief Operating Officer confirmed that a recruitment taskforce had been set up to help manage both recruiting to difficult roles and managing the vacancies. The scope of avenues for recruiting have been broadened recently, which has resulting in good returns in terms of filling much needed positions. Alternative options are being explored in terms of the organisations approach to delivering the plan which may require DHCW to think differently about its approach.

NWIS0237 – Demand exceeding capacity

DS raised the concern of the combination of risk NWIS0307 and NWIS0237 and what the organisation’s plan was for addressing these? MS explained that the requirements for Covid-19 have been planned into the Annual Plan for 21/22. A dedicated team has been established to ring fence not just the resource for the Covid-19 response but also the other elements of the plan. COL added that a paper in relation to the vaccine systems requirements has been presented to WG proposing the introduction of permanent development positions in support of the vaccine development system that could pivot to develop other systems whilst retaining the learning.

DS asked that with the move to the product-based approach for developing systems, this has an intrinsic cost. Have we worked through the funding requirements for supporting the

11/17 11/284

Fuller,Sophie

06/29/2021 12:39:32


lifecycle of the products? COL explained that the transition to DHCW has started these conversations and that the proposed approach to vaccine is the second application to be managed in this way. The overall requirements for DHCW will be to understand the fit in the organisation and the development pipeline.

ACTION - 20210511 – A04: COL and CD to work on the Corporate Risk Register to develop the DHCW approach for the next meeting

ACTION - 20210511 – A05: Update on the progress of the Welsh Language Scheme creation to be reported to the July Committee


Note the detail of the Corporate Risk Register.

4.2 Finance Update (Verbal)

The Chair invited COL to present the item.

COL provided a verbal update on the financial position.

COL reported that the first month of the new organisation was yet to be closed. However, DHCW can report there were no losses or special payments of note to date. Budget delegations have been completed, signing off with each budget holder their delegated budget for the year. The Standing Financial Instructions have been finalised and will be presented for approval at the DHCW SHA Board on the 27th May.


Note the verbal update from the Executive Director of Finance

Noted None

4.3 Procurement Update (Verbal)

Julie Francis (JF) was invited by the Chair to present the report.

JF explained that future procurement reports to the Committee will contain the compliance position relating to the Standing Financial Instruction. Including:

Single Quotation and Single Tender activity

Address the issues understanding Standing Financial Instructions and Procurement Regulations

Any extensions outside contract terms.

The Chair thanked JF for the update and welcomed the planned report for the next meeting


Noted None

12/17 12/284

Fuller,Sophie

06/29/2021 12:39:32


Note the verbal update from the Head of Commercial Service.

4.4 Declarations of Interest and Gifts and Hospitality

The Chair invited JA to present the item.

JA stated the standards of behaviour policy was approved by the Board on the 1st April 2021. Under the policy there is a requirement to report on Declarations of Interest and declare any offers of gifts and hospitality that has been received. This activity has been previously reported to the Velindre Audit Committee, so will in future be reported to the DHCW Audit and Assurance Committee.

Declarations of Interest are initially being collated for the Board, this will then roll out further to senior managers in the organisation and be led by the Board Secretary.

JA stated that no notice of gifts or hospitality have been received in April 2021.

ACTION – 20210511 – A06: The Declarations of Interest register will be presented to the July Committee.


Note there were no declarations of gifts and hospitality.

Noted The Declarations of Interest register will be presented to the July Committee.

4.5 Estates Compliance Report

The Chair invited JA to present the report referencing the importance of demonstrating compliance with Health and Safety and other estates related legislation.

JA gave an overview of the current compliance status for the estate’s portfolio.

Overall compliance testing has dropped slightly this month to 89%, there is planned work now in motion for the DHCW Compliance Team and the building landlords to improve this position. JA emphasised this work will ensure the compliance will increase in readiness for review at the next meeting.

The report also included details of Health and Safety incidents. The DHCW Safety, Health and Environment group receive detailed inspection reports for each site within the estate to ensure robust scrutiny. DHCW use a third-party supplier for specialist health and safety advice and have done for a number of years as NWIS. The organisation use Datix to record incidents of all kinds not just health and safety. The upgraded cloud-based version of the system will be adopted for incident reporting within the next two to three months.

JA relayed to the Committee DHCW’s commitment to Environmental Management. There is a Sustainability Strategy is in place for the DHCW Estate and JA would be

Noted Update the report to include an Executive Summary

13/17 13/284

Fuller,Sophie

06/29/2021 12:39:32


happy to share with the Committee for information.

The Chair noted the paper gave a lot of detail and would find it helpful to have an Executive Summary analysis.

ACTION - 20210511 – A07: Update the report to include a cover paper / Executive Summary.


Note the Estates Compliance Report.

4.6 Quality & Regulatory Compliance Report

The Chair invited Konrad Kujawinski (KK) to present this item to the Committee.

The quality progress report highlights the new strategy objectives for quality and regulatory, the role of the new department and details the Governance Framework for the department.

KK outlined the key areas within the progress report. There is an ISO 20001 Service Management external regulatory audit planned in the next few months. Additionally, there will be a change audit by the regulator to assess the transition from NWIS to DHCW. With regard to internal regulatory audits, the focus is on improving compliance, roll out of the Quality Management System strengthened through i-Passport and increased evidence-based performance measure.

COL gave a verbal update on the recently launched Cyber Resilience Unit which is enacting the Network Information System (NIS) Directive on behalf of Welsh Government. DHCW will take the leading role in validating and providing assurance to Welsh Government in compliance with the regulation across NHS Wales. After the Directors review it was felt that regulatory responsibility would fall under Quality and Regulatory although further discussion was required to decide which Committee would be most appropriate for reporting purposes.

ACTION – 20210511 – A08: Include the progress update on the Cyber Resilience Unit performance within the Quality and Regulatory Report.


Note the Quality and Regulatory Compliance Report.

Noted Include the progress update on the Cyber Resilience Unit performance within the Quality and Regulatory Report.

5 DOCUMENTS FOR REVIEW

5.1 Risk Management and Board Assurance Framework Strategy

CD provided an overview of the papers included for submission to the Committee. The key areas were

Approved Risk and BAF Strategy

None

14/17 14/284

Fuller,Sophie

06/29/2021 12:39:32


highlighted regarding Risk Management and CD advised the Committee that DHCW had inherited the NWIS approach to Risk Management and the policy was adopted on the 1st April 2021.

The proposal builds on the existing arrangements in place but expands the scope to include not only risk management but Board assurance. The strategy proposes that the DHCW Committees have a role in overseeing and scrutinising risk on the Corporate Risk Register relating to the areas of Committee responsibly. There should be a consistent approach when describing and articulating risks as set out in section 2.4 of the cover paper.

The key milestones for implementing the strategy are included with the view it will take six to nine months to establish the Board Assurance and Risk appetite approach.

For noting, the Board Assurance Framework will be used by the board to identify, monitor and evaluate risks which impact delivery of strategic objectives. This would be used in conjunction with other information which will be presented to Board.

The Board Secretary highlighted the table in 7.18 of the strategy which detailed the scoring of risks for clarity and understanding for the IM’s.

The Chair stated that it was a very important overview in understanding the journey and the steps which needed to be taken.

DT stated from reviewing the strategy the organisation had a good grip of what was required and the importance of getting the organisation and staff to understand the importance of Risk.


Note and endorse the proposed approach to risk and the board assurance

including the milestone plan.

5.2 Model Standing Orders and Standing Financial Instructions

CD confirmed that these have been approved at the DHCW SHA Board meeting on the 1st April 2021.

The Standing Orders (SO’s) which were approved at the DHCW SHA Board meeting did not have a finalised Terms of Reference, the updated documents will be presented for approval at the Board on the 27th May 2021.

COL advised the Standing Financial Instructions (SFI’s) are there as a rulebook although there will be review during the year to ensure compliance and validation.

Noted None

15/17 15/284

Fuller,Sophie

06/29/2021 12:39:32



Note the changes made to the Standing Orders and Standing Financial Instructions.

5.3 Financial Control Procedures

The Chair invited Mark Cox (MC), the Deputy Director of Finance to present the financial control procedures for approval.

MC noted for the Committee that DHCW have worked with partner organisations including Health Education and Improvement Wales (HEIW) to ensure the Financial Control Procedures (FCP’s) for DHCW are modelled on live procedures within other organisations. Work is ongoing with the Finance Academy and the All Wales Governance Group to ensure best practice across the NHS Wales family and any procedures that are reviewed and updated will be presented back to the Audit and Assurance Committee for approval.

Item 5.3ii highlights the procedure for recovery for overpayments to staff. This is setting out the roles and responsibilities for Payroll, workforce and Finance to ensure procedures are in place for ensuring as much preventative action can be taken to mitigate the risk of this happening. MC confirmed that any write offs in relation to overpayments would be presented to the Committee for approval.

MC highlighted to the Committee item 5.3iii the procedure relating to the Integrity and Control of Financial System. This ensure adequate controls around the Oracle financial system, the Financial Accountant who is in charge of monitoring the system will undertake a quarterly audit with any issues being reported to the Audit Committee.

Item 5.3v reference the procedures for Month End Closure and Monitoring Returns for submission to Welsh Government. The reporting requirements have recently been expanded to include the Trace, Track and Protect and mass immunisation financial profiles.

Item 5.3viii outlines the procedure for Accounts Receivable which outlined how income and invoices are generated. As part of the process it is a requirement to chase debt, in some circumstances there will be unrecoverable debt, in that instance it will brought to the Committee for approval.

MC outlined the next steps for finance in DHCW, which will be to ensure all processes and procedures are in line with the FCP’s and the Committee is assured that the appropriate levels of financial control are in place and demonstrable.

The Chair reiterated linking counter fraud and the Financial Control Procedures will be important moving forward.

Approved

16/17 16/284

Fuller,Sophie

06/29/2021 12:39:32



Approve the Financial Control Procedures.

6 OTHER ITEMS

6.1 Items for Chair’s Report to Board

The Chair noted the approved, endorsed and discussed items to be included in the Chair’s report for Board.

Discussed None

6.2 Any other Urgent Business

None to note.Noted None

6.3 Date and Time of Next Meeting: 6th July 2021 Noted None

17/17 17/284

Fuller,Sophie

06/29/2021 12:39:32

100521-DHCW-AA-MDA-d01 1 Amanda Murray

11:30 to 12:00 11/05/21

Teams Call

Chair Marian Wyn Jones

Members Present Title Organisation

Marian Wyn Jones MWJ Independent Member, Chair of the Audit and Assurance Committee

DHCW

Grace Quantock GQ Independent Member, Vice Chair of the Audit and Assurance Committee

DHCW

David Selway DS Independent Member DHCW

Attendees Title Organisation

Claire Osmundsen-Little COL Executive Director of Finance DHCW

Carwyn Lloyd-Jones CLJ Director of Information and Communication Technology

DHCW

Chris Darling CD Board Secretary DHCW

Julie Ash JA Head of Corporate Services DHCW

Jamie Graham JG Acting Head of Cyber Security and Infrastructure Operations Manager

DHCW

Amanda Murray AM Secretariat DHCW

Dave Thomas DT Audit Director Audit Wales

Darren Griffiths DG Audit Manager Audit Wales

James Quance JQ Head of Internal Audit NWSSP Internal Audit

Martyn Lewis ML IT Audit Manager NWSSP Internal Audit

MINUTES, DECISIONS & ACTIONS TO BE TAKEN

AUDIT AND ASSURANCE COMMITTEE - PRIVATE

1/3 18/284

Fuller,Sophie

06/29/2021 12:39:32


Simon Cookson SC Director of Audit & Assurance NWSSP Internal Audit

Nigel Price NP Local Counter Fraud Specialist Counter Fraud

Apologies Title Organisation

Ruth Glazzard RG Independent Member, Vice Chair of the DHCW SHA Board

DHCW

Acronyms

DHCW Digital Health and Care Wales NWIS NHS Wales Informatics Service

SHA Special Health Authority SIEM Security Incident and Event Management

Item No Item Outcome Action

1 PRELIMINARY MATTERS

1.1 Welcome and introductions

The Chair welcomed everyone to the first private session of the Audit and Assurance Committee. The Digital Health and Care Wales (DHCW) Board and Committees are committed to conduct as much formal business in public to ensure openness and transparency. However, on occasions where discussions relating to confidential matters are required, the Chair (advised by the Board Secretary where appropriate) will call a private meeting of the Committee to receive specific items. Items of a sensitive nature have been identified and included for this private session.

Noted None

1.2 Apologies for Absence

It was noted that Ruth Glazzard (Independent Member) has tendered her apologies.

Noted None

1.3 Declarations of Interest

There were no declarations of Interest received

Noted None

2 MAIN AGENDA -

2.1 Cyber Security Internal Audit Report

The Chair invited James Quance (JQ) and Martyn Lewis (ML) to present the item.

JQ led, stating that Cyber Security continues to be a significant risk for all NHS bodies and will therefore, remain

Received for assurance

None

2/3 19/284

Fuller,Sophie

06/29/2021 12:39:32


part of the audit work with DHCW moving forward and would be revisited regularly to provide assurance to the Committee.

ML presented the Cyber Security follow up report. There were two findings highlighted, Which CL-J confirmed were being taken forward.

The Chair was pleased to receive the substantial assurance outcome from the audit and noted the examples of good practice highlighted in the report.


Receive the report for assurance.

2.2 Corporate Risk Register – Cyber Security Risks

The Chair invited Carwyn Lloyd-Jones (CLJ) to present the corporate risks related to Cyber Security, five were presented to the Committee. CL-J talked through the risks including their current status and the mitigating action undertaken to date to reduce the risk and where further action is required. A number of questions were taken and responded to by CL-J.

D Thomas advised for the Committees awareness the Auditor General produced reports including a Cyber Security Report and advised the Committee that these back reports would be made available to DHCW and could be considered at a future Committee meeting in private.

ACTION – 20210511 – A09: CD and MWJ would liaise with Chair of Digital Safety Committee to agree the Cyber Security items that would come to the Audit and Assurance Committee.


Note the contents of the Corporate Risk Register – Cyber Security Risks Report.

Noted CD and MWJ would liaise with Chair of Digital Safety Committee to ascertain whether the Cyber Security items would come to the Audit and Assurance Committee.

3 CLOSING MATTERS

3.1 Items for Chair’s Report to Board

Note the items received in the private session for inclusion in the report to Board.

Discussed None

3.2 Date and Time of Next Meeting: 6th July 2021

Meeting closed at 12.10

Noted None

3/3 20/284

Fuller,Sophie

06/29/2021 12:39:32

ReferenceDate ofMeeting Action/Decision Detail Action Lead Due Date Status/Outcome Narrative Status Revised Action Revised due date Session Type

20210511–A01 11.05.2021Arrange a meeting with GQ, COL, SC, CD and JA to share approaches and learningson RAG ratings. Chris Darling (DHCW – Board Secretary) 06.07.2021

20/06/21 GQ to share information with thegroup and a follow up meeting to be arranged. Underway Public

20210511–A02 11.05.2021Executive team to select a champion for counter fraud to lead internally for theorganisation. Claire Osmundsen-Little (DHCW – Director of Finance) 06.07.2021

21/06/21 Rachael Powell has been nominatedas the Counter Fraud Champion for theorganisation. Complete Public

20210511–A03 11.05.2021JA will ensure the Covid-19 SOP to ensure the requirements for wheelchair usersare explicitly outlined. Julie Ash (DHCW - Corporate Services) 06.07.2021 SOP-CS-037 has been updated Complete Public

20210511–A04 11.05.2021COL and CD to work on the Corporate Risk Register to develop the DHCWapproach for the next meeting. Chris Darling (DHCW – Board Secretary) 06.07.2021

21/06/21 CD has worked with colleagues toreword Corporate Risks in order to follow astructured composition showing impact of riskwithin the description. Underway Public

20210511–A05 11.05.2021Update on the progress of the Welsh Language Scheme creation to be reported tothe July Committee Carwyn Lloyd-Jones (DHCW – Director of ICT) 06.07.2021 Included in Committee pack Complete Public

20210511–A06 11.05.2021 The Declarations of Interest register will be presented to the July Committee. Sophie Fuller (DHCW - Professional Development) 06.07.2021 Included in Committee pack Complete Public

20210511–A07 11.05.2021Update the Estates Compliance Report to include a cover paper / ExecutiveSummary Julie Ash (DHCW - Corporate Services) 06.07.2021

Cover report has been revised for July 2021meeting Complete Public

20210511–A08 11.05.2021Include the progress update on the Cyber Resilience Unit performance within theQuality and Regulatory Report. Konrad Kujawinski (DHCW - Service Management) 06.07.2021

29/06/21 KK has included a Cyber ResilienceUnit report as part of the reporting to thePrivate part of the Committee Complete Public

20210511–A09 11.05.2021CD and MWJ would liaise with Chair of Digital Safety Committee to agree the CyberSecurity items that would come to Audit and Assurance. Chris Darling (DHCW – Board Secretary) 06.07.2021

28/06/21 All Cyber secutiry items will be takenin Priavte by both Committees with the Auditand Assurance Committee reviewing CorporateCyber Risks at least every other meeting. Complete Private

1/1 21/284

Fuller,Sophie

06/29/2021 12:39:32

Digital Health and Care Wales Audit and Assurance Committee Work Programme

Meeting Date

Standing Items and any additional items

Governance Finance Internal Audit External Audit Counter Fraud

Quality Estates, Environment, H&S (placeholder)

6th July 2021

Welcome and Introductions

Minutes Declarations of

interest Action log Review of risk

register relevant to committee

Forward Work Programme

Committee Highlight Report to Board

Audit Tracker

Board Assurance Framework

Risk Assurance Report

Declarations of Interest, Gifts and Hospitalities Report

Welsh Language Scheme Update

Losses and special payments report

Procurements and scheme of delegation report

Internal Audit Progress Report

Internal Audit reviews

ICT Advisory Report

Audit and Assurance Committee updates

Audit Wales review reports

Local Counter Fraud Update Report

Quality and Regulatory Compliance Report

Estates Report

5th October 2021





Risk and Board Assurance Report






Welsh Language Standards Advisory Report



Audit Wales Structured Assessment



Estates Report

1/3 22/284

Fuller,Sophie

06/29/2021 12:39:32



Audit Tracker

Welsh Language Scheme

4th January 2021







Audit Tracker











Estates Report

5th April Welcome and Introductions















Estates Report

2/3 23/284

Fuller,Sophie

06/29/2021 12:39:32


Audit Tracker

3/3 24/284

Fuller,Sophie

06/29/2021 12:39:32

TŶ GLAN-YR-AFON 21 Heol Ddwyreiniol Y Bont-Faen, Caerdydd CF11 9AD

TŶ GLAN-YR-AFON 21 Cowbridge Road East, Cardiff CF11 9AD

Agenda Item

3.1

Name of Meeting Audit and Assurance Committee

Date of Meeting 6 July 2021

Public or Private Public

IF PRIVATE: please indicate reason

N/A

Executive Sponsor Chris Darling, Board Secretary

Prepared By James Quance, Head of Internal Audit

Presented By James Quance, Head of Internal Audit

Purpose of the Report For Assurance

Recommendation

The Committee is asked to:Note the Internal Audit Progress Report.

DIGITAL HEALTH AND CARE WALESINTERNAL AUDIT PROGRESS REPORT 2021/22

NWSSP AUDIT & ASSURANCE SERVICES

1/3 25/284

Fuller,Sophie

06/29/2021 12:39:32

of 3 Author: [INSERT]

Approver: [INSERT]INTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

TEM

-AG-

v7Ef

f-DT-

27/0

1/16

Acronyms

DHCW Digital Health and Care Wales IA Internal Audit

1 SITUATION/BACKGROUND

1.1 This document sets out the progress with the Internal Audit Plan for 2021/22 (the Plan) for Digital Health and Care Wales (DHCW) detailing the audits to be undertaken and the status of each of them. This is a standard format report that will be provided to every meeting of the Audit Committee.

2 SPECIFIC MATTERS FOR CONSIDERATION BY THIS MEETING (ASSESSMENT)

2.1 The Committee is asked to note the Progress Report.

3 KEY RISKS/MATTERS FOR ESCALATION TO BOARD/COMMITTEE

3.1 The Committee provides assurance to the Board that an appropriate Internal Audit programme is in place for the year and is being delivered in accordance with required quality standards.

3.2 The report contains the current status as well as the anticipated meeting dates that the Audit Committee can expect to receive each report based upon current best knowledge. This may be subject to change if circumstances dictate but it is useful to set out expectations.

4 RECOMMENDATIONThe Committee is asked to note the Internal Audit Progress Report.

5 IMPACT ASSESSMENT

WELL-BEING OF FUTURE GENERATIONS ACT A resilient Wales

If more than one standard applies, please list below:

STRATEGIC OBJECTIVE Delivering High Quality Digital Services

CORPORATE RISK (ref if appropriate) The Plan covers corporate risks where appropriate

2/3 26/284

Fuller,Sophie

06/29/2021 12:39:32



TEM

-AG-

v7Ef

f-DT-

27/0

1/16

DHCW QUALITY STANDARDS N/A


HEALTH CARE STANDARD Governance, leadership and acccountability


Due to the nature of Internal Audit coverage all standards are applicable.

EQUALITY IMPACT ASSESSMENT STATEMENT Date of submission:

No, (detail included below as to reasoning) Outcome:Statement:Not required.

APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEChris Darling 21 June 2021 Agreed

IMPACT ASSESSMENT

No, there are no specific quality and safety implications related to the activity outlined in this report.

QUALITY AND SAFETY IMPLICATIONS/IMPACT

No, there are no specific legal implications related to the activity outlined in this report.

LEGAL IMPLICATIONS/IMPACT

No, there are no specific financial implication related to the activity outlined in this report

FINANCIAL IMPLICATION/IMPACT

No, there is no direct impact on resources as a result of the activity outlined in this report.

WORKFORCE IMPLICATION/IMPACT

No. there are no specific socio-economic implications related to the activity outlined in this report

SOCIO ECONOMIC IMPLICATION/IMPACT

3/3 27/284

Fuller,Sophie

06/29/2021 12:39:32


Audit Committee

July 2021

Digital Health and Care Wales

NWSSP Audit and Assurance Services

1/4 28/284

Fuller,Sophie

06/29/2021 12:39:32


June 2021

NWSSP Audit and Assurance Services 2

Contents

1. Introduction 3

2. Progress against the 2021/22 Internal Audit Plan 3

3. Other Activity 3

4. Recommendation 3

Appendix A: Progress against 2021/22 Internal Audit Plan 4

2/4 29/284

Fuller,Sophie

06/29/2021 12:39:32


June 2021


1. Introduction

The purpose of this report is to:

• highlight progress of the 2021/22 Internal Audit Plan for Digital Health and

Care Wales (DHCW) at 21st June 2021 to the Audit Committee; and

• provide an overview of other activity undertaken since the previous meeting.

2. Progress against the 2021/22 Internal Audit Plan

There are 13 individual reviews in the 2021/22 Internal Audit Plan, a further two

which are undertaken at NWSSP and provision for follow-up work.

We have commenced planning for a number of reviews and two are work in progress

at the time of this report. Detailed progress in respect of each of the reviews in the

2021/22 Internal Audit Plan is summarised in Appendix A.

We highlighted at the May meeting of the Audit Committee that the Internal Audit

Plan contained a large number of audits scheduled towards the end of the financial year. This was largely to ensure that management have sufficient time to embed

governance, risk management and control processes in the first year of operation

of DHCW prior to audit.

We have discussed the opportunity to undertake some of these audits earlier with the Board Secretary and we will continue to work together to bring work forward

where possible. The table in Appendix A will evolve to provide the Audit Committee with the anticipated meeting date that it can expect to receive each

report.

3. Other Activity

The following meetings have been held/attended during the reporting period:

• monthly meetings between the Head of Internal Audit and Board Secretary;

• Audit Committee pre-meeting with the Audit Committee Chair;

• induction meetings with the Chair and Chief Executive;

• audit scoping meetings; and

• liaison with senior management.

We have also agreed to support the Board Development session with Audit Wales

to provide an overview of our service to Board members.

We have also produced a summary report of IM&T Control & Risk Assessment advisory reviews that were undertaken at all health boards and two Trusts during

2021/22.

4. Recommendation

The Audit Committee is invited to note the above.

3/4 30/284

Fuller,Sophie

06/29/2021 12:39:32

Internal Audit Progress Report Appendix A


Appendix A: Progress against 2021/22 Internal Audit Plan

1 May be subject to change

Review Status Rating Summary of recommendations Anticipated Audit

Committee1

Corporate

Transitional Plan

Work in

progress Next meeting

Data Analytics Work in

progress Next meeting

Project Assurance Planning Next meeting

System Assurance Planning Next meeting

System Development Planning TBC

Workforce Review Not

started

TBC

Directorate/Service

Review

Not

started

TBC

Core Financial

Systems

Not

started

TBC

Assurance & Risk

Management

Not

started

TBC

Strategic Planning Not

started

TBC

Performance

Management

Not

started TBC

Governance

Arrangements

Not

started TBC

Data Centre Not

started TBC

Follow-up Not

started TBC

Reviews at other bodies (undertaken within NWSSP Plan)

Purchase to Pay Not

started TBC

Payroll Planning TBC

4/4 31/284

Fuller,Sophie

06/29/2021 12:39:32



Acronyms

Agenda Item

3.2





N/A


Prepared By James Quance, Head of Internal Audit

Presented By Martyn Lewis, IT Audit Manager


Recommendation

The Committee is asked to note the report.

DIGITAL HEALTH AND CARE WALESIM&T CONTROL AND RISK ASSESSMENTS –

ADVISORY REVIEWSNWSSP AUDIT & ASSURANCE SERVICES

1/3 32/284

Fuller,Sophie

06/29/2021 12:39:32



TEM

-AG-

v7Ef

f-DT-

27/0

1/16

IM&T Information Management and Technology


1.1 Audit & Assurance Services undertook IM&T Control and Risk Assessments at all health boards and two NHS Trusts in 2020/21. The key objective of these advisory reviews was to establish the processes and mechanisms in place for the management of IM&T and Digital services within the organisations. The reviews sought to provide a baseline picture of the organisation’s status and provide suggestions for areas of improvement or future development.

1.2 Each organisation has received an advisory report which contains considerations for the future that are specific to its circumstances. This summary report seeks to identify common themes and development areas.


2.1 The Committee is asked to note the content of the report as useful background and context to arrangements in the NHS Wales organisations covered in the reviews.


3.1 Any matters for escalation to the Board to be determined by the Committee following consideration of the report.

4 RECOMMENDATIONThe Committee is asked to note the IM&T Advisory report, as item 3.2i.

5 IMPACT ASSESSMENT




CORPORATE RISK (ref if appropriate)

2/3 33/284

Fuller,Sophie

06/29/2021 12:39:32



TEM

-AG-

v7Ef

f-DT-

27/0

1/16






No, (detail included below as to reasoning) Outcome:Statement:Not required.

APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEBoard Secretaries Group June 2021 Agreed

IMPACT ASSESSMENT











3/3 34/284

Fuller,Sophie

06/29/2021 12:39:32

All-Wales Summary Report

IM&T Control and Risk Assessments -

Advisory Reviews

NWSSP Audit and Assurance Services

May 2021

1/16 35/284

Fuller,Sophie

06/29/2021 12:39:32

IM&T Control and Risk Assessments: All Wales Summary Report May 2021


Contents

1. Introduction 3

2. Summary of Consistent Messages 5

3. Control Areas Considered 14

4. Good Practice Examples 15

Review reference All-Wales Summary

Report status Final

Final report issued May 2021

Audit and Assurance Services conform with all Public Sector Internal Audit Standards as

validated through the external quality assessment undertaken by the Institute of

Internal Auditors

Disclaimer notice - please note

This report has been prepared for internal use only. Audit & Assurance Services reports are prepared, in

accordance with the Service Strategy and Terms of Reference, approved by Audit Committees. Advisory

review reports are prepared by the staff of the NHS Wales Shared Services Partnership – Audit and

Assurance Services, and addressed to Independent Members or officers including those designated as

Accountable Officer. They are prepared for the sole use of the organisations referred to herein and no

responsibility is taken by the Audit and Assurance Services Internal Auditors to any director or officer in

their individual capacity, or to any third party.

2/16 36/284

Fuller,Sophie

06/29/2021 12:39:32



1. Introduction

During 2020/21 we completed baseline reviews of the arrangements in place for the management and control of Information Governance (IG) and Information

Communications Technology (ICT) at nine NHS Wales organisations (‘the

organisations’). The organisations reviewed were:

• Aneurin Bevan University Health Board

• Betsi Cadwaladr University Health Board

• Cardiff and Vale University Health Board

• Cwm Taf Morgannwg University Health Board

• Hywel Dda University Health Board

• Powys Teaching Health Board

• Swansea Bay University Health Board

• Velindre University NHS Trust

• Welsh Ambulance Service NHS Trust.

The key objective of the reviews was to establish the processes and mechanisms in place for the management of IM&T and Digital services within the organisations. The

reviews sought to provide a baseline picture of the organisation’s status and provide

suggestions for areas of improvement or future development.

It should be noted that the reviews considered the position in each organisation as a whole and were not restricted to the activities and status within the IM&T department.

Furthermore, there are multiple names in place for the central IM&T function, so for the purpose of this report we have used IM&T to refer to the functions of this

department.

The areas considered within the reviews were:

Information Governance

• The information governance process in place.

• IG policies and procedures in place.

ICT and Security

• ICT responsibilities are clear.

• ICT strategy linked to organisational strategy.

• The ICT governance process in place.

• The funding / resource available for ICT and its sustainability.

• IT security policies and procedures.

• ICT provision and support arrangements across the organisation.

• IT continuity and disaster recovery processes.

3/16 37/284

Fuller,Sophie

06/29/2021 12:39:32



• Compliance against obligations (e.g. GDPR, NIST, PCI DSS etc.)

• The process to track ICT assets.

• IG / ICT risk identification and management.

We used the expected controls derived from the Control Objectives for Information and

Related Technologies (COBIT) 2019 framework for this review and we have reported

using the subheadings of these control processes for governing organisational IT.

COBIT is an IT management framework developed by the Information Systems Audit and Control Association (ISACA) to help organisations develop, organise, and

implement strategies around information management and governance.

Each organisation has received an advisory report which contains considerations for the

future that are specific to its circumstances. This summary report seeks to identify

common themes and development areas.

The sections that follow summarise the following:

• consistent messages from the reviews; and

• examples of good practice.

4/16 38/284

Fuller,Sophie

06/29/2021 12:39:32



2. Summary of Consistent Messages

2.1 Overall position

As part of our assessment we scored the individual controls in place at each organisation against the controls we would expect to be in place under each of the

headings of the framework. These anonymised scores are provided below and have been represented graphically below to illustrate the strengths and potential for

improvement in the organisation’s management of Informatics and digital services.

Control Area/Organisation

1 2 3 4 5 6 7 8 9 Average


100% 97% 94% 100% 83% 100% 100% 81% 94% 94%

Ensured Governance Framework Setting and Maintenance

61% 78% 72% 78% 67% 83% 50% 64% 74% 70%

Managed Compliance with External Requirements

50% 50% 55% 66% 60% 64% 64% 50% 64% 58%

Ensured Risk Optimization

100% 100% 89% 100% 100% 100% 100% 100% 100% 99%

Managed Risk 83% 83% 83% 83% 67% 82% 82% 78% 100% 82%

Managed I&T Management Framework

72% 72% 73% 79% 84% 80% 76% 66% 77% 75%

Managed Strategy 44% 43% 21% 78% 80% 39% 70% 60% 63% 55%

Managed Budget and Cost

74% 79% 79% 74% 74% 74% 74% 74% 68% 74%

Managed Human Resources

62% 29% 47% 35% 67% 53% 67% 29% 60% 50%

Managed Security 50% 64% 61% 75% 43% 64% 79% 36% 36% 56%

Managed Security Services

77% 74% 71% 84% 63% 80% 77% 78% 87% 77%

Managed Assets 67% 81% 52% 100% 72% 76% 76% 64% 88% 75%

Managed Operations 83% 78% 72% 86% 89% 94% 83% 89% 50% 80%

Managed Continuity 79% 31% 32% 66% 71% 79% 55% 52% 62% 59%

Managed Projects 79% 79% 71% 86% 62% 69% 77% 77% 38% 71%

5/16 39/284

Fuller,Sophie

06/29/2021 12:39:32



We note that in general, the position across all the organisations is a consistent one with many areas of commonality in approach to the control environment. Where there

are differences, we note that this largely reflects the different levels of funding and resource provided to a particular area within a particular organisation. These

differences in resource are due to the decisions being made on priorities within

organisations.

2.2 Information Governance

There are established processes for Information Governance (IG) at all the

organisations, with key strategic responsibilities, such as Senior Information Risk

Owner (SIRO) and Caldicott guardian, assigned to appropriate officers.

All Organisations have an IG team in place to support the organisation as a whole.

Suites of IG control documents are in place to support the IG agenda, with these being

available on the intranet, and forming part of induction and organisational training.

IG issues are monitored via Committees, in many cases there are divisional or departmental IG groups underneath this, with local leads for IG which ensures IG is

embedded within the organisation.

All of the organisations have a publication scheme in place, along with a disclosure log

and an Information Asset Register.

We did not consistently identify any areas for consideration for the future, although we

do note that the level of resource available for the IG teams does vary, and in some cases may need to be considered in the context of the level of support needed across

the organisation.

2.3 Ensured Governance Framework Setting and Maintenance

There are formal governance structures in place for IM&T and digital services within

Information GovernanceEnsured Governance

Framework Setting and…

Managed Compliance withExternal Requirements

Ensured Risk Optimization

Managed Risk

Managed I&T ManagementFramework

Managed Strategy

Managed Budget and CostManaged Human Resources

Managed Security

Managed Security Services

Managed Assets

Managed Operations

Managed Continuity

Managed Projects

Average of Scores

6/16 40/284

Fuller,Sophie

06/29/2021 12:39:32



each organisation. There are defined Committees to oversee the governance

arrangements with appropriate committee work plans which include annual reviews of

committee effectiveness.

In some cases there is a level of devolved control over IM&T across organisations, and

these areas do not always directly feed into the defined Committee structure which

reduces the ability of the Committees to fully discharge their responsibilities.

Our internal audit work includes IM&T / Digital. Our reports and the outcomes from our

work is monitored both by Committees, including the Audit Committee and the relevant

IM&T Committee.

We consistently identified the following area for consideration for the future:

• Ensuring that areas with devolved or delegated responsibility for their IM&T are

part of the defined governance structure for IM&T within the organisation.

2.4 Managed Compliance with External Requirements

The policies in place at each organisation are aligned to compliance requirements as

they refer to relevant legislation or standards, and are reviewed periodically or when

there is a significant compliance change.

The relevant committee in each organisation has a remit to gain assurance for the

Board over compliance against relevant legislation, which is set out in the terms of

reference of each committee.

We note a particular item of good practice identified within one organisation, in the

production of an annual Senior Information Risk Officer (SIRO) report which includes

consideration of compliance.

There is identification and monitoring of some of these compliance requirements, in

particular the information governance related items through the Committee. However,

we note that Committees do not have a complete record of what compliance

requirements apply to IM&T within their organisation and so cannot be fully aware of

the assurance they need to seek, or how well their organisations are doing.


• An identification of the full compliance requirements relating to IM&T across the

organisations should be undertaken in order to develop an associated assurance

process.

2.5 Ensured Risk Optimization

The risk management processes for IM&T are mature. There are organisational Risk

Management Strategies in place. These are supported by a formally defined active risk management process which includes a structure for escalation via the Audit or other

relevant Committee.

IM&T risks are monitored with a clear escalation from the IM&T departments to the relevant Committees and management groups, with the greatest risks included on the

organisational risk registers. We note that the maturity of the process does mean that risks are managed within

7/16 41/284

Fuller,Sophie

06/29/2021 12:39:32



lower levels according to the defined processes, however this does mean that executive

and independent members may be unsighted on those risks that have a low likelihood

or total residual score, yet have catastrophic consequences.


• Consideration of establishing a process for periodic reporting of all risks with a severe consequence to the relevant committee to ensure that Board members

are aware of the worst-case scenarios.

2.6 Managed Risk

As noted above, the risk management process works to ensure that executives and independent members are informed of the risks with the highest score.

There is a process for including risks within business cases and risks are considered as part of strategic decisions.

Each organisation ensures the identification and collation of IM&T related risks within a consistent risk register format. The impacts of risks are assessed and actions are

defined to manage the risk within the accepted tolerance levels for the organisation. However, we noted that although there are processes in place to manage issues and

incidents as they occur within organisations, in many cases the link between this process and the risk management process was not fully defined. This may impact on

the rapid recording and global treatment of any underlying risks


• Ensuring that the incident and issue management processes within IM&T is linked

to the risk management process, to ensure that underlying risks to incidents are

identified and included on departmental risk registers.

2.7 IM&T Management Framework

There are formal structures in place within the Informatics or IM&T Directorates and

we note that in many cases these have been, or are being, reviewed and restructured to better fit the organisations and better enable delivery of the Digital Strategies. As

part of this review work the roles and mandates of the departments within the

Directorates are being re-defined.

The placement and scope of the IM&T function has in many cases grown organically from a historical position. We note that in some cases the model for IM&T delivery and

support, whether centralised or not, has also been considered as part of the restructure

work along with the context and placement of IM&T.

We note that in some cases there are steering type groups in place with stakeholder

involvement to oversee and focus digital work and ensure that IM&T is aligned to the

needs of stakeholders.

There are management frameworks in the IM&T Directorates with regular meetings of the senior team occurring which allow for tracking and management of performance

and progress tasks.

Roles and responsibilities for IM&T Directorates functions are made clear via job

descriptions and there is consideration of cover needs and succession planning in the

8/16 42/284

Fuller,Sophie

06/29/2021 12:39:32



operation of the departments in order to minimise the potential disruption in the event

of staff loss.

Policies, procedures and guidelines are in place within all organisations for IM&T related

items, these are subject to regular review and there is usually a webpage for these.

We consistently identified the following areas for consideration for the future:

• Ensure that a process is established to ensure consistency of decisions made for

IM&T and alignment within the organisation as a whole where there is a devolved

level of control over IM&T.

• Ensuring that there is consistency in the application of IM&T policies and guidance where there is devolved control over IM&T. We suggest that in these cases the

IM&T function should develop the guidance which should be applicable to all areas

of the organisations.

• Ensuring that the positioning and role of the IM&T function and the level of support provided within these and within devolved areas is appropriate and

consistent with the implementation of Digital Strategies.

2.8 Managed Strategy

We note that in general there is a Digital Strategy in place within each organisation, and in many cases a review or update position has also been produced. Digital

Strategies are explicitly linked to the organisational strategies and set out the high-

level objectives for delivery. In addition, the organisations’ IMTPs invariably includes a digital section that defines the strategic priorities for IM&T. We do note that in a small

number of cases there is no current Digital Strategy and only the IMTP is providing this

strategic aim for IM&T.

The content of the Digital Strategies differs between the organisations but in most cases they include some baselining of the current strategic position with respect to IM&T,

explain the need for change and include a high level indication of the changes needed

in terms of service, processes, governance and structure.

In general we note that Digital Strategies are available on organisational websites and there has been some communication of the Strategies and the aims. The delivery

process for the Digital Strategies are enabled by the presence of champions for the Digital Strategies, namely the Assistant Directors for Informatics and Clinical Leads for

Information.


• Ensuring that a full baseline of the current strategic position is undertaken, along

with an assessment of digital maturity across key dimensions such as the ‘ability of leadership to leverage technology’, the ‘level of accepted technology risk’, or

the ‘approach to innovation’, ‘culture’ and ‘knowledge level of users’. This will better enable organisations to identify barriers to the implementation of their

Digital Strategies.

• Ensuring that supporting items to Digital Strategy implementation are considered

such as the governance structures needed to oversee and implement the digital

9/16 43/284

Fuller,Sophie

06/29/2021 12:39:32



strategy, reference standards, IM&T capabilities, comparative benchmarks of

good practice, and emerging IM&T service provision.

• Ensuring that single, full prioritised roadmaps for the delivery of Digital Strategies

are developed that identify resource requirements, overlaps and synergies

between projects.

• Ensuring that the communication of Digital Strategies and the aims of these are

refreshed, and a network of champions is developed that can act as a “pull” and take a lead within their department to ensure the embedding of the Digital

Strategies in order to gain traction.

2.9 Managed Budget and Cost

Organisations ensure that prioritisation of capital expenditure is against business cases

or equivalent bids to ensure the appropriate benefits and strategic fit.

Funding is in place for IM&T, both revenue and capital, and there are defined IM&T directorate budgets with good performance monitoring processes and variance

analysis.

However, for some organisations, due to the devolved nature of some systems, the

total expenditure on IM&T for the organisation is difficult to establish. As such, the organisation cannot fully contextualise its IM&T expenditure and benchmark against

good practice.

We note that in most cases the IM&T budgets do not fully reflect the needs of the organisation for ongoing support and maintenance of IM&T and delivery of the Digital

Strategies. Funding for strategic development in particular is unstable, and reliant on individual business case approval and end of year monies. This structural instability in

funding makes it difficult for IM&T departments to effectively plan and may delay the

implementation of Digital Strategies.


• Ensure that the funded budget for IM&T fully reflects the organisation’s

requirements, and that when funding is not fully provided the impact of this on

the delivery of the Digital Strategies is understood and made explicit.

2.10 Managed Human Resources

As noted previously, in many cases the IM&T Directorate has been, or is currently being

reviewed, with the intent to restructure to better fit the needs of the organisation, and

new roles have been identified as part of this process.

IM&T Directorates contain staff who are qualified in various IT skills and training is

provided for IM&T Directorate staff, with training needs identified via the PADR process

and provided within funding limits.

We note that in many cases there has been some assessment of the skills held within the IM&T Directorates, what skills are required in order to support IM&T across the

organisation and to deliver the Digital Strategy and the associated skills gap. However, this process is incomplete overall, or for some organisations has not been started. As

such, organisations are not fully aware of the level of skills currently in place and what

10/16 44/284

Fuller,Sophie

06/29/2021 12:39:32



skills are needed for successful implementation of Digital Strategies. This means that

work to complete structured staff development plans to reduce skills and resource gaps

has not been completed, and this will result in a barrier to Strategy delivery.

In terms of IT related skills within the wider organisations, the Digital Strategies

consider this and some explicitly link to the risks associated with digital exclusion. There are training sessions provided on IT issues across organisations, and there are various

help guides available to staff.


• Ensure that an assessment of the skills and resource levels required to support IM&T and deliver the Digital Strategies is completed. This should be matched to

an assessment of the current skills in place and a structured staffing development

plan produced in order to close the gaps.

2.11 Managed Security

Nearly all organisations have invested in cyber security, with additional resource

provided and cyber security teams established that work to improve the organisation’s position.

There is guidance and training available for cyber security, with alerts and communications issued periodically to all staff. The All Wales training module on cyber

security is available to all staff, however we note that this is not mandatory for all staff

in most organisations.

There is a Security Information and Event Management System (SIEM) in place at each

organisation, although the level of progress with implementing this varies. This enables active monitoring of cyber security within organisations and provides alerts and

warnings.

We note that there is some level of reporting of cyber security within each organisation,

and this varies in content and detail. Risks associated with cyber security are included on risk registers and updates are provided to Committee in relation to this. The

reporting structures at present are not mature enough to have developed a suite of cyber security KPIs which allow an organisation to easily represent its current status

and demonstrate improvements over time.


• Ensure the development and reporting of cyber security KPIs which fully track

the status of cyber security.

• Consider defining the All Wales cyber security module as a mandatory training

requirement for all staff.

2.12 Managed Security Services

Systems for antivirus protection, web and mail filtering have been deployed at all organisations. There has been increased collaboration with national cyber groups

including the NHS Wales Operational Security Service Management Board (OSSMB). Regular alerts are provided as part of this group which are then assessed and acted

upon locally.

11/16 45/284

Fuller,Sophie

06/29/2021 12:39:32



The network is governed by a standard NHS Wales code of connection. The Code of

Connection (CoCo) process is designed to ensure that appropriate levels of assurance

are provided for organisations requiring a connection to the NHS Wales Network.

There are processes in place to ensure that organisational networks are secured using

firewalls. We also note that segmentation is used to differing levels within each

organisation, and some organisations have moved towards device level authentication.

Vulnerability scanning and management, together with intrusion detection, is work in progress in all organisations and part of the cyber security work plans. However, we

note that in many cases this area is one where development has been hampered by a

lack of resource.

2.13 Managed Assets

The risk associated with older equipment is recorded on the risk registers and there is

a programme of replacement for IT assets, although we note that in nearly all cases this is not funded to a level that would ensure replacement within the manufacturer’s

guidelines. We note that each organisation has some kind of register to record ICT assets, however

we further note that these are sometimes incomplete or out of date. In addition, these records do not always include the configuration status of assets.

There are processes in place within each organisation for patching and updating IT

equipment, and this process allows for sensitive servers to be patched later to avoid update faults, although we note that in many cases this is not set out in a formal

procedure document. Each organisation has a process in place to allow for the secure disposal of IT equipment

that ensures data is kept secure and allows assets to be tracked to disposal.

2.14 Managed Operations

Within all organisations, risks to the operation of IM&T services are considered, with mitigations in place for the key risks such as fire and loss of power to servers.

Previous audit work across NHS Wales has noted that server rooms are kept secure and clear of waste. The main server rooms have air conditioning and there is a process

in place for monitoring the environment of the server rooms using equipment that ensures warnings are produced in the event of abnormal temperature, humidity or

smoke conditions. We note that designed architectures are resilient with the use of virtualisation which

minimises the risks associated with the loss of individual servers.

The main rooms have dual power supplies to ensure continuity, along with Uninterruptible Power Supply (UPS) in place for the servers with enough capacity to

ensure a full power load. Emergency generators are operational on each site and there

are regular tests of these.

2.15 Managed Continuity

As we note above IM&T departments have enacted resilient architectures using

virtualisation and multisite locations so threats to service loss have been managed down as much as possible.

There are organisational continuity policies in place, and business continuity plans for

12/16 46/284

Fuller,Sophie

06/29/2021 12:39:32



IM&T functions. There is also disaster recovery documentation within organisations

that allow for specific services to be recovered in the event of an outage. We note however, that in many cases the Disaster Recovery plans have been developed

in isolation and there is no guarantee that they would be sufficient in the event of a

large outage affecting multiple systems.

In addition, there is often a gap at the organisational level in that there is not always a

single continuity plan or statement which identifies the business critical activities. As such, there is no full assessment of potential disruptive scenarios, the mitigations put

in place for these and the residual potential impact of these over time. As a consequence, the level of continuity provided is defined by IM&T and the services may

not fully understand the current position, have not agreed the recovery time objective / recovery point objective (RTO / RPO) and not been provided with potential options

for enhanced continuity provision should the service feel it necessary.

Organisations understand the need for ensuring the backup of data and there are data

backup programs in place with backups tested for integrity.


• Consider the development of a holistic IM&T business continuity plan (BCP) which includes all services used within the organisation, identifies the business critical

services and provides an agreed level of continuity in terms of RTO / RPO.

2.16 Managed Projects

There are records of all IM&T projects underway and organisations understand the need

for good project governance. IT projects are run in accordance with PRINCE2 methodology and procedures, guidance and templates for project management are

place. The IM&T departments includes project managers with the appropriate

certification, and training is provided on project management to IM&T Department staff.

The overall objective of the review was to assess the adequacy of management

arrangements for the production of the Sustainability Report within the Annual Report.

The review focused on the 2019/20 Sustainability Report, as provided on the 12th June 2020, which will be published within the Annual Report. The scope of the audit review

was limited to the following aspects:

• The sustainability statement developed by the Health Board meets the

requirements of Welsh Government Guidance; and

• Completeness of data included within the Statement.

13/16 47/284

Fuller,Sophie

06/29/2021 12:39:32



3. Control Areas Considered

The control areas considered as part of our reviews are based on the Control Objectives

for Information and Related Technologies (COBIT) 2019 framework, and are as below:

• Information Governance;

• Ensured Governance Framework Setting and Maintenance;

• Managed Compliance with External Requirements;

• Ensured Risk Optimization;

• Managed Risk;

• Managed I&T Management Framework;

• Managed Strategy;

• Managed Budget and Cost;

• Managed Human Resources;

• Managed Security;

• Managed Security Services;

• Managed Assets;

• Managed Operations;

• Managed Continuity; and

• Managed Projects.

14/16 48/284

Fuller,Sophie

06/29/2021 12:39:32



4. Good Practice Examples

This section provides some examples of good practice based upon our work across the organisations. Please note that this is not an exhaustive list of good practice across the

nine organisations.

• The use of a SIRO report to summarise the position on an annual basis, and this

includes consideration of compliance.

• Where there is devolved control for IM&T, the use of processes to integrate

departments into the governance structure, with digital groups established within

services.

• The development of a strategy roadmap whereby the Digital Strategy is grouped

into programmes, and the specific projects and infrastructure items have been

identified to deliver the Digital Strategy.

• The development of a mechanism to ensure that the Digital Strategy and its aims are embedded within the organisation, with a network of monthly service digital

groups to enable the interface between digital services and the delivery service.

• The maintenance of a prioritised register for capital expenditure to ensure the

appropriate benefits and strategic fit for IM&T projects.

• An assessment of the resource levels required to support the organisation and

deliver the Digital Strategy, with subsequent IM&T directorate workforce planning

undertaken.

• The consideration of the IT skills across the wider organisation and patient groups

within the Digital Strategy and initiatives in place to minimise digital exclusion.

• The use of exercises which simulate a phishing attack to raise awareness of cyber

security and identify any particular areas of weakness.

• The development of a cyber-incident response plan.

• The development and maintenance of a configuration management database

(CMDB) for IT assets.

• The development of a continuity document that is focussed on service disaster recovery (DR), with services ranked according to priority to the organisation,

based on a business impact analysis and in discussion with departments, with

RTO / RPO being agreed.

15/16 49/284

Fuller,Sophie

06/29/2021 12:39:32



Office details:

Audit and Assurance Services

4-5 Charnwood Court Heol Billingsley Parc Nantgarw

Cardiff

CF15 7QZ

Contact details:

Simon Cookson, Director of Audit & Assurance – [email protected]

James Quance, Head of Internal Audit – [email protected]

16/16 50/284

Fuller,Sophie

06/29/2021 12:39:32

mailto:[email protected]




Agenda Item

3.3





N/A

Executive Sponsor Claire Osmundsen-Little, Executive Director of Finance

Prepared By Darren Griffiths, Audit Wales

Presented By Dave Thomas, Audit Wales


Recommendation

The Committee is being asked to Receive the report for assurance.

DIGITAL HEALTH AND CARE WALESAUDIT WALES UPDATE COVER REPORT

1/4 51/284

Fuller,Sophie

06/29/2021 12:39:32

Audit Wales Update Cover Report Page 2 of 4 Author: Darren Griffiths

Approver: Darren GriffithsINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

DHCW Digital Health and Care Wales AW Audit WalesEA External Audit


1.1 The paper at item 3.3i Appendix A provides an update on current and planned Audit Wales work at DHCW.

1.2 The report includes updates on financial audit work, performance audit work, details of good practice events and resources, and a list of NHS-related audit reports published by Audit Wales since September 2020.


2.1 With regard to financial audit, Audit Wales have commenced some audit planning procedures ahead of the main accounts audit work which will take place later in the year in preparation for the audit opinion due for publication around June 2022 in line with the national timetable.

2.2 With regard to performance audit, a baseline structured assessment will be undertaken during 2021 in line with the Auditor General’s duty to satisfy himself that DHCW has made proper arrangements for securing economy, efficiency, and effectiveness in its use of resources. The work will start in July 2021 with a view to presenting the findings to the Audit and Assurance Committee in October 2021.

2.3 In response to the COVID-19 pandemic, Audit Wales has established a COVID-19 Learning Project to share learning across the public sector during the pandemic. Further information about the COVID-19 Learning Project is available here.

2.4 Audit Wales has published a number of NHS-related reports since September 2020 which may be of interest to the DHCW Audit and Assurance Committee.


3.1 No matters for escalation to the Committee.

2/4 52/284

Fuller,Sophie

06/29/2021 12:39:32

https://audit.wales/our-work/covid-19



4 RECOMMENDATIONThe Committee is being asked to:Receive the report for assurance.

5 IMPACT ASSESSMENT


If more than one standard applies, please list below:A healthier Wales




If more than one standard applies, please list below:Effective Care

EQUALITY IMPACT ASSESSMENT STATEMENT Date of submission: N/A

No, (detail included below as to reasoning) Outcome: N/AStatement:Not required for this report.


CORPORATE RISK (ref if appropriate) The audit work will specifically cover corporate risks where appropriate

APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOME

3/4 53/284

Fuller,Sophie

06/29/2021 12:39:32



IMPACT ASSESSMENT











4/4 54/284

Fuller,Sophie

06/29/2021 12:39:32

https://gov.wales/socio-economic-duty-scrutiny-framework-html

Audit Committee Update – Digital Health and Care Wales

Date issued: June 2021

Document reference: 2458A2021-22

1/8 55/284

Fuller,Sophie

06/29/2021 12:39:32

This document has been prepared for the internal use of Digital Health and Care

Wales as part of work performed/to be performed in accordance with statutory

functions.

The Auditor General has a wide range of audit and related functions, including

auditing the accounts of Welsh NHS bodies, and reporting on the economy, efficiency,

and effectiveness with which those organisations have used their resources. The

Auditor General undertakes his work using staff and other resources provided by the

Wales Audit Office, which is a statutory board established for that purpose and to

monitor and advise the Auditor General.

Audit Wales is the non-statutory collective name for the Auditor General for Wales and

the Wales Audit Office, which are separate legal entities each with their own legal

functions as described above. Audit Wales is not a legal entity and itself does not have

any functions.

© Auditor General for Wales 2021. No liability is accepted by the Auditor General or

staff of the Wales Audit Office in relation to any member, director, officer or other

employee in their individual capacity, or to any third party, in respect of this report.

In the event of receiving a request for information to which this document may be

relevant, attention is drawn to the Code of Practice issued under section 45 of the

Freedom of Information Act 2000. The section 45 Code sets out the practice in the

handling of requests that is expected of public authorities, including consultation with

relevant third parties. In relation to this document, the Auditor General for Wales, the

Wales Audit Office and, where applicable, the appointed auditor are relevant third

parties. Any enquiries regarding disclosure or re-use of this document should be sent

to Audit Wales at [email protected].

2/8 56/284

Fuller,Sophie

06/29/2021 12:39:32


Contents

Page 3 of 8 – Audit Committee Update – Digital Health and Care Wales

Audit Committee Update

About this document 4

Financial audit update 4

Performance audit update 4

Good practice events and products 4

Recent NHS-related reports 5

3/8 57/284

Fuller,Sophie

06/29/2021 12:39:32

Audit Committee Update

Page 4 of 8 – Audit Committee Update – Digital Health and Care Wales

About this document

1 This document provides the Audit and Assurance Committee with an update on

current and planned Audit Wales work. Accounts and performance audit work are

considered, and information is also provided on the Auditor General’s wider

programme of national value-for-money examinations and the work of our Good

Practice Exchange (GPX).

Financial audit update

2 Digital Health and Care Wales (DHCW) has decided to prepare a fifteen-month set

of financial statements to 31 March 2022. We have commenced some audit

planning procedures (principally to gain an understanding of the entity) but our

main accounts audit work will commence later in this year in preparation for

providing an opinion on the accounts in around June 2022 (in line with the national

timetable).

Performance audit update

3 It has been agreed that we will undertake a baseline structured assessment at

DHCW during 2021 in line with the Auditor General’s duty to satisfy himself that the

Strategic Health Authority has made proper arrangements for securing economy,

efficiency, and effectiveness in its use of resources. Our work will include, but not

necessarily be limited to, an assessment of:

• overall governance and assurance arrangements including the effectiveness of

the Board and its sub-committees, risk management and internal control;

• strategic planning;

• engaging/working in partnership with others;

• financial, workforce and asset management; and

• information technology and governance.

4 We plan to start our work in July 2021 with a view to presenting our findings to the

Audit and Assurance Committee in October 2021.

Good practice events and products

5 In addition to the audit work set out above, we continue to seek opportunities for

finding and sharing good practice from all-Wales audit work through our forward

planning, programme design and good practice research.

6 In response to the COVID-19 pandemic, we have established a COVID-19

Learning Project to support public sector efforts by sharing learning through the

pandemic. This is not an audit project; it is intended to help prompt some thinking

4/8 58/284

Fuller,Sophie

06/29/2021 12:39:32

of 8 - Audit Committee Update – Digital Health and Care Wales

and support the exchange of practice. We have produced a number of outputs as

part of the project which are relevant to the NHS, which are available here.

7 As part of this project, we held a COVID-19 Learning Week in March 2021.

During the course of the week, we held a number of live events and shared a

number of useful resources which included pre-recorded video interviews with

colleagues across public services, blogs, and podcasts. All of the resources

shared during the week are available here. The themes covered during the week

were:

• The role of communities during the COVID-19 pandemic;

• Crisis Governance;

• Dynamic Strategy;

• The impact of COVID-19 on the workforce;

• Communication and engagement.

8 Details of future good practice events are available on the GPX website.

Recent NHS-related reports

9 Exhibit 1 lists all of the NHS-related reports we have published since September

2020 which may be of interest to the Audit and Assurance Committee. These are

a combination of all-Wales summaries of work undertaken locally in the NHS and

relevant national value for money studies. National value for money studies are

typically funded through the Welsh Consolidated Fund and are presented to the

Public Accounts Committee to support its scrutiny of public expenditure. The

reports most relevant to DHCW are marked with an asterisk.

Exhibit 1 – NHS-related reports published by Audit Wales since September 2020

Title and Link Publication Date

The Refurbishment of Ysbyty Glan Clwyd September 2020

Cracking the Code: Management of Clinical Coding

Across Wales *

September 2020

10 Opportunities for Resetting and Restarting the

NHS Planned Care System *

September 2020

Better law making: the implementation challenge September 2020

5/8 59/284

Fuller,Sophie

06/29/2021 12:39:32

https://audit.wales/our-work/covid-19

https://www.audit.wales/our-work/covid-19

https://www.audit.wales/forthcoming-events

https://www.audit.wales/publication/refurbishment-ysbyty-glan-clwyd

https://www.audit.wales/publication/cracking-code-management-clinical-coding-across-wales

https://www.audit.wales/publication/cracking-code-management-clinical-coding-across-wales

https://www.audit.wales/publication/10-opportunities-resetting-and-restarting-nhs-planned-care-system

https://www.audit.wales/publication/10-opportunities-resetting-and-restarting-nhs-planned-care-system

https://www.audit.wales/publication/better-law-making-implementation-challenge

of 8 - Audit Committee Update – Digital Health and Care Wales

Title and Link Publication Date

The National Fraud Initiative in Wales 2018-20 October 2020

Welsh Community Care Information System * October 2020

NHS Wales Finances Data Tool October 2020

Procurement and supply of PPE during the COVID-19

pandemic - Observations of the Auditor General as at

December 2020

December 2020

Cyber resilience in the public sector * January 2021

Doing it Differently, Doing it Right? * January 2021

Test, Trace, Protect in Wales: An Overview of

Progress to Date *

March 2021

Procuring and Supplying PPE for the COVID-19

Pandemic

April 2021

Welsh Health Specialised Services Committee

Governance Arrangements

May 2021

Rollout of the COVID-19 vaccination programme in

Wales *

June 2021

NHS Wales Finances Data Tool - Up to March 2021 June 2021

6/8 60/284

Fuller,Sophie

06/29/2021 12:39:32

https://www.audit.wales/publication/national-fraud-initiative-wales-2018-20

https://www.audit.wales/publication/welsh-community-care-information-system

https://www.audit.wales/data-analytics/mid-year-financial-position

https://www.audit.wales/publication/procurement-and-supply-ppe-during-covid-19-pandemic



https://www.audit.wales/publication/doing-it-differently-doing-it-right

https://www.audit.wales/publication/test-trace-protect-wales-overview-progress-date

https://www.audit.wales/publication/test-trace-protect-wales-overview-progress-date

https://www.audit.wales/publication/procuring-and-supplying-ppe-covid-19-pandemic

https://www.audit.wales/publication/procuring-and-supplying-ppe-covid-19-pandemic

https://www.audit.wales/publication/welsh-health-specialised-services-committee-governance-arrangements

https://www.audit.wales/publication/welsh-health-specialised-services-committee-governance-arrangements

https://www.audit.wales/publication/rollout-covid-19-vaccination-programme-wales

https://www.audit.wales/publication/rollout-covid-19-vaccination-programme-wales

https://www.audit.wales/publication/nhs-wales-finances-data-tool-march-2021

7/8 61/284

Fuller,Sophie

06/29/2021 12:39:32

Audit Wales

24 Cathedral Road

Cardiff CF11 9LJ

Tel: 029 2032 0500

Fax: 029 2032 0600

Textphone: 029 2032 0660

E-mail: [email protected]

Website: www.audit.wales

We welcome correspondence and telephone calls in Welsh and English. Rydym yn croesawu gohebiaeth a

galwadau ffôn yn Gymraeg a Saesneg.

8/8 62/284

Fuller,Sophie

06/29/2021 12:39:32


http://www.audit.wales/



Agenda Item

3.4





N/A

Executive Sponsor Claire Osmundsen-Little, Director of Finance & Business Assurance

Prepared By Julie Ash, Head of Corporate Services

Presented By Julie Ash, Head of Corporate Services

Purpose of the Report For Discussion/Review

Recommendation

The Committee is being asked to:Receive and discuss this report.

DIGITAL HEALTH AND CARE WALESDHCW AUDIT ACTION LOG

1/4 63/284

Fuller,Sophie

06/29/2021 12:39:32

of 4 Author: Julie Ash

Approver: Claire Osmundsen-LittleINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

DHCW Digital Health and Care Wales


This paper details the current position with respect to audit recommendations that have been made, including those that have been completed during the period, those that are on schedule, those that are overdue and those anticipated to not meet target dates. The audit recommendation analysis (section 2) shows how progress is being made against the recommendations and illustrates the on-going movement and change of status.

2 SPECIFIC MATTERS FOR CONSIDERATION BY THIS MEETING (ASSESSMENT) The audit log shows the current reported status against recommendations received. The analysis below shows all recommendations giving the current status of each recommendation which remained open at the last Digital Health & Care Wales (DHCW) Audit and Assurance Committee and also those presented in report form to the Committee since presentation of the last log (item 3.4i).

There were 11 actions reviewed at the last meeting where 4 were closed leaving a total of 7 open actions. The Committee received two reports at the last meeting containing 3 recommendations.

The number of actions open now totals 10, which includes 3 new actions from the latest reports relating to Cyber Security and Supplier Management Follow-up (note: Cyber Security actions detail to be reviewed in private Committee).

Number RAG Status6 GREEN Complete

4 YELLOW Indicates that the action is on target for completion by the agreed date0 AMBER Indicates that the action is not on target for completion by the agreed

date0 RED Indicates that the implementation date has passed and management

action is not complete

In particular, the Committee are requested to note: Six actions are now marked as complete:

The approval of a validated plan for Server 2008 removal and the governance arrangements for monitoring progress;

Reference to the Gold, Silver, Bronze Command Structure utilised in event of emergency responses is now specifically referred to in the DHCW Business Continuity Plan;

Arrangements for joint working with other organisations in the event of emergency situations are referred to in the DHCW Business Continuity Plan;

The ability to make deviation from Standing Operating Procedures in the event of emergency is set out in the Business Continuity Plan;

The Evaluation Report template has been amended to include a new table to state who has signed off the specification. The report is now clear on who has approved the specification and who is on

2/4 64/284

Fuller,Sophie

06/29/2021 12:39:32



the evaluation panel (these can differ). The Commercial Services team have been reminded of the version control process and that all email approvals from contributors must be saved on file;

An action relating to a finding from the Cyber Security Audit is complete and signed off by Internal Audit.

Aside from the completed actions, those remaining are on target for implementation by the agreed target date.

Actions from any new reports received by the Committee will be added following the meeting.


Management of Audit Actions is to be moved to a SharePoint list replacing the existing manual process.

4 RECOMMENDATIONThe Committee is being asked to:Receive and discuss this report.

5 IMPACT ASSESSMENT



DHCW QUALITY STANDARDS ISO 9001





No, (detail included below as to reasoning) Outcome:Statement: EQIA not required for Audit Action Log Report.



3/4 65/284

Fuller,Sophie

06/29/2021 12:39:32




IMPACT ASSESSMENT

Yes, please see detail belowQUALITY AND SAFETY IMPLICATIONS/IMPACT Monitoring of progress against audit recommendations.

Yes, please see detail belowLEGAL IMPLICATIONS/IMPACT Some actions arise as a result of new legislation.







4/4 66/284

Fuller,Sophie

06/29/2021 12:39:32

Item 3.4i

Audit Action Plan Green - Action complete

Yellow - Action on target to be completed by agreed date

Orange - Action not on target for completion by agreed date

Red - Implementation passed management action not complete

Digital Health & Care WalesOutstanding Actions

Recommendation

Prio

rity Management Action Responsible

Manager/Department

AccountableOfficer

Current/ RevisedImplementationDate St

atus Comments

Audit Committee

External Audit - WAO - Nationally Hosted NHS IT Systems Annual Audits

2020,1

LASPAR is written in an oldprogramming language in which NWIShave NWIS have limited skills andapplication development capacity. Weunderstand that the applicationtechnology platform is de-supported in2020 and NWIS should plan to migrateto a controlled environment to enablesupport for LASPAR to continue orconsider a new technology platform.

Medium Migrate to a controlled environment to enable

support for LASPAR to continue or consider a newtechnology platform.

Gary Bullock/Stephen Price

Helen Thomas aug-21

Yellow - Action on target

to be completed by agreed

date

An options paper is being preparedfor consideration and thenimplementation.

2020,2

We were made aware in our 2019-20fieldwork that the management of one ofthe two National Data Centres notifiedNWIS of their intention to exit from DataCentre Services during 2021/22.

High NWIS should identify alternatives for additional data

centre services, plan and manage the transition tothe new data centre site by October 2021

Carwyn Lloyd-Jones/JamieGraham

Helen Thomas okt-21

Yellow - Action on

target to be

completed by agreed

date

The contract for the existing DataCentre will end in late 2021 and NWIShave a timetabled plan to leave bySummer 2021. A new datacentrelocation has been procured, and thecontract awarded.

NWSSP FindingsINF1b Firmware, BIOS and OS on

infrastructure components should bekeep up to date, in particular whencritical vulnerabilities have beenidentified. Old infrastructure componentsshould be identified and prioritised forreplacement to enable the most effectiveuse of the WG monies.

High

Server 2008 Removal Carwyn Lloyd-Jones/JamieGraham

Helen Thomas apr-21

Green - Action Com

plete Complete. A validated plan is now in

place which is monitored weekly byDirectors.

1/4 67/284

Fuller,Sophie

06/29/2021 12:39:32

RES1 The BCP should be amended to includethe requirement to create a commandstructure and maintain decision logs.

Medium

The BCP will be updated to include reference to acommand structure and the maintenance ofdecision/action logs.

ClaireOsmundsen-Little//Julie Ash

Helen Thomas jun-21

Green - Action

Com

plete

Complete. BCP has been updatedand re-published in IMS.

RES2 The agreements made during the Covidresponse should be further developedinto formal partnerships with otherorganisations to provide mutual supportfor future disruptions. M

edium

Reference to support and partnership arrangementswill be included in the Business Continuity Plan.


Helen Thomas jun-21

Green - Action

Com

plete


RES3 The ability to relax standard operatingprocedures should be clearly statedwithin continuity and emergency plandocumentation. This should includeguidance for when it is acceptable andthe requirements to record when itoccurs, document risk and ensureappropriate governance is maintained.

Medium

Guidance will be provided as part of the BusinessContinuity Plan documentation and will include therequirement for robust recording of any suchrelaxations.


Helen Thomas jun-21

Green - Action

Com

plete


RES4 The NWIS vision should be prominent onstaff communication channels such asthe website and newsletters in order tofurther develop the shared culture andmission. Lo

w

As part of the transition to the new Special HealthAuthority, Digital Health & Care Wales, we will beconfirming the Strategic Objectives and Vision for thenew organisation with our new Board and ensurethat this is widely communicated.

MichelleSell/Gill Friend

Helen Thomas jun-21

Yellow - Action on

target to be

completed by agreed

date

Communications Team to confirmStrategic Objectives and Vision fornew organisation followingconsultation with Board.

SM1 The evaluation report for each contractnotes that the evaluation panel hassigned off the specification and the filescontained draft versions with notes fromsome contributors.

Medium

Implement process to ensure evaluation panel hassigned off specifications

MichelleSell/JulieFrancis

Helen Thomas jun-21

Green - Action Com

plete

Action Complete. The EvaluationReport template has been amendedto include a new table to state whohas signed off the specification. Thereport is now clear on who hasapproved the spec and who is on theevaluation panel (these can differ).The Commercial Services team havebeen reminded of the version controlprocess and that all email approvalsfrom contributors must be saved onfile.

CS1 Cyber Security Action

Medium

Planned Action Carwyn Lloyd-Jones/JamieGraham

Helen Thomas mar-22

Yellow -

Action on

target to be

completed by

agreed dateTo be monitored in Private Session

CS2 Cyber Security Action

Medium Planned Action Carwyn Lloyd-

Jones/JamieGraham

Helen Thomas mai-21

Green -

Action

Com

plet

e

Action complete

2/4 68/284

Fuller,Sophie

06/29/2021 12:39:32

Audit Action Plan Green - Action complete


Orange - Action not on target for completion by agreed date

Red - Implementation passed management action not complete

Third Party ActionsOutstanding Actions

Recommendation

Prio

rity Management Action Responsi

bleManager/Department

AccountableOfficer

Current/RevisedImplementationDate

Stat

us CommentsAudit Committee

External Audit - WAO - Nationally Hosted NHS IT Systems Annual Audits

2016,1

NHS Digital (formerly known as HSCIC) aredecommissioning the NHAIS system andreplacing the functionality with a third partysupplier system from Capita for thepayments engine for calculating generalmedical services payments. NHS Digitalare also developing the demographicregistration and reporting systems requiredto replace NHAIS functionality. For NHSWales, NWIS and NWSSP are consideringthe system replacement options for Welshrequirements as NWIS also support anddevelop the Welsh Demographic System(WDS).

Medium NWIS should, as they manage, support

and develop the Welsh DemographicSystem (WDS) plan to provide therequired functionality for NHS Wales indeveloping the WDS for patientdemographic purposes.

GaryBullock/Ken Leake

HelenThomas

jul-22

Yellow - Action on target to be completed by

agreed date

NWIS met with NHS Digital inNovember 2020 where theyconfirmed they are still not in aposition to give us revised dates forthe start of decommissioning.NHS Digital are currently not in aposition to provide dates for keyCapita deliverables. The WDSPhase 3 development will be alignedwith these timescales but more clarityis needed from England beforesubstantive work can take place. Weare advised that the implementationdate is unlikely to be before January2022, and may take up to 6 monthsto complete.

3/4 69/284

Fuller,Sophie

06/29/2021 12:39:32

2018,1

Review the age of the NHAIS servers used,some of which are approaching nine yearsold. NWIS should then liaise with NWSSPto agree a server replacement schedule orconsider what mitigating controls can be putin place for service availability andresilience.

Medium Although the NHAIS infrastructure is

approaching 10 years of age, the teamhave contacted HP to enquire as to theEOSL (End of Support Life). Hewlett-Packard (HP) have confirmed that forkey pieces of hardware, the c7000Blade Enclosures and the BL860cblades, no EOSL is in place currently.Based on this response, there is nopressing need to considerreplacements. NWIS will contact HPevery six months to confirm the position.

GaryBullock/StephenPrice

HelenThomas

mar-22


A key part of the NHAIS infrastructurewill reach EOSL on 31/12/2021.Hewlett Packard have assessed therequirements for replacing the WelshNHAIS infrastructure and supplied uswith an indicative quote. NWSSP arepreparing a business case to assessoptions which include a. Do nothing,and accept risk, b. Replace - usingthe HP quote for cost comparison c.NI hosting option or d. NHS Digitalhosting option (NI have sinceconfirmed that they cannot host soNWSSP also considering third partyhosting. A meeting has beenschedule for 8th June for DHCW toassist with preparation of thebusiness case. Adoption of thereplacement PCRM (Primary CareRegistration Management) product isscheduled for December 2021 withthe decommissioning of NHAIS dueto start in January 2022. However,NWSSP plan to retain the NHAISinfrastructure for up to seven yearspost-decommissioning so that accessto the legacy data remains.Therefore, all aspects of theinfrastructure will need to remainsupported beyond decommissioning.

4/4 70/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

3.5


Date of Meeting 6th July 2021



N/A

Executive Sponsor Claire Osmundsen-Little, Executive Director of Finance & Business Assurance

Prepared By Nigel Price, Local Counter Fraud Specialist

Presented By Nigel Price, Local Counter Fraud Specialist

Purpose of the Report For Noting

Recommendation

The Committee is being asked to:NOTE this progress report

DIGITAL HEALTH AND CARE WALESCOUNTER FRAUD REPORT

1/3 71/284

Fuller,Sophie

06/29/2021 12:39:32

Counter Fraud Update Cover Report Page 2 of 3 Author: Nigel Price

Approver: Nigel PriceINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

LCFS Local Counter Fraud Specialist NHS National Health ServiceCFA Counter Fraud Authority


1.1 In compliance with the Directions on Countering Fraud in the NHS, Counter Fraud is required to provide updates to the Audit and Assurance Committee on the work that has been carried out against the agreed work-plan.


2.1 The attached update report at Appendix A (item 3.5i) provides the Audit Committee with an update for the period ending 30th June 2021. It provides updates on the 4.5 days of counter fraud work undertaken for the organisation.

Activity StatusCurrent Cases NilFraud Awareness Training None held in this quarter, dates are to be confirmedNational Fraud Initiative Not applicable to DHCW this financial yearCounter Fraud Plan Submitted


3.1 None

4 RECOMMENDATIONThe Committee is being asked to:NOTE this progress report

5 IMPACT ASSESSMENT

WELL-BEING OF FUTURE GENERATIONS ACT A prosperous Wales



2/3 72/284

Fuller,Sophie

06/29/2021 12:39:32

Counter Fraud Update Cover Report Page 3 of 3 Author: Nigel Price

Approver: Nigel PriceINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY




HEALTH CARE STANDARD Staff & Resources



No, (detail included below as to reasoning) Outcome: N/AStatement:EQIA is not required for the Counter Fraud Update Report.


IMPACT ASSESSMENT





Yes, please see detail belowFINANCIAL IMPLICATION/IMPACT Good financial governance and management





3/3 73/284

Fuller,Sophie

06/29/2021 12:39:32

Digital Health & Care Wales

Audit & Assurance Committee 6th July 2021Counter Fraud Update

Nigel PriceCounter Fraud Cardiff and Vale University Health Board

1/4 74/284

Fuller,Sophie

06/29/2021 12:39:32

1 | P a g e

AUDIT COMMITTEE 6th July 2021

COUNTER FRAUD UPDATE

1: Introduction

2: Case updates

3: Progress & general matters

Appendix 1: Summary

Mission Statement

To provide the DHCW with a high-quality NHS Counter Fraud Service, which ensures that any report of fraud is investigated in accordance with the Directions for Countering Fraud in the NHS and all such investigations are carried out in a professional, transparent and cost-effective manner.

2/4 75/284

Fuller,Sophie

06/29/2021 12:39:32

DHCW Page 2COUNTER FRAUD UPDATE AUDIT COMMITTEE – 6th July 2021

1. INTRODUCTION

1.1 In compliance with the Directions on Countering Fraud in the NHS, Counter Fraud is required to provide updates to the Audit and Assurance Committee on the work that has been carried out against the agreed work-plan.

This report provides the Audit Committee with an update for the period ending 30th June 2021.

2. CURRENT CASE UPDATE

2.1 for the period ending 30th June 2021 a total of 4.5 days have been spent on counter fraud work for DHCW, a breakdown of this is detailed in Appendix 1.

2.2 There are no investigations linked to DHCW

3. PROGRESS AND GENERAL ISSUES

3.1 Fraud Awareness Presentations

Face-to-face fraud awareness sessions for all staff are temporarily cancelled due to COVID-19 restrictions but sessions can be conducted through Microsoft Teams. Arrangements to deliver sessions throughout the year are being made with the organisation. A counter fraud newsletter was sent to the organisation on 13th May 2021.

3.2 National Fraud Initiative 2020/21

The NFI is designed to help Public Bodies build their fraud detection capability through data matching at a national level since fraud is a diverse and evolving crime. In relation to the requirement on DHCW to submit the required data, arrangements have been made with NWSSP colleagues (i.e. Procurement and Payroll) for the required data to be made available and in the required format to meet the deadlines. In addition, Fair Processing Notices were included on staff payslips. The data matches were released on the 31st January 2021 and are being reviewed. If any cause concern they will be investigated. Of the latest data matches there are none linked to DHCW.

3/4 76/284

Fuller,Sophie

06/29/2021 12:39:32

DHCW Page 3COUNTER FRAUD UPDATE AUDIT COMMITTEE – 6th July 2021

APPENDIX 1

COUNTER FRAUD SUMMARY PLAN ANALYSIS 2021-2022

AREA OF WORK PlannedDays

Days to Date

General RequirementsLCFS Attendance at All Wales Meetings 1 0Planning/Preparation of Annual Report and Work Programme 1 1Production of Reports and attendance at Audit & Assurance 4 2.5Liaison with the DoF, NHS CFA, Welsh Government 0 0Self Review Tool (SRT) and QA Assessment 1 0

Annual ActivityCreate an Anti-Fraud Culture 1 0Presentations, Briefings, Newsletters etc. 10 1Fraud Awareness Events 0 0

DeterrenceReview/develop Policies/Strategies 2 0

PreventionThe reduction of opportunities for Fraud and Corruption to occur. 0 0

DetectionNational Pro-Active Exercises (e.g. Procurement) 2 0National Fraud Initiative 2020/21 4 0

Investigation, Sanctions and Redress The investigation of any alleged instances of fraud 11 0Ensure that Sanctions are applied to cases as appropriate 1 0Seek redress, where fraud has been proven to have taken place 2 0

TOTAL 40 4.5

4/4 77/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

3.6





N/A

Executive Sponsor Michelle Sell, Chief Operating Officer

Prepared By Michelle Sell, Chief Operating Officer

Presented By Michelle Sell, Chief Operating Officer


Recommendation

The Audit and Assurance Committee is being asked to:NOTE the update provided to the Public Accounts Committee on 1 March 2021.

DIGITAL HEALTH AND CARE WALESPUBLIC ACCOUNTS COMMITTEE REVIEW OF

NWIS UPDATE REPORT

1/6 78/284

Fuller,Sophie

06/29/2021 12:39:32

of 6 Author: Michelle Sell

Approver: Michelle SellINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

SHA Special Health Authority DHCW Digital Health and Care WalesNWIS National Health Service Wales

Informatics ServicePAC Welsh Government Public Accounts

CommitteeCaNISC Cancer Network Information

System CymruWG Welsh Government

NDR National Data Resource ICT Information Community and Technology

SITUATION/BACKGROUND

1.1 In November 2018 the then National Assembly for Wales Public Accounts Committee published its report into Informatics Systems in NHS Wales. The report considered a number of areas that had been identified from an earlier review by the Wales Audit Office and subsequent considerations, as follows:

The Welsh Government’s leadership role for informatics in NHS Wales, including, for example, ensuring NHS bodies agree what “Once for Wales” means in practice.

The work the Welsh Government is doing to better understand the costs of delivering its vision for informatics and how that could be funded given the downwards trend in spending on ICT and the £484 million estimate of the cost of delivering the vision for informatics on top of current budgets.

The extent of resourcing and investment at a local level.

The effectiveness of governance and accountability arrangements in light of concerns identified by the Auditor General and the recommendations of the Parliamentary Review to bring bodies such as NWIS within a strengthened central NHS Wales Executive function.

Local leadership, including clinical leadership, and perspectives on the factors behind slow progress in delivering the electronic patient record.

Workforce challenges, including recruitment and retention of ICT specialists.

Getting greater clarity about whether the intended benefits of investment are being achieved.

The NHS Wales Informatics Service now part of Digital Health and Care Wales was invited to present evidence to the Public Accounts Committee and has subsequently provided a number of progress updates via Welsh Government.

SPECIFIC MATTERS FOR CONSIDERATION BY THIS MEETING (ASSESSMENT)

1.2 On 1 March 2021 Dr Andrew Goodall, Chief Executive of NHS Wales provided further information to the Welsh Government Public Accounts Committee in terms of progress against the original recommendations and including specific updates provided by NWIS (now part of DHCW). The

2/6 79/284

Fuller,Sophie

06/29/2021 12:39:32



submission is attached at Appendix A, for the information of the DHCW Audit and Assurance Committee members.

KEY RISKS/MATTERS FOR ESCALATION TO BOARD/COMMITTEE

1.3 Of the eighteen original Recommendations from the PAC Report five had been addressed by November 2019 and of the remaining 13 Recommendations only one remains open, as follows:

WG, NWIS and NHS bodies should work together to explore options to secure the experienced ICT staff and developers that NWIS needs within the context of a comprehensive workforce plan for NWIS and taking account of the ICT staff available to NHS bodies. (recommendation 11)

The update notes that this will be addressed as part of wider work on a strategic workforce review, linked to an organisational change programme within DHCW.

1.4 Additional funding has been provided to DHCW as part of the formation of the SHA and through the Digital Priorities Investment Fund and recruitment is underway to increase the workforce.

1.5 Our Corporate risks consider the impact of recruitment delays and shortfalls and the need to review priorities in our Annual Plan if demand exceeds capacity (risks DHCW0259 and DHCW0237). These risks are actively managed by our Planning and Performance Management Group which drives forward mitigations and capacity assessments against key delivery. There are three key areas of risk: building up to a full Special Health Authority workforce formation; developing a sustainable workforce model for Covid – an area of uncertain requirements; and bringing in the right skills for the Digital Priorities Investment Fund Programmes.

1.6 Mitigations in train for potential shortfalls include a recruitment task force which is focussed on speeding up the process, and utilising specialist recruitment agencies to target hard to fill posts. Also, DHCW are reviewing retention of existing staff and developing the future workforce pipeline. There will also be an expansion in the variety of recruitment channels to increase the reservoir of resources, e.g. universities, veterans’ groups.

1.7 DHCW will use 3rd party resources to supplement in-house teams, to temporarily increase our capacity or where we don’t carry the highly specialised technical skills. Infrastructure examples include supporting Office 365, movement to Cloud, and new data centre networking.

1.8 DHCW are also utilising commercial support as part of the risk stratification work directly linked with the Covid-19 response. Commercial suppliers provide technical expertise and help develop the National Data Resource (NDR) environment as part of a robust approach to risk stratification, with phase 1 looking at running and hosting the QCOVID algorithm. The next area of focus is on codifying and automating the Shielded Patient List process, again hosted within the NDR risk

3/6 80/284

Fuller,Sophie

06/29/2021 12:39:32



stratification platform. Future commercial support will be sought to help establish an NDR solution for acquisition and storage of GP data.

1.9 Progress has been made by the Welsh Government Technology, Digital & Transformation Team in the appointment process for the new Chief Digital Officer (CDO) for Health & Care with interviews planned for 23 July 2021, and hosting arrangements agreed with Heath Education & Improvement Wales. As noted in the update to Welsh Government Public Accounts Committee it is anticipated that once in post the new CDO will help to shape the wider workforce review across NHS Wales.

1.10 The update also includes a number of areas that DHCW has prioritised in its Annual Plan for 2021-22 including defining our Architectural Vision in response to the Architecture Review; the replacement of CaNISC; Procurement of the new GP Services Framework; Continuing to support the roll-out of the Welsh Community Care Information System and the Digital Services for Patients & the Public Programme and the relocation of data centre services out of the Blaenavon Datacentre.

RECOMMENDATION

The Audit and Assurance Committee is being asked to:

NOTE the update provided by Welsh Government to the Public Accounts Committee on 1 March 2021.

4/6 81/284

Fuller,Sophie

06/29/2021 12:39:32



IMPACT ASSESSMENT

WELL-BEING OF FUTURE GENERATIONS ACT A healthier Wales







No, (detail included below as to reasoning) Outcome: N/AStatement:N/A

STRATEGIC OBJECTIVE Development of the new Digital Organsation



IMPACT ASSESSMENT





Yes, please see detail below

5/6 82/284

Fuller,Sophie

06/29/2021 12:39:32



FINANCIAL IMPLICATION/IMPACT Specific activities identified are included within our Annual

Plan 2021-22.Yes, please see detail belowWORKFORCE

IMPLICATION/IMPACTSpecific activities identified are included within our Annual Plan 2021-22.No. there are no specific socio-economic implications related to the activity outlined in this report


6/6 83/284

Fuller,Sophie

06/29/2021 12:39:32


Agenda - Public Accounts Committee Meeting Venue:

Video Conference via Zoom

Meeting date: 1 March 2021

Meeting time: 08.30

For further information contact:

Fay Bowen

Committee Clerk

0300 200 6565

[email protected]

(Private Pre-Meeting)

(09.00 - 09.15)

In accordance with Standing Order 34.19, the Chair has determined that the

public are excluded from the Committee's meeting in order to protect public

health. This meeting will be broadcast live on www.senedd.tv

1 Introductions, apologies, substitutions and declarations of

interest

(09.15)

2 Paper(s) to note

(09.15 - 09.30)

2a NHS Wales Informatics Services: Letter from the Welsh Government (11

February 2021)

(Pages 1 - 60)

2b Primary care out-of-hours services: Letter from the Welsh Government (12

February 2021)

(Pages 61 - 63)

3 Reflections on the Fifth Assembly/Senedd: Welsh Government -

Health and Social Services Group / NHS Wales

(09.30 - 10.30) (Pages 64 - 70)

Research Briefing

Dr Andrew Goodall - Director General, Health and Social Services Group /

Chief Executive, NHS Wales

------------------------ Public Document Pack ------------------------

1/62 84/284

Fuller,Sophie

06/29/2021 12:39:32

http://www.senedd.tv/

4 Motion under Standing Order 17.42 to resolve to exclude the

public from the meeting for the following business:

(10.30)

Items 5 & 6 and the meetings on 8, 15 & 22 March 2021

5 Reflections on the Fifth Assembly/Senedd: Consideration of

evidence received

(10.30 - 10.50)

6 Barriers to the successful Implementation of the Well-Being of

Future Generations (Wales) Act 2015: Consideration and

agreement of draft report

(10.50 - 12.30) (Pages 71 - 157)

PAC(5)-07-21 Paper 1 – Draft Report

PAC(5)-07-21 Paper 2 – Welsh Government Written Statement: Shaping

Wales’ Future: Delivering National Well-being Milestones and National Well-

being Indicators and a report on Wales’ future (19 February 2021)

2/62 85/284

Fuller,Sophie

06/29/2021 12:39:32

Cyfarwyddwr Cyffredinol Iechyd a Gwasanaethau Cymdeithasol/ Prif Weithredwr GIG Cymru Grŵp Iechyd a Gwasanaethau Cymdeithasol Director General Health and Social Services/ NHS Wales Chief Executive Health and Social Services Group

1

Nick Ramsay AM Chair Public Accounts Committee

11 February 2021

Dear Mr Ramsay I am pleased to set out below an update on NHS Wales Informatics Service (NWIS),

progress made on implementing recommendations from 2018, and a response to the

issues highlighted in your letter of 26 November.

Responding to the Covid-19 pandemic has been an overriding priority for every part

of NHS Wales during 2020. I am pleased with the contribution which NWIS has

made in delivering a timely and effective digital response. As the Committee has

highlighted in its report and scrutiny, and as described in A Healthier Wales, digital is

an enabler for almost all that we do in a modern healthcare system. This became

even more critical during a period when most people needed to stay at and also work

from home, as we have seen over the past year.

By the beginning of April, we had established new collaborative governance and

decision making arrangements which brought together Welsh Government, NWIS,

digital leads from each NHS organisation, and key external stakeholders including

from social care.

By the beginning of May, Microsoft Teams remote working had been deployed out to

the entire NHS Wales workforce and Attend Anywhere video consultation services

rolled out to the whole of Wales, we had upgraded the network bandwidth and

remote working capacity, and provided new mobile devices to thousands of NHS

staff.

By the beginning of June, we had commissioned, developed and deployed a national

contact tracing service, trained and equipped over two thousand contact tracing staff

from more than thirty public sector organisations, and provided every GP in Wales

with remote desktop access.

Pack Page 1

Agenda Item 2a

3/62 86/284

Fuller,Sophie

06/29/2021 12:39:32

Over the summer, the contact tracing service was upgraded on a four weekly release

cycle, and fully integrated into our national testing service, through the Welsh

Laboratory Information Management System (WLIMS). In September, when the

NHS Covid-19 App was launched as a joint England and Wales platform, fully

localised and translated, we were able to report all tests in Wales into the App,

several weeks ahead of England. To date the NHS Covid-19 App has been

downloaded over 22 million times across England and Wales.

By the beginning of December, we had deployed a national vaccine management

system across Wales, which has been used by every NHS Wales organisation, and

is deployed to all GP practices. Key systems, including WLIMS, have been

upgraded to provide increased capacity and functionality to handle Covid-19

demands. National infrastructure bandwidth and resilience has also been further

improved. More mobile devices have been deployed to NHS staff, to local authority

staff, and to care homes through Digital Communities Wales, a digital inclusion

programme.

The pace and scale of digital transformation in 2020 is unprecedented and I am

grateful to the teams in NWIS, NHS Wales, local authorities and Welsh Government

for what has been achieved.

The Committee will be aware there was already a very extensive programme of

digital transformation planned for 2020, including significantly increased investment

in national programmes, creating a new Digital Special Health Authority (SHA), a

new governance framework, new national leadership roles, and upgrades to key

elements of digital infrastructure and devices across NHS Wales. All of this was in

addition to ‘business as usual’ delivery of critical national digital systems.

Our digital delivery capacity is not unlimited, and it was necessary to prioritise Covid-

19 response, from March 2020 onwards. This has caused delays to some of the

planned changes announced by the Minister in September 2019, which were

discussed with the Committee soon after. Progress against those actions are

described below.

I expect the pace of digital transformation to continue over the next twelve months,

and I know that digital leaders across the system are considering how we can best

support delivery teams through this period. I am conscious of the pressure on

individuals of simultaneously prioritising Covid-19 response, maintaining regular

services, creating a new national digital delivery organisation, transitioning to new

governance arrangements, and further increasing strategic investment as part of

post-covid-19 recovery and reconstruction.

There is of course still much to do, but I believe that there has been substantial

progress made against the concerns raised by the Committee in its 2018 Report. I

expect to see further improvements over the next year, supported by increased

investment and new delivery, governance and leadership arrangements.

Pack Page 2

4/62 87/284

Fuller,Sophie

06/29/2021 12:39:32

Overall Progress Update

Progress in implementing previous AGW and PAC recommendations on

informatics systems in NHS Wales. In November 2019, the Welsh Government

identified that five of the Auditor General and PAC recommendations had been

completed; seven were due to be completed shortly. A further six required further

action and needed to await completion of the Governance and Architecture Reviews

before considering further.

There has been good progress made in completing outstanding actions through

2020, as summarised in Annex A to this letter. The Health and Social Services

Group Audit and Risk Assurance Committee (HSS ARAC) reviews outstanding

Auditor General Wales (AGW) and Public Account Committee (PAC)

recommendations and actions at each meeting, and also takes a regular update on

digital progress and delivery generally.

Of the thirteen actions which were open in November 2019, all have been closed

except one. This is an important milestone which is part of ensuring a clean

transition from NWIS to the new Digital Special Health Authority which will become

operational on 1 April. The remaining action is:

- WG, NWIS and NHS bodies should work together to explore options to secure the experienced ICT staff and developers that NWIS needs within the context of a comprehensive workforce plan for NWIS and taking account of the ICT staff available to NHS bodies. (recommendation 11)

This action will be addressed during 2021 as part of wider work on a strategic

workforce review, linked to an organisational change programme in the new body, as

described below.

Progress with the development and delivery of plans around ‘digital

infrastructure’, ‘digital workforce’, ‘digital commercial’ and ‘digital

communications’, and an explanation of how any delay might impact on the

development of the new Digital Special Health Authority (SHA). In November

2019, the Welsh Government stated that the digital infrastructure and digital

workforce plans would be complete by spring 2020 and that subsequently it would

undertake work on digital commercial and digital communications strategies.

Phase one of a strategic infrastructure review has been completed but Covid-19

pressures have delayed work on reviews into digital workforce, commercial, and

communications. Although the timetable for establishing a Digital SHA has been

revised from 1 October 2020 to 1 April 2021, this was due to Covid-19 pressures, not

delays to the three strategic reviews.

Pack Page 3

5/62 88/284

Fuller,Sophie

06/29/2021 12:39:32

The workforce review is scheduled for summer 2021. This revised timetable will

ensure that the new Chief Digital Officer (CDO) for Health & Care will be able to

shape the review, as a professional lead for digital health and care in Wales, and will

ensure that there is a link between the workforce review and an internal

organisational change programme which the new Digital SHA will undertake during

its first year. It will also allow the workforce review to take account of lessons

learned from how the digital response to covid-19 was delivered. Separately to this

workforce review, which will be focussed on professional digital skills, a ten year

workforce strategy for health and social care was published in October 2020 which

includes ‘building a digitally ready workforce’ as one of seven main themes.

The communications review will be undertaken by December 2021. The new Digital

SHA’s corporate identity and the CDO’s remit to represent digital health and care on

a whole system basis will be key considerations for the review. Communications

and engagement within Wales and with other parts of the UK has been a feature of

Covid-19 response which will also be considered.

The commercial review will be undertaken by March 2022. There has been intense

pressure on the procurement service and profession throughout the last 12 months,

for example in securing Personal Protective Equipment (PPE) supply. There are

changes proposed to UK procurement regulations, and there is an enhanced interest

in foundation economy and local supply chain as an economic development policy.

Working with industry through commercial partnerships is likely to continue to be a

feature of covid-19 response and post-covid-19 recovery. The review will be

undertaken when the policy and regulatory context is more settled, and will be able

to reflect on learning from commercial and procurement activity through 2020 and

2021.

Progress towards delivering the architecture review’s action plan by

November 2022. The architecture review set out steps the Welsh Government

needed to take within 3-9 months, one to two years and two to three years, to put in

place the digital architecture needed to deliver at pace its ambition for health and

social care, set out in A Healthier Wales. In November 2019, the Welsh Government

committed to ‘seeking to make as rapid progress as we can over the next four

months and six months’, but also stressed that factors, such as Brexit and

recruitment potentially created delivery challenges.

Principles and priorities set out in the architecture review have been applied to the

main elements of Covid-19 response, and to investment in network infrastructure

and user devices. Systems developed as part of Covid-19 response have been

designed to interoperate effectively with other systems in Wales and across the UK,

through defined standards and interfaces. For video consultation, contact tracing,

and vaccine delivery, there has been robust standardisation on an all-Wales basis.

Pack Page 4

6/62 89/284

Fuller,Sophie

06/29/2021 12:39:32

The rapid deployment of these systems, alongside the accelerated rollout of

Microsoft Teams and Office 365 to the entire NHS Wales workforce, were enabled

by a cloud hosting and device neutral approach.

There has been rapid progress in these areas, but there is further work to do on

existing health and care services, which will take some time due to contractual

timetables and the inherent complexity of some systems. Principles from the

architecture review are included as standard requirements for all funding allocated

through the Digital Priorities Investment Fund (DPIF). However, in some cases

suppliers are not able to upgrade systems to cloud hosting, or there is no suitable

cloud hosted service available from the supplier market.

The specific Action Plan and challenges in the architecture review were

recommended in mid-2019. The context for digital health and care in Wales has

transformed since then. As part of planning further accelerated investment into

digital through 2021 and 2022, the actions and challenges will be reviewed to

provide assurance that they still align with system priorities and opportunities, and

take account of learning from Covid-19 response.

Specific Matters

Action taken since November 2018 to ensure openness and transparency

around reporting on progress in delivering digital transformation in Welsh

healthcare in advance of the creation of the Digital SHA. In November 2018, the

Committee’s report identified concerns about a culture of self-censorship and denial

amongst those charged with delivering a digital transformation in Welsh healthcare.

In November 2019, the Welsh Government identified that establishing the Digital

SHA would partly address that issue. However, the SHA will not be operational until

April 2021 at the earliest.

During 2020 Welsh government has strengthened reporting and management

arrangements in several ways. Working with the Velindre Audit Committee, there is

now a dedicated NWIS Audit meeting, with papers published in the same way as for

any other NHS organisation. Although not formally included in the NHS Planning

Framework, the NWIS Integrated Medium Term Plan (IMTP) has been reviewed and

accepted by Welsh Government and is used to frame monthly management

meetings. An updated NWIS reimbursement letter including an escalation

framework, and an Accountable Officer letter to the Interim Director, provide more

robust governance. The NWIS Interim Director has attended NHS Wales chief

executive group meetings since the beginning of the Covid-19 pandemic. An interim

Digital SHA Chair was appointed in November and attends NHS chairs group

meetings. These measures have significantly strengthened reporting and

monitoring arrangements and prepare for the establishment of the Digital SHA.

Pack Page 5

7/62 90/284

Fuller,Sophie

06/29/2021 12:39:32

As part of digital transformation a new governance framework was confirmed in

March 2020, setting out accountability, assurance and advice functions more clearly,

and with a strong emphasis on transparency. Transition to these new governance

arrangements was postponed at the start of the Covid-19 pandemic. A new Covid-

19 Digital Cell was established in March 2020, which initially met three times a week,

with membership consisting of digital leads from all NHS organisations and other key

stakeholders. The Covid-19 Digital Cell has been a key part of enabling rapid

decision making and delivery, maintaining a real time oversight of progress on digital

transformation. Due to the scale and importance of digital developments and roll-out

across Wales in response to Covid-19, NWIS has been very visibly connected with

the system response and has engaged directly with external stakeholders, which has

increased transparency and accountability.

Since December the remit of the Covid-19 Digital Cell has shifted to planning for

digital transformation as part of post-covid-19 recovery, with oversight of Covid-19

response (eg. digital tracing, testing and vaccine systems) through a new TTP Digital

Pathway Group. There are regular updates from these groups to Covid-19 and

wider contingency arrangements at NHS and Welsh Government level.

The new governance framework will be introduced during the first half of 2021,

alongside the new Digital SHA and the appointment of national leadership roles

including the CDO for Health and Care.

Reflections on any notable changes in the Welsh Government’s digital

priorities and strategic approach for NHS Wales, considering learning

gathered through its response to the Covid-19 pandemic. The Committee’s

November 2019 evidence session considered the Welsh Government’s strategic

approach as set out in documents, such as its Informatics Plan 2019-2022 and the

architecture and governance reviews. The Welsh Government’s response to the

pandemic has included multiple IT initiatives across primary, community and

secondary care. For example, enhancing the digital and remote working capability of

GPs so that they can undertake video consultations.

The Health and Social Services Group (HSSG) Audit and Risk Assurance

Committee (ARAC) has completed an initial ‘deep dive’ into digital transformation,

led by an independent member and supported by officials. This has identified key

aspects of the digital response to Covid-19 which could be applied to post-covid-19

recovery and to transformation generally:

- Building from existing programmes helps achieve maximum benefit quickly and provides more stable governance and assurance;

- Scalable, cloud based solutions have driven standardisation as well as pace of deliver;

Pack Page 6

8/62 91/284

Fuller,Sophie

06/29/2021 12:39:32

- High quality remote training via ‘webinars’ as opposed to service desks and ‘floor walkers’ allows large scale training from subject-matter experts allowing real time feedback and improvement;

- The need for a strong foundation of digital infrastructure, cyber security, architecture and interoperability.

Most significantly, the Covid-19 response has shown a strong alignment to A

Healthier Wales, for example with regard to different and ‘closer to home’ ways of

delivering services, enabling self-management, using digital as an enabler, and

making services consistent on an ‘all-Wales’ basis.

Planning for strategic digital transformation programmes in 2021 is being led by

Welsh Government through the Digital Cell. This was the primary decision making

and co-ordinating group for digital response to Covid-19, which will ensure that

lessons learned are applied to post-covid-19 recovery and to continued digital

transformation.

Digital and Technology is highlighted in A Healthier Wales as an enabler of

transformation and this is reflected in the significant additional investment

announced in September 2019, and in further additional investment for digital

included in the draft budget for 2021/22. It is clear also that digital has been a major

enabler of effective and timely response to Covid-19. Although the response to

Covid-19 continues, I expect several early reviews of innovation and lessons learned

to report within the next few months. These will be of interest for innovation and

transformation generally, as well as digital, and at its next meeting in February the

NHS Wales Executive Board will have a focussed agenda looking at approaches to

recovery, including a review of actions in A Healthier Wales and future options for

funding integrated health and care services.

Update on recruitment to key digital leadership roles. In February 2020, the

Welsh Government provided further details about the respective roles of the Chief

Digital Officer, the Chief Clinical Information Officer and the Chief Technology

Standards Officer. It also stated that the timetable for appointing the CDO remained

dependent on the establishment of the proposed NHS Executive SHA, in which the

role will be hosted. However, it would also ‘explore alternative options for hosting the

CDO in the interim in order to proceed with the recruitment as soon as possible’.

Recruitment of the CDO and supporting roles has been delayed due to Covid-19

pressures. Given limited capacity and the need to prioritise, it was decided that

maintaining Covid-19 response and establishing the Digital SHA was a higher priority

than the CDO. This also reflected the need to protect the legislative requirements

and timetable for establishing a new NHS Wales organisation.

Pack Page 7

9/62 92/284

Fuller,Sophie

06/29/2021 12:39:32

The proposed NHS Executive SHA has been postponed and officials have explored

interim hosting arrangements. All parts of NHS Wales have been under extreme

pressure since the beginning of the Covid-19 pandemic and it has taken some time

to confirm appropriate hosting arrangements, given the need for capacity to design

and implement new recruitment and governance arrangements.

In December arrangements were confirmed with Health Education Improvement

Wales (HEIW) to host an ‘Office of the CDO’, on an interim basis, with the

expectation that this function would be transferred to an NHS Executive SHA in due

course. This will allow recruitment of a CDO for Health and Care to proceed with

further appointments following. I expect the advert to go live within the next few

weeks, and hope to see a CDO in post by the summer.

Bob Hudson was appointed interim Chair of the new Digital SHA called Digital Health

and Care Wales (DHCW) in November. Recruitment of a vice chair and independent

members is in progress, with interviews early in February. Recruitment of key

executive roles required to be in post by 1 April 2020 is also in progress. The Chief

Executive Officer role was advertised in December with applications accepted from

NHS Wales staff. Due to an insufficient number of eligible applications, the

appointment panel has decided to re-advertise the role on an open basis. Helen

Thomas, currently interim Director of NWIS, has been appointed as Interim Chief

Executive of the new Digital SHA.

An account of how NHS Wales, including NWIS, has engaged with the

development and work of the Centre for Digital Public Services and how the

Welsh Government sees the relationship between the new Digital SHA and the

Centre working in future (assuming continued Welsh Government support for

the Centre). The Committee understands that the Centre’s initial piece of work has

focused on using digital technology to improve services for users of Adult Social

Care in three local authorities.

In 2020/21 the Centre has been part funded by the DPIF and has focussed on initial

‘discovery’ and ‘alpha’ phases of work. Health is represented on the Centre for

Digital Public Services (CDPS) steering group, through cross-portfolio Ministerial

oversight of Digital, and through a weekly ‘CDOs’ meeting which includes the Centre,

CDO Local Government, CDO Welsh Government, and HSSG Director Digital

Technology & Transformation.

The Welsh Government has included £4.9m of support for the CDPS in its draft

budget for 2021/22. This will be a significant step up for the Centre, which will be

supported by close engagement with stakeholders including the new Digital SHA.

As part of early stakeholder engagement the Interim Chair and the Interim Chief

Executive of the Digital SHA have met with CDPS to discuss opportunities and

alignment. CDPS has also worked alongside NWIS as part of a panel discussion

focussed on Digital Skills in the Welsh Public Sector.

Pack Page 8

10/62 93/284

Fuller,Sophie

06/29/2021 12:39:32

The Centre’s first ‘expert squad’ alpha project has been centred on adult social

services, with three local authorities working with the Centre and service users to

explore options for digital service transformation and overcoming barriers such as

difficulties for users in accessing Council websites.

Finance and Resources

Breakdown of the estimated costs of establishing and operating the proposed

Digital SHA, including the estimated operating budget compared with NWIS

and the reasons for any differences. In his September 2019 Update on Digital

Health and Care, the Minister for Health and Social Services announced that the

NHS Wales Informatics Service (NWIS) would transition to a new digital SHA from

April 2021. This was with the intention of strengthening governance and

accountability, including plans for a new independent chair and board members with

experience and understanding of digital change. The Welsh Government is currently

consulting on various aspects of its proposals for the digital SHA. The consultation

notes that ‘some additional expertise will be recruited in order to fulfil the additional

functions and responsibilities proposed’ but does not provide information about

estimated costs.

The estimated cost of establishing the Digital SHA is £1m, and the estimated

additional operating cost of the Digital SHA is £2m per annum.

The establishment costs for the Digital SHA are managed through the Welsh

Government’s Digital SHA Programme and its workstreams, and include one-off

costs relating to the transfer of functions and processes to the new organisation. For

example this includes legal and financial work such as scheduling and novating

contracts, TUPE transfer of existing staff, and the preparation of new financial

ledgers. These establishment costs also include the SHA Programme staff costs.

The SHA Programme will run for two years from April 2020 to March 2022.

The additional operating costs are recurrent and relate to the governance

arrangements for the Digital SHA including an appointed Chair and Board, and

additional corporate governance and statutory functions. These costs have been

benchmarked against the initial additional operating costs for HEIW, when

established in 2018, which were in the region of £1.7m per annum.

The consultation process has confirmed an expanded scope and some additional

functions for the new Digital SHA and as you will be aware there is also an increase

in strategic investment in digital services generally. Although this is not specific to

the SHA organisational structure the committee will want to note that from 2021/22

the Welsh Government will increase its core funding to the new organisation,

compared to historic funding to NWIS. The Welsh Government’s core funding is one

of three main sources of revenue for national digital services, alongside formula

Pack Page 9

11/62 94/284

Fuller,Sophie

06/29/2021 12:39:32

based funding for digital in primary care, and service level agreement revenue from

other NHS Wales organisations. Core funding was around £30m in 2019/20, £36m

in 2020/21, and will increase again to £42m in 2021/22. New functions and the £2m

additional cost of operating as a Digital SHA will be covered from this increased core

funding.

This additional investment in the delivery of national digital services from 2021/22 is

separate to the £75m DPIF. It is important that the new Digital SHA is adequately

resourced, and that it has a predictable funding settlement, so that it can support

wider digital transformation across health and care in Wales.

Update on the Digital Priorities Investment Fund (DPIF) to include a breakdown

of the allocation/expenditure to date. As part of this, the Committee would

welcome details of how this Fund has been used to support the Covid-19

response, what this may have meant for other planned projects and how those

projects might otherwise be funded. In his September 2019 update, the Minister

announced £50m for the DPIF to support delivery of five priorities (transforming

digital services for patients and public transforming digital services for professionals,

investing in data and intelligent information, modernising devices and moving to

cloud services and cyber-security and resilience).

The DPIF announced by the Minister in September 2019 was initially prioritised

towards investment in infrastructure and devices. This approach was confirmed

following close engagement with digital leads across NHS Wales and was targeted

at replacing end of life and legacy infrastructure, at national and local level. For

example funding was allocated to NWIS to upgrade servers and network

infrastructures, and to health boards and trusts to upgrade user devices and Wi-Fi

infrastructure.

Forecast allocations for 2019-20, which had been made by March, were re-prioritised

in April and May to support Covid-19 response. Where possible this re-prioritisation

was done in a way which took account of existing programmes – for example the

Office 365 deployment programme was accelerated and the phasing of new

functions changed to bring forward Microsoft Teams video conferencing; and

infrastructure investment was restructured to focus on mobile devices and network

bandwidth, to support home and remote working. In other cases existing

programmes were supported to scale up local pilot projects to national – for example

video consultation, part of the Technology Enabled Care programme, was deployed

nationally across primary care by the end of May, then expanded to other care

settings.

Resources were also redeployed from existing programmes to support new Covid-19

response projects – for example teams recruited to the National Data Resource

Programme have supported several elements of Covid-19 response including

contact tracing, testing, and vaccine systems.

Pack Page 10

12/62 95/284

Fuller,Sophie

06/29/2021 12:39:32

Covid-19 pressures have had an impact on DPIF funded activity. Some existing

programmes have seen their delivery timetables delayed, and other forecast

programmes have not been able to complete their pre-programme phase and have

therefore not started as forecast. This is not due to a lack of funding, but rather to

the lack of delivery capacity – digital teams have been over-stretched since April

delivering urgent Covid-19 response, as have clinical teams and other parts of the

NHS and care services.

A breakdown of the DPIF allocation to date is attached at Annex B.

The DPIF will be increased to £75m in 2021-22. Covid-19 pressures will continue to

have an impact on delivery capacity and Welsh Government is working with digital

leaders across the NHS in Wales through the Digital Cell to consider ways in which

this can be addressed.

Update on any recent work undertaken by the Welsh Government to

understand the overall costs and affordability of delivering its digital strategy

for health and social care over the coming years, particularly post the

architecture review. In his 2018 report on Informatics systems in NHS Wales the

Auditor General reported ‘In 2016, for the first time, NHS Wales has set out

indicative costs and timescales of delivering its strategy. The cost over five years is

tentatively estimated at £484 million on top of existing budgets’.

For the two and a half years from September 2019 to March 2022, Welsh Government will have provided an additional £185m of funding for digital transformation, on top of existing budgets. Forecast investment in Covid-19 digital services such as contact tracing, testing and vaccine is expected to take this to more than £200m of additional digital funding. As the committee will note, this is less than half the £484m forecast requirement over five years which was made in 2016. In his September 2019 announcement the Minister emphasised the need to strengthen governance and delivery arrangements alongside increased funding, so that increased investment is supported by increased capacity and capability. This is intended to provide assurance on value for money and is in response to the Committee’s 2018 report, which was critical of delivery capacity and capability. Welsh Government will this year look at the costs and affordability of delivering further digital transformation, taking account of lessons learned from Covid-19 response and how the challenges and opportunities for health and social care have changed since 2018. I expect this to lead to a new digital strategy for health and care which will set out new priorities, consolidate recent strategic reviews of digital, take account of the establishment of Digital Health and Care Wales, and complement a new Digital Strategy for Wales which will be published soon by Welsh Government.

Pack Page 11

13/62 96/284

Fuller,Sophie

06/29/2021 12:39:32

Welsh Community Care Information System (WCCIS)

The Welsh Government’s position on whether it considers the progress made

by the WCCIS Programme to date to be satisfactory. The Auditor General found

that the Welsh Government’s ambitious vision for WCCIS is still a long way from

being realised. The report showed that, “as at 31 August 2020, 19 organisations

were using WCCIS or had signed deployment orders, with four in active negotiation

and six yet to commit. Of the 19 organisations, 13 local authorities and two health

boards had gone live. However, ‘live’ can mean different things. Differences in how

organisations are choosing to deploy WCCIS currently limit opportunities for

integrated working and raise other value for money issues”. There was an initial

estimation that all local authorities and health boards could be using the system by

the end of 2018.

Welsh Government welcomes the recent report and recommendations by Audit

Wales. The report acknowledges the ambition and inherent complexity of the

WCCIS programme, which are reflected in the unique governance arrangements and

the partnership approach which brings together local government and the NHS at the

leadership level.

The Programme has not achieved its original estimation that all local authorities and

health boards would be using the system by the end of 2018 and Welsh Government

accepts that this was an over-ambitious target.

Since 2019 the Welsh Government has provided increased funding support to the

WCCIS Programme and NHS organisations through the DPIF, and to Local

Authorities through the Integrated Care Fund. Covid-19 response has had an impact

on WCCIS delivery during 2020, as it has had on other strategic transformation

programmes. Welsh Government is working with the Programme leadership to

implement the recommendations from the Audit Wales report and to identify ways in

which deployment orders and ‘go live’ can be accelerated.

Whether the Welsh Government still considers that a single system rolled out

across 29 organisations is necessary to support its efforts to deliver seamless

and integrated health and social care. And, if so, what it will now be doing to

drive further roll out before the end of the contract term, including any key

milestones or update on scheduled go live dates. The report notes that “…the

Welsh Government still considers that a national approach to information sharing

between health and social care is an appropriate model to enable the co-ordination

of care within the community”. It also found that despite efforts to accelerate the

process, the prospects for full take-up of WCCIS and benefits realisation remain

uncertain, and some important issues remain to be resolved. For example, around

the functionality of the system, data standards and benefits reporting.

Pack Page 12

14/62 97/284

Fuller,Sophie

06/29/2021 12:39:32

As set out in A Healthier Wales, Welsh Government considers that a single digital

system rolled out across all organisations will be an important enabler of integrated

working and seamless delivery of services across health and social care.

Welsh Government is committed to supporting the WCCIS programme to make

progress on deployment and adoption to the end of the contract term. Welsh

Government welcomes the recent report by Audit Wales, and accepts the

recommendations:

1. Before committing further central funding, Welsh Government should work with the WCCIS National Programme Team, health boards, local authorities and the supplier to:

a. Produce an updated business case; b. Ensure organisations have the necessary capacity and support to

implement WCCIS; c. Develop clear, national feedback from front-line users about the

performance and functionality of the system.

2. Welsh Government should work with the National Programme Team to consider how the WCCIS contract might have been strengthened to support and incentivise delivery and manage risk; and how relevant lessons can be applied to any future contracting arrangements

Welsh Government is working with the Programme to take the recommendations

forward and to explore options which would strengthen leadership, delivery and

contractual arrangements. Welsh Government is also working with the programme

leadership and other stakeholders and partners to review the programme’s technical

priorities and approach, as part of discussions on delivery timetable and milestones.

Since the WCCIS programme was conceived there has been a change of strategic

approach in relation to digital health and care records, in particular a commitment to

implement common standards and open architecture, as described in the 2019

Digital Architecture Review.

All of this work will be informed by lessons learnt from Covid-19 response, for

example for the all-Wales contact tracing service, which is used as a common

platform by 31 NHS and local government organisations. Although the contact

tracing system is new and is far simpler in terms of functionality than WCCIS, it has

demonstrated the value and effectiveness of cloud hosting, and the use of common

standards for data, user interfaces and reporting.

Update on the anticipated costs of the hardware refresh outlined in the report

and the proposed approach to meeting any shortfall in funding. We would also

welcome clarification of how the value for money of the hardware refresh is

being considered alongside any potential system upgrade to a new software

Pack Page 13

15/62 98/284

Fuller,Sophie

06/29/2021 12:39:32

platform hosted in the Cloud and whether an earlier decision on the software

platform could have negated the need for the hardware refresh. The Auditor

General found that the Welsh Government has approved approximately £1 million to

fund a contractually required refresh of the hardware supporting WCCIS. Potentially

the refresh will cost more than the amount secured and organisations that have

signed deployment orders are liable to pay a share of any additional costs. The

report also found that before the end of 2020-21, the [WCCIS] National Programme

Team expects to complete a detailed appraisal of the costs, benefits and risks of

moving to a newer version of the system hosted on the Cloud.

The requirement for a hardware refresh was anticipated in the original All Wales

Deployment Order and the Master Services Agreement in March 2015. The timing

of the refresh, as detailed in Clause 11 of the All Wales Deployment Order, is that it

must be in place by 31 March 2021. The reasonable cost of this refresh falls to the

contracting Authority on behalf of the users.

To consider value for money, the Programme has undertaken a formal Options

Appraisal, which considered a range of approaches including a new cloud hosted

software system. This process has concluded that a hardware refresh maintaining

current system offered the best value for money, notwithstanding an increased cost

of £1.93m, compared to the original forecast of £1.0m. The difference arises from

essential system and server software licences required for the refreshed hardware,

which had not been provided for. Including this increased cost, the WCCIS

Programme’s forecast capital expenditure to March 2022 is £9.6m, which is within

the £9.9m forecast in the FBC to the same date.

The WCCIS Programme has advised Welsh Government that an earlier decision

regarding the hardware refresh would not have resulted in a different outcome or

have enabled a shift away from managed hardware to a cloud hosted service,

because the current cloud version does not provide parity of functionality with the

currently deployed version in Wales.

As noted in the Audit Report, the National Programme has commenced work on a

Strategic Options Review. The timetable for this work has been impacted by Covid-

19 pressures. To ensure adequate engagement with stakeholders and users this

work will be undertaken during 2021-22.

The Committee requests a copy of the expected annual report on the progress

of the programme for the period to the end of March 2020 and a summary of

any additional evidence that the Welsh Government and National Programme

Team would point to around benefits realisation. The report notes that the Welsh

Government is expecting the National Programme Team to produce a

comprehensive annual report on the progress of the programme, starting with the

period to the end of March 2020. That report was delayed by the Covid-19

pandemic. When the Auditor General asked for evidence of local and regional

Pack Page 14

16/62 99/284

Fuller,Sophie

06/29/2021 12:39:32

benefits his team received limited feedback. However, the National Programme

Team’s statement at the time of publication said that WCCIS is ‘already making a

difference’ and that the organisations that have gone live are ‘seeing the benefits’.

In August 2020, the National Programme has produced a renewed three year

Business Plan, which has been attached at Annex C. In light of the Covid-19

pandemic and the recent Audit Wales report into the programme Welsh Government

has agreed that an annual report on progress, will be produced for the year to March

2021. This annual report will include initial outputs from the work to establish a

national benefits reporting framework. This has been developed in partnership with

the Regional WCCIS Programmes and work has already commenced on the

implementation plan.

Welsh Government also continues to receive quarterly monitoring and management

reports as part of regular DPIF governance arrangements.

Update on progress delivering mobile functionality within WCCIS including the

latest position and any results from the mobile pilot and progress in taking

enhanced functionality into testing. The report states that: “Under the original

contract requirements, WCCIS must be capable of working on a mobile platform via

wireless and 3/4G so that it can be accessed by NHS and local authority staff

working in the community. A version of the mobile application based on the original

requirements is now scheduled to be piloted before the end of 2020. The pilot has

been delayed in part due to the impact of Covid-19 and the capacity of local

organisations to support this work. Enhanced functionality has also been agreed and

is due to go into testing shortly, for example to include appointments management”.

Welsh Government has been advised by the WCCIS Programme that the pilot

version of the WCCIS Mobile App, which has been delayed by Covid-19, will be

available by March 2021. The pilot will deploy version 1.3 of the app, which has

been made available by the supplier alongside the current release of the core

software (the second of four releases under the agreed functional delivery roadmap).

Welsh Government has agreed with the WCCIS Programme that it will provide

regular updates on the progress of the pilot, through testing and subsequent

deployment to pilot and live phases, as part of regular monitoring and reporting.

Issues Relating to other Specific Systems and Outages

Update on progress delivering the CaNISC replacement and confirmation that

all secured funding remains available. In November 2019, the Welsh Government

confirmed that it had approved £7.5 million to replace CaNISC and stated that the

replacement programme would be complete by November 2022, but that it would to

try to make it happen ‘more quickly’.

Pack Page 15

17/62 100/284

Fuller,Sophie

06/29/2021 12:39:32

Welsh Government remains fully committed to delivering the CaNISC replacement

as early as possible and the required funding remains available and committed.

The Cancer Informatics Programme Board leads delivery of the CaNISC

replacement and has reviewed options to accelerate the programme timetable, or to

bring forward key elements of the programme. In September 2020 the Board

reviewed the delivery timetable again due to the need to relocate national services

from Blaenavon Datacentre to a new datacentre facility.

The Programme Board noted the progress which has been made in 2020 on

including CaNISC data in the main electronic health and care record, so that it can

be viewed through other national systems such as the Wales Clinical Portal. As well

as clinical benefits this also provides additional resilience for cancer information

services.

The Programme Board’s review has identified twelve workstreams which will be

accelerated: Multi-Disciplinary Meeting (MDM) outcome, Radiotherapy Treatment

Data, Palliative Care, Chemotherapy (SACT) Treatment Data, Data Reporting,

Screening and Colposcopy, Inpatients, Radiotherapy Requesting (IRMER),

Outpatients, Adverse Reactions & Patient Warnings, VCC Welsh Patient

Administration (WPAS) implementation, and Investigations (Histology results).

CaNISC is a complex and fragile system which continues to be managed as a major

risk. Welsh Government, the Cancer Informatics Programme Board, and all

stakeholders are working hard to deliver a replacement at the earliest possible date.

Update on GP clinical systems, clarifying the current contractual position and

how that was arrived at from a procurement perspective. The Welsh

Government’s decision in October 2019 to terminate its contract with one of the

providers of GP clinical services left one remaining provider on the framework. In

November 2019, the Welsh Government noted that it was reviewing how to proceed,

with that review process likely to conclude in January 2020. In February 2020, the

Welsh Government noted that NWIS was working with the Health Boards and GP

Practices in Wales to establish new contract(s) with the GP System suppliers.

The procurement of General Practitioner (GP) clinical systems is led by the GMS

IM&T Programme Board, which includes representation from General Practitioner

Council (GPC) Wales, Royal College of GP’s (RCGP), Health Boards and Welsh

Government. Due to significant delays in delivery by one of the selected suppliers,

the Programme Board took the decision to remove that supplier from the framework

in October 2019. The Welsh Government is not itself a party to the contract.

The GMS IM&T Programme Board reviewed the options available to those practices

affected by the removal of the supplier, following which it resolved to undertake a

new procurement of a multi-supplier framework, in order to provide a choice of

system for those practices.

Pack Page 16

18/62 101/284

Fuller,Sophie

06/29/2021 12:39:32

The new procurement process was paused by the General Medical Services

Information Management & Technology (GMS IM&T) Programme Board in March

2020, due to Covid-19 pressures. An extension was agreed with their existing

supplier that it would continue to provide practices with support until 31 January

2021, with the option to further extend support until 31 July 2021 if required. The new

procurement was restarted in September 2020, through stakeholder and commercial

engagement, which has now been completed. The formal contract procurement is

expected to start soon.

Update on My Health Online to include: the number of people currently

registered to use My Health Online; work with GP system suppliers to ensure

that patients do not need to re-register; and progress in enhancing the

functionality available. In November 2019, the Welsh Government stated that

350,000 people were registered to use My Health Online, but that enhanced

functionality and requiring GPs to use the system, meant that ‘uptake will be greater

in future’. In February 2020, the Welsh Government committed to working with the

suppliers to address the registration issue around the transfer of data between

practices.

As of November 2020, there are 403 practices offering My Health Online (MHOL) to

patients and there are 407,496 patients registered for the service.

Work with GP system suppliers is linked to the outcome of the GP system

procurement; key functionality must be delivered by the relevant system supplier.

The current position is that:

- When a patient moves from one Vision practice to another the patient account can be re-linked;

- When a patient moves from an EMIS practice to a Vision practice, the account can be re-linked if a specific read-code and patient email address are available in EMIS for the patient;

- When a patient moves from one EMIS practice to another, the patient will need to re-register;

- When a patient moves from a Vision practice to an EMIS practice, the patient will need to re-register.

The digital response to Covid-19 has demonstrated that the public and patients are

willing to engage with modern digital services through apps (eg. the NHS Covid-19

App) and websites (eg. the Covid-19 test booking service). Using open architecture

and common standards, Covid-19 digital services have been deployed on a country

specific basis (contact tracing), on a multi country basis (proximity tracking), and on

a whole UK basis (test booking).

Pack Page 17

19/62 102/284

Fuller,Sophie

06/29/2021 12:39:32

My Health Online is not built in this way and there are no plans to develop additional

functionality within the existing system. Through the DPIF Welsh Government is

funding a new Digital Services for Public and Patients (DSPP) Programme which will

develop a range of user designed services through an open architecture and

standards based approach, in line with the principles set out in the Digital

Architecture Review, and informed by learning from Covid-19 digital response. The

DSPP Programme has undertaken extensive supplier engagement in 2020 and will

procure strategic development partners early in 2021.

Update on data outages and resilience to include, for the period since 31

August 2019, quarterly outage figures for the data centres and for CaNISC,

WLIMS and WCCIS. Also to include an update on any actions the Welsh

Government plans to take to strengthen data centre resilience. The Committee’s

2018 report found that “… the NHS in Wales is struggling to run its own data centres

with 21 outages in the first 6 months of 2018 – one outage every 9 days”. At its 2019

evidence session, the Committee returned to issues around outages at the

Blaenavon Data Centre and the resilience of CaNISC and WLIMS based on the

updated outage data supplied by the Welsh Government. The Welsh Government

stated that it had made additional investment in routine maintenance to make NHS

Wales IT systems more resilient and reduce outages.

Outages for the period since 31 August 2019 to 31 December 2020 for datacentres,

CaNISC, WLIMS and WCCIS are as follows:

Quarter Data

Centres

CaNISC WLIMS WCCIS Total

Sep 2019 0 0 0 0 0

Oct-Dec 2019 0 1 2 0 3

Jan-Mar 2020 0 1 3 1 5

Apr-Jun 2020 0 1 1 4 6

Jul-Sep 2020 0 3 3 2 8

Oct-Dec 2020 0 0 4 1 5

Total 0 6 13 8 27

Pack Page 18

20/62 103/284

Fuller,Sophie

06/29/2021 12:39:32

These outages include incidents which were intermittent, only affected some users,

or led to slow access, as well as those during which the whole service was

unavailable. The table also includes outages caused by third party issues (eg.

external non-NHS network failures); failures in other elements of national

infrastructure (eg. remote desktop services); and complications during planned

maintenance and upgrades which delayed system restart.

Welsh Government is supporting NWIS to relocate from Blaenavon Datacentre

(which is a ‘tier 2’ facility) to a more resilient ‘tier 3’ datacentre. The procurement of

a new facility has been completed and all services are forecast to have been

transitioned out of Blaenavon by the end of summer 2021. The majority of services

will be re-provisioned in the new facility, and the programme is identifying any

services which could be safely moved to cloud hosting, within the relatively short

timetable for planning and implementing the relocation of critical national services.

Additional investment to accelerate elements of a replacement system for CaNISC,

and a scheduled hardware refresh of WCCIS, is described above. In December

2020 there was a major upgrade to the Welsh Laboratory Information Management

System (WLIMS), which increased the capacity of the system to cope with the

volume of Covid-19 testing capacity and will enable new functionality. As part of

Covid-19 response Welsh Government has also supported increased bandwidth to

national datacentres and increased the capacity of other key elements of the national

network infrastructure.

All of these investments will contribute to resilience and help reduce the number and

duration of outages for national systems.

Auditor General Report on NHS Clinical Coding

The Committee has also noted the Auditor General’s recent report on NHS clinical

coding. While the report did not raise specific recommendations for the Welsh

Government, I would welcome a response to the issues raised under the suggested

four key areas for attention on page 33 of the report. These were around national

leadership and capacity, training and awareness raising, adopting recognised good

practice and using technology to drive improvements.

A Clinical Classification team has been established to provide co-ordination across

the key areas in the report.

- Leadership and Capacity – The Clinical Classification team chairs a regular meeting of clinical coding managers in Wales and also represents Wales at UK level clinical coding groups. The Classifications and Terminology Standards Team has increased the frequency of all-Wales meetings from quarterly to monthly, and uses Microsoft Teams to enable real-time joint working between coding managers and the NWIS team.

Pack Page 19

21/62 104/284

Fuller,Sophie

06/29/2021 12:39:32

- Training – The clinical Classifications team will procure and manage mandatory clinical coding training including a standards foundation course, a refresher course staff are required to sit every 2-3 years, and revision courses for staff sitting the National Clinical Coding Qualification (NCCQ) examination.

- Awareness Raising - A proof of concept dashboard allowing non-coding staff such as clinicians to view clinically coded data is being used to increase awareness of the contents of coded data and to highlight data quality issues (from a clinical perspective). This will be supported by e-learning packages for non-coding staff to highlight the importance of coding and good practice.

- Adopting Recognised Good Practice – The query helpdesk for clinical coding staff has been upgraded and made easier to access. A regular newsletter for clinical coding staff in Wales and a new user friendly intranet site is used to share learning and promote good practice.

- Using Technology to Drive Improvements - National clinical coding standards (both Welsh and UK) are available to clinical coding staff in Wales through the NWIS Clinical Classifications Standards Dictionary. This ensures a consistent, central repository of coding standards across all UHBs. This is supported by a clinical coding dashboard which checks submitted data, currently covering around 100 specific error types for diagnosis coding, with additional procedure codes error types in development.

Yours sincerely

Dr Andrew Goodall

Pack Page 20

22/62 105/284

Fuller,Sophie

06/29/2021 12:39:32

Annex A - Update on Wales Audit Office (WAO) and Public Accounts Committee (PAC) recommendations. 2018 WAO Recommendations

WAO Recommendations Narrative

Status

Recommendation 3 – “…The Welsh Government, NWIS and NHS bodies should agree a clear and achievable set of priorities for national informatics and resist adding new priorities without either deprioritising something else or adding new resources.”

The Digital Priorities Investment Fund and strengthened NWIS governance arrangements have been used to frame agreement at system level on priorities.

This has been supported by engagement with digital leads from all organisations, and with Directors of Planning, Directors of Finance, Chief Executives, and other national peer groups.

Covid-19 response has required rapid reallocation of resources which has been managed through dedicated Digital Cell governance arrangements.

Completed

Recommendation 4 – “…The Welsh Government, NHS bodies and NWIS should produce an open and honest assessment of what has worked and what has not so far and produce a clear and jointly owned plan for overcoming the known barriers to progress. These documents should be in the public domain so that NHS staff can see that their concerns have been recognised and are being addressed.”

Strategic Reviews of Digital Governance and Digital Architecture were completed in 2019 and published as part of evidence to the Public Accounts Committee. A public consultation on the new Digital SHA set out the functions alongside implementing a national digital governance framework. NWIS Audit Committee papers are published in line with general NHS Wales policy.

DHCW board meetings will be open to the public and key documents will be published, as per other NHS organisations.

Completed

Recommendation 5 - “…The Welsh Government should: (a) work with NHS bodies to develop options for strengthening representation of informatics at board level, including reviewing the merits of a board level Chief Clinical Information Officer (or equivalent) role; (b) work with NHS bodies to develop a clear action plan for the development of a cadre of senior clinician-informatics staff, in line with the recommendations of the Wachter review in England; and

DHCW will strengthen digital leadership within the wider NHS system through its board and its status as a Special Health Authority.

Health Boards and Trusts are strengthening digital representation at board level.

The A Healthier Wales Workforce Strategy published in 2020 and includes the development of a Digital ready workforce as one of its main themes led by Health Education Improvement Wales working alongside Social Care Wales.

Welsh Government is supporting the development of digital leaders through support for participation in the NHS Digital Academy and Digital Nurse

Completed

Pack Page 21

23/62 106/284

Fuller,Sophie

06/29/2021 12:39:32

2

(c) identify opportunities to strengthen the informatics voice at the most senior level in the Department for Health and Social Services, including reviewing whether and if so, how to strengthen the roles of the NHS Wales Chief Information Officer and Chief Clinical Informatics Officer in NHS Wales’ strategic decision-making process.”

Leaders. Welsh Government is also supporting the development of a Digital Skills Framework in partnership with a Welsh University, and is expecting to approve an NHS Wales Digital Intensive Learning Academy to start in 2021.

Recommendation 7. “…The Welsh Government should work with NWIS to improve the reporting of performance to tell a more balanced story of what is going well, where there are difficulties and why. Performance reporting should include information about progress against initial project plans, user satisfaction and concerns.”

Welsh Government has strengthened its governance and oversight of NWIS through several mechanisms including an NWIS Audit Committee, an Accountable Officer Letter, An approved IMTP, an escalation framework, and regular monthly monitoring meetings.

Once DHCW is established performance reporting arrangements will be consistent with those currently in place for HEIW and other NHS organisations.

Completed

Recommendation 8 – “…The Welsh Government should carry out a full cost-benefit analysis of the proposed investment, including the extent to which financial savings from new systems may enable funding to be redirected from existing services to invest in new informatics systems.

Welsh Government has committed significant increased investment through the DPIF for 20/21 and 21/22 financial years to support further digital priorities and the transformation pipeline.

Investment proposals are assessed and assured through regular governance processes including a Digital Scrutiny Panel for new proposals, a standard funding allocation letter for all programmes and projects, and SRO appointment letters for major programmes.

The DPIF is managed as a portfolio and has enabled an agile response to Covid-19 through 2020 including re-prioritization of resources. A cost-benefit analysis of Covid-19 and other strategic funding will be undertaken in due course, and will be informed by standard requirements included in funding letters on tracking realised benefits.

Completed

Recommendation 9 – “…The Welsh Government, working with NHS bodies and NWIS, should set out clear and agreed medium term funding plans for local and national ICT programmes. This should involve NHS bodies and NWIS working together before NHS bodies complete the first draft of their rolling three-year plans. It should also take

NWIS and NHS organisations are closely involved in the planning and the regular review of digital investment. Work to consolidate digital investment plans across NHS Wales through IMTPs now forms part of the IMTP planning cycle. This work has been delayed by Covid-19 response, which required a shift to quarterly planning in response to rapidly changing context.

The medium term strategic funding requirement is well understood but will need to respond to post-

Completed

Pack Page 22

24/62 107/284

Fuller,Sophie

06/29/2021 12:39:32

3

account of any future decision on funding required to deliver the strategy.

Covid-19 recovery challenges and opportunities through 2021-22 and beyond.

Recommendation 10 – “…NWIS and NHS bodies should work together to: (a) strengthen the relationship between developers and clinicians, particularly in designing and testing new systems and functions, so that there is a better collective understanding of what is wanted and what is possible; and (b) engage with managers to identify their information needs as well as the needs of clinicians.”

NWIS has worked closely with clinical users through national clinical groups and through direct engagement with users of existing systems and new programmes in development.

The new governance framework will strengthen clinical advice and assurance functions and provide transparency and accountability for user-led design of services and interfaces.

The new Chief Digital Officer for Health and Care, supported by the Chief Clinical Informatics Officer for Wales and Chief Technology Standards Officer for Wales will further strengthen governance and leadership in this area.

Completed

Recommendation 11 – “…The Welsh Government, NWIS and NHS bodies should work together to explore options to secure the experienced ICT staff and developers that NWIS needs within the context of a comprehensive workforce plan for NWIS and taking account of the ICT staff available to NHS bodies.”

A strategic workforce review which was due to be commissioned in 2020 has been delayed due to Covid-19 pressures.

The workforce review timetable has been revised to complete during 2021 and will allow it to take account of the A healthier Wales Workforce Strategy published at the end of 2020. The new CDO for Health and Care will also be in place to help shape the review as a professional lead, alongside an Organisational Change Programme being undertaken within the new Special Health Authority from April 2021.

By December

2021

Recommendation 12 – “…The Welsh Government, NHS bodies and NWIS should work together to ensure that: (a) there is a clear allocation of responsibility for achieving the benefits; and (b) there are clear responsibilities and processes in place for monitoring and reporting progress in delivering those benefits.”

Welsh Government has strengthened its governance and oversight of NWIS through several mechanisms including an NWIS Audit Committee, an Accountable Officer Letter, an approved IMTP, an escalation framework, and regular monthly monitoring meetings.

Investments supported through DPIF are assessed and assured through strengthened governance processes including a Digital Scrutiny Panel for new proposals, a standard funding allocation letter for all programmes and projects, and SRO appointment letters for major programmes. These arrangements include regular quarterly reporting and monitoring requirements for all activities, and additional engagement with major programmes.

Completed

Recommendation 13 – “…NWIS should review its process for managing change requests and where necessary make changes to: (a) provide clearer feedback to the service about how their requests have

NWIS have undertaken periodic reviews via the Change Advisory Boards (CAB's) on the backlog of changes to understand whether the change is still required or needs to be scheduled as part future releases for systems

Completed

Pack Page 23

25/62 108/284

Fuller,Sophie

06/29/2021 12:39:32

4

been dealt with and whether and when any changes can be expected; (b) remain open to minor changes that could have a significant impact in improving end users’ use and perception of the systems; and (c) provide clearer agendas and work programmes for the Change Advisory Boards to make them more focussed on enabling impactful improvements to systems.”

The NWIS CAB process depends on LHB members discussing change requirements with their users, which is a key requirement prior to formal submission to NWIS.

Users are able to monitor progress of all change requests via the minutes of the CAB meetings, and also via the Forward Schedule of Change both of which are accessible to all NHS Wales staff

2018 PAC Recommendations

PAC Recommendations Narrative Current Status

Recommendation 2 – “The Committee was also very concerned by the evidence we heard on system outages, infrastructure and resilience. Given recent evidence of further outages since we took evidence, we would like further assurance from Welsh Government that the systems are resilient. We recommend the Welsh Government set out a clear timetable for putting the digital infrastructure of NHS Wales on a stable footing.”

Welsh Government has prioritized DPIF funding in 2019-20 to upgrading infrastructure and devices and this has been continued as part of Covid-19 response.

There is a continuing programme of work planned through 2021-22 to replace legacy systems, to move national services from Blaenavon Data Centre to a new Tier 3 facility, and to increase network capacity and resilience across NHS Wales.

Completed

Recommendation 3 – “In the discussions on the use of Cloud computing and the impact of recent outages, it was deeply concerning that, when many consumer systems appear to have very robust performance and up-time, the NHS in Wales is struggling to run its own data centres with 21 outages in the first 6 months of 2018 – one outage every 9 days. The Committee recommends a review of the senior leadership capacity in terms of skillset and governance within both NWIS and the wider NHS Digital Team.”

There have been several changes to senior leadership roles in Welsh Government, NWIS, and NHS Wales since 2019. The establishment of DHCW from April 2021 will be a major change in leadership and governance.

The Centre for Digital Public Services is supporting a leadership development programme which will be offered to all NHS Wales boards during 2021.

Completed

Recommendation 4 – “NWIS is currently overstretched and improvement requires far more than simply pouring more money into the existing organisation, which is unlikely to achieve

DHCW is on track to be operational from 1 April 2021. The SHA Programme will support organisational changes within DHCW during its first year of operation and will ensure that these

Completed

Pack Page 24

26/62 109/284

Fuller,Sophie

06/29/2021 12:39:32

5

significantly different results. We recommend that any additional funding apportioned to NWIS needs to be tied to reorganisation to achieve the improvements that are required.”

are linked to new digital governance arrangements across NHS Wales.

Welsh Government is working closely with NHS digital leadership to strengthen delivery capacity and capability during 2021 to ensure that increased investment can be deployed effectively, alongside Covid-19 digital response activity, and existing systems and services.

Pack Page 25

27/62 110/284

Fuller,Sophie

06/29/2021 12:39:32

6

Annex B: Additional Digital Investment 2019/20 and 2020/21

£m

Digital services for TEC Programme & NHS Wales Video Consultations 3.9

public and patients Patient Reported Outcomes & DSPP Programme 1.3

Total, £m: 5.2

Transforming digital WCCIS Community Care System 6.4

services for Digital Labs (WLIMS 2016 & LINC) 4.5

professionals Remote Working - Teams and Office 365 Programme 4.2

CaNISC Cancer System 3.9

Digital Ward & Electronic Nursing Care Record Programme 3.7

Digital Eye Care Programme 2.4

Digital Prescribing & Medicines Management 2.2

Choose Pharmacy Programme 0.8

Total, £m: 28.1

Investing in data and National Data Resource Programme 8.3

intelligent information Digital Insights and AI Partnerships 1.9

Total, £m: 10.2

Modernising devices Infrastructure & Mobile Devices Investment 41.8

and infrastructure Data Centre Relocation Programme 2.4

Total, £m: 44.2

Cyber security NHS Wales Cyber Security Unit 0.4

Total, £m: 0.4

Cross-cutting Digital SHA Programme 1.0

investment Digital Communities Wales 2.6

Centre for Digital Public Services & Digital Leadership 0.4

Digital Health Ecosystem Wales & Industry Engagement 0.6

Total, £m: 4.6

Digital Priorities Investment Fund Total, £m: 92.6

Covid-19 Response Contact Tracing 4.3

Digital Programmes Vaccination 1.1

Covid-19 Response Digital Programmes Total, £m: 5.4

Total, £m: 98.0

Pack Page 26

28/62 111/284

Fuller,Sophie

06/29/2021 12:39:32

A Welsh Government Programme in partnership with NWIS and ADSS Cymru

System Gwybodaeth Gofal Cymunedol Cymru

(SGGCC)

Welsh Community Care Information System (WCCIS)

National Programme Plan

2020-2023

Version FINAL

Status: APPROVED

Authors: Kathy Mason/Karla Scott

Date: August 2020

Pack Page 27

29/62 112/284

Fuller,Sophie

06/29/2021 12:39:32

WCCIS – National Programme Plan 2020-23

Version: FINAL APPROVED Page 2 of 27 14/08/2020

DOCUMENT HISTORY

Revision History

Date Version Author(s) Revision Summary

24/02/2020 1.0 Kathy Mason First draft

09/03/2020 1.1 KM Revised draft

14/04/2020 1.2 KM Revised draft – including initial assessment COVID-19 impacts

07/05/2020 1.3, 1.4 KM/Karla Scott Revised drafts

15/05/2020 2.0 KM/KS Revised draft – aligned with updated NWIS IMTP

20/05/2020 3.0 KM/KS Draft for discussion at PDG

10/06/2020 3.1 KM Final draft for Leadership Board review

06/07/2020 3.2 KS Final draft incorporating LB feedback – Approved in principle by LB at meeting 10/07/2020, subject to Workstream &

Milestone updates

14/07/2020 4.0 KM Final draft aligned to workstream updates for LB final approval

20/7/2020 4.1 KM Minor amendment re strategic alignment with Social Care Digital Strategy p5

14/08/2020 FINAL Final approval confirmed at LB meeting 14/08/2020

Pack Page 28

30/62 113/284

Fuller,Sophie

06/29/2021 12:39:32



TABLE OF CONTENTS Background and context

Introduction ..................................................................................................................................... 4

Strategic Context ............................................................................................................................ 4

Vision, mission and benefits ............................................................................................................ 5

Objectives ....................................................................................................................................... 5

Scope ............................................................................................................................................. 6

Programme Structure ...................................................................................................................... 9

Governance .................................................................................................................................. 12

Risks and Issues ........................................................................................................................... 13

Programme reporting .................................................................................................................... 13

Progress to date

Leadership .................................................................................................................................... 14

Deployment to date ....................................................................................................................... 14

Stakeholder Engagement .............................................................................................................. 14

Regional Programmes .................................................................................................................. 15

Additional national funding support ............................................................................................... 15

Functional Delivery and Development Roadmap........................................................................... 15

Tech Refresh ................................................................................................................................ 15

Managing a complex landscape .................................................................................................... 16

Plans 2020 -23

Planning approach ........................................................................................................................ 17

High level milestones .................................................................................................................... 18

WCCIS COVID-19 Emergency Response ..................................................................................... 18

Priorities for the coming year......................................................................................................... 19

National Workstreams and Services ............................................................................................. 19

Workstream Plans ......................................................................................................................... 20

ANNEXES:

I Programme Milestones

Pack Page 29

31/62 114/284

Fuller,Sophie

06/29/2021 12:39:32



Background and context

Introduction

Welsh Government policy has for many years pursued a strategy of more integrated working

between Health and Social Care services, to support people to maintain independent

healthier lives in the community. The policy ambition is to provide high quality people

focused, local, integrated care: that is safe and effective; providing the right care at the right

time in the right place, from the right person. This requires underpinning digital information

solutions to support integration, sharing of information, and enable fundamental service

transformation.

In response, the WCCIS Programme is ambitious, and necessarily complex; bringing

together the core systems of a large number of organisations as a key enabler of

fundamental transformation in health and social care, in line with the government policy. It

is being implemented into a diverse landscape of cultural and organisational change in

health and social care across Wales. This strategic Programme is ground-breaking in the

UK and internationally; its timescales are long-term, requiring vision, tenacity and flexibility.

Strategic Context

Policy Drivers

The Strategic Drivers set out in the Programme Brief1 remain valid and have been further

strengthened by the publication of ‘A Healthier Wales’: long term plan for health and social

care, in June 2018, which specifically identifies WCCIS as the key digital enabler of the

policy. Setting out an action to, “accelerate progress towards a fully integrated national

digital architecture, the roll out of the Wales Community Care Information System, ……

alongside other nationally mandated services”.

Alignment with All Wales Health and Social Care Digital Strategy

NHS Wales has a national architecture which provides the platform, standards, governance

and architectural layers that enable the development and implementation of applications to

support front-line healthcare services.

The WCCIS Programme has, with its stakeholders, identified a set of interfaces required

with the NHS Wales national architecture.

The recent Review of the NHS Wales Architecture confirmed that overall the WCCIS

Programme is consistent and remains strategically aligned with the NHS Wales Digital

Strategy. How documents and other clinical information will be shared across systems in

1 WCCIS – Implementation: Programme Brief. First published August 2015; Reviewed and updated Feb 2017

Pack Page 30

32/62 115/284

Fuller,Sophie

06/29/2021 12:39:32



an open architecture model will be considered as part of the response to the Architecture

Review. The WCCIS requirements in this area will be taken forward within the wider context,

with WCCIS a good candidate for developing and testing the approach.

Work is also underway on a National Data Strategy for Social Care in Wales, the Information

Management Workstream of the WCCIS Programme is participating in the development of

this strategy and subsequent implementation work, as a key stakeholder.

Vision, mission and benefits

The overall vision of the programme was reiterated and confirmed at the WCCIS Awayday

on 28 January 2020, with stakeholders, Programme SROs and the Director General for

Health and Social Services and the NHS Wales Chief Executive, as follows:

“WCCIS is the key digital enabler of fundamental transformation in health and

social care, in line with government policy: Informed Health and Care; ‘Once

for Wales’; the Social Services and Well-being Act, and ‘A Healthier Wales’.

Connecting professionals to provide better joined up care”

This vision encapsulates a set of high-level system-wide benefits that will be enabled by

the digital capability, see Figure 1: Vision & Benefits, below. These will be increasingly

available as the Programme advances. Benefits are available to individual services and

organisations from implementing the digital system into existing ways of working, particularly

where these are still paper based. However, to fully realise the benefits available, system-

wide deployment of the digital capability by all organisations needs to underpin service

change and increasingly integrated working. The Programme provides national support and

coordination, working in partnership with the Regions to support benefits realisation across

localities, regions and ultimately All Wales.

Our mission is to implement a new, national IT system (WCCIS) as the key digital enabler

to Wales becoming the first country in the UK to have a single integrated community health

and social care record system for its citizens.

Objectives

As set out in the Business Case and the Programme Brief, high level objectives are as

follows:

To support community-based services to deliver more effective and efficient

services to citizens in their own homes.

To support emerging service models and service redesign - through provision of

supporting infrastructure, application and Information Governance models

Pack Page 31

33/62 116/284

Fuller,Sophie

06/29/2021 12:39:32



To support efficient technical development - through delivery of ‘Once for Wales’

principles and ‘national’ specifications, procurement and Technical design costs

reduced

To stimulate and accelerate the implementation of CCIS and secure take up by

participating organisations.

Scope

The scope of the Programme is to ensure delivery of the digital capability which has been

specified as required to enable local and regional service transformation in the form of

integrated health and care services; and to support and encourage its implementation

across Wales.

Delivery of digital capability

The joint health and social care procurement process concluded in 2015/16 providing an All-

Wales contractual framework which all 7 Health Boards and 22 Local Authorities in Wales

can use for delivering a fully managed Community Information Solution for community health

staff and social workers. The contract duration is 8 years from March 2015, with an option

to extend for up to a further 4 years. Legal and commercial advice is that it could be further

extended for 3 years after that.

The WCCIS is a full case management system, providing diary/clinic management, waiting

list management and bed management functionality.

Implementation across Wales is underway, as well as ongoing delivery of remaining

software functional requirements under the contract.

Services

The contracted managed service for a Community Information Solution from

Careworks/Advanced comprises a whole system solution for the support of Social Care,

Community Health including Nursing, Allied Health Professionals and Mental Health and

consists of a comprehensive range of services including hardware, software, training,

testing, implementation, maintenance, project management support and other associated

services.

Utilisation, business change and benefits realisation

The National Business Case outlined the system-wide benefits anticipated from adopting a

single national solution and Authorities taking advantage of the All Wales licence.

The responsibility for implementing and using the digital capability made available under the

Programme, and in delivering the transformation and benefits, rests with the Regions and

their constituent local organisations.

Pack Page 32

34/62 117/284

Fuller,Sophie

06/29/2021 12:39:32



The National Programme is responsible for stimulating and accelerating implementation;

working in partnership with Regions to ensure these responsibilities and objectives are

aligned and supported.

Pack Page 33

35/62 118/284

Fuller,Sophie

06/29/2021 12:39:32



Figure 1: Vison & Benefits

Pack P

age 34

36/62 119/284

Fuller,Sophie

06/29/2021 12:39:32



Information management and standards

A key element of a national approach is the requirement for shared information governance,

standards, infrastructure, security and confidentiality to ensure that data is accurate,

interoperable, consistent and accessible in real-time.

The Welsh Government is responsible for setting mandatory national data standards and

reporting requirements for the services covered by the WCCIS Programme.

The Programme is working in partnership with WG, NWIS and professional leads of the

services in scope to establish nationally consistent information and reporting standards,

which the Programme is then responsible for ensuring the WCCIS solution can support.

Costs

In 2015/16 Welsh Government provided a capital grant to fund: centralised hardware, PSBA

circuits and the All Wales software licence. Participating Authorities’ revenue and

implementation costs are the responsibility of the individual organisations.

Subsequently in 2019/20, as part of the Digital Priorities Investment Fund, Welsh

Government provided additional capital and revenue to support the Programme at national

level and to support a proportion of Health Boards’ revenue costs for up to three years.

Programme Structure

To enable achievement of the vision, benefits and objectives, the Programme has identified

a set of high-level enablers, within its scope as follows:

Ensure usability, quality & safety of digital functionality for all services in scope

Support effective deployment and utilisation for the solution, enabling business

change and benefits realisation

In partnership with Welsh Government, NWIS and National professional leads and

informatics services, lead and support development and implementation of

information and reporting standards

Ensure delivery, availability and performance of the contracted managed service and

future developments

To deliver these enablers the Programme is organised into a series of Workstreams and

National Services, see Figure 2: Programme Planning Structure, below.

It is unusual for a transformation programme to include elements of business as usual (BAU)

services. This arises from the fact that this is a long-term programme which spans the whole

digital system lifecycle; from procurement, through implementation, to live running; and

where individual organisations have autonomy in deciding when and how to deploy the

digital capability. To maintain national coordination across, ultimately twenty-nine

Pack Page 35

37/62 120/284

Fuller,Sophie

06/29/2021 12:39:32



organisations, spanning every stage of deployment, the Programme incorporates National

Services under its coordinating umbrella, alongside Programme Delivery Workstreams.

Pack Page 36

38/62 121/284

Fuller,Sophie

06/29/2021 12:39:32



Figure 2: Programme Planning Structure

Pack P

age 37

39/62 122/284

Fuller,Sophie

06/29/2021 12:39:32



Governance

To ensure appropriate and effective accountability, support responsibilities, and ensure

communication and engagement, an overarching joint Health and Social Care National

Governance Model is in place. This has been refined and updated during 2019/20 and the

latest Model is set out in a separate document2.

These governance arrangements reflect the fact that only through collaborative endeavours

can the Programme support delivery of the shared vision of digitally enabled transformation

in community health and social care for Wales and the benefits to its citizens.

The programme is funded and sponsored by Welsh Government and delivered in

conjunction with delivery partners:

NWIS - hosting national resources and funding and providing informatics expertise,

infrastructure, operations and service management support;

Regional WCCIS Programme Boards, in the context of their Regional Partnership

Boards.

In summary, the governance structure is as follows:

2 WCCIS Governance Model, May 2019.

Figure 3: Governance Structure - overview

Pack Page 38

40/62 123/284

Fuller,Sophie

06/29/2021 12:39:32



Risks and Issues

The PMO will maintain a risk and issue log at overall Programme level. This will comprise

the risks and issues logged by the National Boards and the PDG and escalated to them from

the constituent Workstreams and Services. The PMO log will also indicate where there has

been escalation to the Leadership Board or beyond. This log forms part of the regular

Programme reporting pack3.

Escalations from Regional Programmes will go to the PDG, who may refer them to another

National Board where appropriate.

Escalations regarding the live system and service from user organisations will go to the

SMB.

National Boards may in some cases escalate risks and issues to their external stakeholder

groups. This will be reflected in their log.

Programme reporting

Reflecting the complexity of the programme and the expanse and diversity of stakeholders

the Programme is required to report to a range of structures and forums. To ensure an

efficient and coordinated schedule of reporting a Programme Reporting Structure and

Format3 has been established to accompany the Governance Model. In line with this the

National PMO will prepare a set of regular reports for Welsh Government, Leadership Board

and other National Boards and using a set of reporting components across a reporting

matrix.

3 WCCIS - Programme Reporting Structure and Format 2020-21

Figure 5: Escalation routes

Pack Page 39

41/62 124/284

Fuller,Sophie

06/29/2021 12:39:32



Progress to date

Leadership

Since its inception, the Programme has benefited from senior and continuous leadership,

supported by a strong governance framework, based on best practice programme

management approaches. At key development stages of the Programme the Leadership

Board have taken stock of progress, learned lessons, and initiated steps to address

identified risk and issues. This has enabled the programme to be flexible and respond to

emerging challenges, to adjust and remain aligned with the evolving transformational

landscape made up of a high number of ‘moving parts’, diverse stakeholders, differing

priorities and a complex web of dependencies where progress is not uniform.

Deployment to date

At the end of 2019 – 20 the deployment status and pipeline are summarised as follows:

Stakeholder Engagement

The Awayday held in January 2020 sought to strengthen the links with the Regions. Bringing

the Regional and National teams to identify and enable discussion of next steps required to

establish formal structures for working together, sharing and aligning plans and priorities,

and ensuring available resources are effectively deployed to achieve the collective vision,

Pack Page 40

42/62 125/284

Fuller,Sophie

06/29/2021 12:39:32



aims and objectives. Following the Awayday the Programme Delivery Group has been

relaunched bringing national and regional leads together in a single forum.

Regional Programmes

Each Region is working on transformation of services and working towards increasing levels

of integration under the auspices of their Regional Partnership Boards. Most Regions now

have a focused WCCIS Programme, and the development of these has been supported by

further funding from the Integrated Care Funding for this and next financial years and there

has been measurable growth in maturity of some Regional Programmes over the past 12

months.

Additional national funding support

A funding bid to Welsh Government’s Digital Fund has been successful. This is will support

additional resources for the national delivery function. The deployment of these resources

will be overseen by the new PDG, with the aim of achieving maximum impact in achieving

the jointly agreed priorities.

In addition, this funding seeks to support an acceleration of deployments, particularly by

Health Boards. This provides funding over three years to support Health Boards with new

revenue streams arising from the implementation of digital systems to replace manual,

paper-based systems.

Functional Delivery and Development Roadmap

The Programme Commercial and Contract Management team, with support from

stakeholder representatives, negotiated a significant contract variation with the Supplier,

which was signed in November 2019. This addressed the issue of outstanding and delayed

functionality, removed some requirements that had proved to be commercially and

technically unfeasible, and included some additional functionality identified as key priorities

by stakeholders. This has been set out in a Functional Delivery Roadmap (FDR), against

which progress is now being tracked by all stakeholders and is supporting the Commercial

and Contract Management team to hold the Supplier to account.

Tech Refresh

Building on this, the next step is to agree the future roadmap of the solution and its hosting

platform. Under the MSA, there is the requirement for a refresh of the hardware in Year 6,

March 2021. This was factored into the approved Full Business Case and the Programme

Plan has anticipated the requirement to fund the capital costs. Participating Authorities are

also aware of this requirement and their obligation to contribute to these costs, as part of

their signing Deployment Orders.

Pack Page 41

43/62 126/284

Fuller,Sophie

06/29/2021 12:39:32



Alongside the hardware refresh required under the contract, to be in place by in March 2021;

the Supplier, Careworks Ltd, has confirmed that the underlying platform Microsoft Dynamics

2011 would be out of support by July 2021. Discussions have been underway with the

Supplier for some time regarding the identification of options and delivery of a set of

proposals for decision by the Programme

These discussions are in the context of technology that has moved on since the contract

was first signed, digital strategies have been updated; thus, replacing the hardware ‘like for

like’ (Do Minimum option) may not be the best vfm option. Options need to encompass the

potential to move the solution to Cloud hosting, alignment with Wales’ strategic plans in

respect of Microsoft more widely, and the potential to migrate to a next generation version

(known as CareDirector Version 6) of the system.

Since the acquisition of Careworks by Advanced, the Programme has worked with them to

expedite these proposals. Reaching agreement and enacting them is a priority for the

Programme in 2020/21,

Managing a complex landscape

Inevitably with a Programme of this size, timetable and complexity, challenges continue to

arise. The strengthened governance, now largely in place will be key to enabling the

Programme to anticipate and respond; ensuring that impacts are understood and required

changes are dealt with in a controlled and managed way; ensuring the vision remains valid

and aligned with national policy and regional priorities; that the business case is still relevant

and that benefits are optimised.

Transformational landscape with lots of

‘moving parts’

Need to be constantly aligning

national/regional/local plans and priorities

Pack Page 42

44/62 127/284

Fuller,Sophie

06/29/2021 12:39:32



Plans for 2020 – 2023

The current planning cycle is aligned with the Digital Priorities Investment Funding (DPIF),

the Integrated Care Fund (ICF) and with the planning horizon of key delivery partner, NWIS;

which overall, cover the three years from April 2020 to March 2023.

In this timeframe it is the aim that all Authorities will have signed Deployment Orders and

that implementation activities will be reducing, if not completed, and that the Delivery

Programme will be handing over to ongoing operational business as usual and service

management at a national level. Ongoing national activities are also anticipated, to support

and coordinate benefits realisation and sharing business change knowledge and best

practice across the Regional Programmes.

This three-year cycle sits within the twelve-year contractual framework, which comprises an

initial eight-year timeframe from March 2015 to 2023, with a four-year extension phase, until

2027. Commercial advice has also confirmed that a further three years would potentially be

available under current procurement regulation.

Planning approach

To achieve its vision, aims and objectives, the National Programme requires a collaborative

and consultative approach by all parties to manage the alignment of priorities, dependencies

and risks and optimise the outcomes and ultimate benefits across the system. Maintaining

a workable and optimal balance across these elements requires collaboration and

sometimes a willingness to accept some compromises in one area in order to achieve the

overall vision and aims and the benefits across the All Wales health and social care system.

The planning approaches adopted need to support a developmental, iterative, learning

process; to identify and respond to challenge, change, and shifting priorities quickly; assess

their impact across the Programme and ensure that the optimum balance is maintained.

To support a structured approach to managing this complexity, the Programme utilises the

tools and approaches of the Managing Successful Programmes (MSP®) methodology the

best practice public sector programme management approach. In line with this the National

Programme is organised into a series of Workstreams and National Services which are

overseen by the National Boards and the Programme Delivery Group (see Figure 3:

Governance Structure – overview, above).

Workstream plans, reflecting the need to be flexible, are developed on a quarterly cycle.

Dependencies and co-production across Workstreams required to deliver Programme

Milestones and Key Deliverables are managed using ‘Tranches’. To support communication

and monitoring of the Workstreams the PMO will support Workstreams using the TIP

methodology.

Pack Page 43

45/62 128/284

Fuller,Sophie

06/29/2021 12:39:32



In certain of the workstreams some of the deliverables are themselves detailed plans, e.g.

in the Functional Delivery Workstream, a key deliverable would be the development, testing

and implementation plan for a specific release of the software. These types of plans will

form a key dependency for the participating organisations as part of their detailed local

planning and management.

High level milestones

The Programme Milestones are set in the context of each of the Key Enablers and are

included in Annex I. They seek to ensure achievement of the overall aims and objectives

of the programme. Each year, or more frequently if required, they will be updated taking

account of progress to date and priorities agreed with the stakeholders via the governance

arrangements.

WCCIS COVID-19 Emergency Response

In week commencing 16 March 2020 an initial assessment of the anticipated impact of the

National Emergency was undertaken and a WCCIS Programme COVID-19 Emergency

Response was prepared and approved by SROs on 20/3/2020. This identified the following

priorities for resources and activities:

Priority 1: Business continuity of live service - Ensuring that the live service remains

available

Communications - Ensuring fast and effective lines of communication and

escalation are in place and working across all stakeholder individuals,

organisations and groups

Priority 2: Fast tracking - Identifying and expediting the development and roll out of

additional functionality or additional ways of using the system that could help

the emergency

Priority 3: Impact assessment and management of delays to the development and

deployment across the programme - This includes service delivery,

commercial and contractual, resourcing etc.

A Bronze Community COVID-19 Response Group was established, reporting jointly into the

NWIS Gold Command structure and the Leadership Board. This group included

representation from all Regions and all live WCCIS sites, it has met, alongside BAU

Programme Boards and Groups, since March, to ensure the above priorities were being

addressed. The Bronze Group was formally stood down at the end of June and any

outstanding activities and escalations were formally transferred back to BAU governance

arrangements.

Pack Page 44

46/62 129/284

Fuller,Sophie

06/29/2021 12:39:32



There has been impact on the draft Programme Plan, as it was originally set out in March

2020. The March version of the Plan was not formally approved by the Programme

Leadership Board as Board agendas were adjusted to prioritise the COVID-19 response.

This final version of the Programme Plan has been revised since March to take account of

the known and anticipated impacts of COVID-19.

Priorities for 2020/21

Key priorities for the coming year, adjusted for COVID-19 impact, include:

Working in partnership with WG and NWIS to establish the Community Information

Management Board structure and constituent Information Development Boards,

supporting proactive national coordination of information management and data

standards and developing national reporting standards across all service areas;

which the Programme is then responsible for ensuring the CareDirector system can

support.

Formal options appraisal for the required Technical Refresh and Business

Justification Case for any additional funding requirements to implement the

recommended option. Subsequently, conclude commercial and technical

agreements with the Supplier for the agreed technical refresh, and confirm the

development roadmap for the product and service to the end of the contract period.

Assessing the impact on the current FDR and deployment pipeline arising from the

technical refresh and agree an updated set of plans with the Regions and

Participating Authorities. This needs to take account of the impact of delays to

delivery, exacerbated by COVID-19, against the contracted FDR timetable

Ongoing assessment and management of COVID-19 impacts in order to maintain

progress of national programme deliverables, and monitor and support regional and

local deployment plans .

Assessing and responding to recommendations from the Audit Wales Review,

expected to be published in September 2020; revising priorities and workstream

plans for Q4 and beyond, as required.

Agree and implement developments to national service and operational management

to oversee BAU and ongoing improvements to performance and service delivery.

National Workstreams and Services

Following the Governance review and restructure in 2019, the Programme organisational

structure has been reviewed and the revised structure is set out in Figure 4: Programme

Workstreams and National Services, below.

Pack Page 45

47/62 130/284

Fuller,Sophie

06/29/2021 12:39:32



The National Workstreams and Services are overseen and managed by the National

Programme Management Boards and the Delivery Group (see Figure 3: Governance

Structure – overview, above) in line with their Terms of Reference. Each Workstream has

a Workstream Lead, who is accountable to the appropriate National Board or the PDG. Each

Workstream also has a Regional ‘buddy’ assigned to promote closer working between the

National and Regional teams.

The Programme Delivery Workstreams, including the Information Management

Workstreams are set out as part of this Programme Plan, these include:

PMO

Functional Delivery Support

Integration

Implementation Support

Information Management

National Services are overseen by the WCCIS Service Management Board (SMB) in line

with their Operating Models, as they are agreed by the SMB, these include:

Operations – providing national configuration, design, standards and assurance;

managing changes and new releases to the software in line with agreed processes;

coordinating incident and problem management between the managed service and

national infrastructure; and coordinating integration support and management with

the NHS national architecture.

Service management – providing national coordination and support of the service

management of the live solution and new releases

Commercial and Contract Management function - This comprises professional and

financial management support from NWIS, available as provided to the wider NWIS

portfolio. It supports delivery of the requirements under the contract, managing the

MSA on behalf of Bridgend CBC and participating Authorities; providing commercial

expertise and guidance to the Programme, and coordinating across the commercial,

financial and contract framework; and assuring participating Authorities’ Deployment

Orders

Workstream Plans

Each Workstream has its own set of deliverables that feed into the overarching delivery and

Programme Milestones set out in Annex I.

Pack Page 46

48/62 131/284

Fuller,Sophie

06/29/2021 12:39:32



A number of the Programme Milestones which depend on input, resources and collaboration

with delivery partner NWIS have been included in the NWIS 2020 – 23 Integrated Medium-

Term Plan (IMTP). These are highlighted in Annex I.

Each Delivery Workstream maintains an overall Workstream Plan, Quarterly TIPs, and a

Risk and Issues Log. In some cases, key deliverables within Workstreams are themselves

detailed plans, e.g. the implementation and testing plans for software and integration

releases.

Skills and resources within the Workstreams deliver agreed outputs to contribute to the

delivery of individual Projects and Tranches that make up the overall Programme.

Since March, the following COVID-19 related impacts, reflected in the milestone plans in

Annex I, are of note:

Prior to the COVID-19 situation progress was being made in recovering the delays to

delivery and implementation of the FDR, however, the COVID situation crystallised

and added to existing delays as at March 2020. The acceptance testing and

implementation of software release r5/2/13 was directly affected; however, the

release successfully went live on 13 July 2020. The piloting of the Mobile App v1.3

was stalled, due to frontline staff capacity, this is now being re-planned.

Delivery milestone acceptance and commencement of testing of r5/2/15 and the

accompanying Mobile App v1.4, is also affected, with commencement of testing now

delayed against original plans. With anticipated continuing limitations on staff,

increased risk levels have been logged against the anticipated timelines for testing to

complete and for acceptance into production/live. Mitigation and a review of the plans

are underway.

The delays in the FDR, which should have fully completed by Q4 this year, is now

impacting the planning and timelines for the future roadmap and tech refresh, which

has some ‘hard stop’ deadlines in the critical path. This will increase the complexity

and risk profile of the options for the tech refresh, this is noted and included in the

current and planned work in this area.

Pack Page 47

49/62 132/284

Fuller,Sophie

06/29/2021 12:39:32



Figure 4: Programme Workstreams and National Services

Pack P

age 48

50/62 133/284

Fuller,Sophie

06/29/2021 12:39:32



ANNEX I – High level milestones and key deliverables

Key to Milestone Tables

Programme Milestone – (In Bold if included in NWIS IMTP)

Programme Milestone TBC

COVID-19 impact = delay

COVID-19 impact = acceleration

C-19

Delay

C-19

Pack P

age 49

51/62 134/284

Fuller,Sophie

06/29/2021 12:39:32



KEY ENABLER: Ensure usability, quality & safety of digital functionality for all services in scope

Responsible Board: PDG

Workstream(s): Functional Delivery/Integration/Commercial & Contract Management/Operations/Implementation Support

2020/21 2021/22 2022/23

Q1 Q2 Q3 Q4

Improved processes and ways of

working with Supplier agreed

Improved processes and

ways of working with

Supplier fully implemented

Approved FDR

recovery plan – post

COVID

5/2/13 Milestone 2 – Product Available

5/2/13 Milestone 3 – Stable Operations

MPI – Product Available

(PDQ/PIX/Inbound)

5.2.15 & Mobile App Integrate v1.4 –

available for testing

Confirm scope of 5/3 5/3.1

Mobile App Integrate v1.3 Available

for Pilot

5/2/15 & Interfaces & Mobile

App Integrate v1.4 Milestone

2 – Product Available

Validated Use Cases 5/3 5/3.1 (core &

integrations) & identify funding for

enhancements

5/2/15 & Interfaces & Mobile App

Integrate v1.4 Milestone 3 – Deployed

and SO achieved)

Updated Functional Delivery &

Development Roadmap, post COVID

agreed with Supplier and Stakeholders

Approved Business Case and

funding identified for tech

refresh

Tech Refresh decision re: HW Refresh

reqs by 31/3/21 implemented

Update FDR & SW implementation

plans in line with Tech Refresh

decision

Implementation of Tech Refresh

decision

Pack P

age 50

52/62 135/284

Fuller,Sophie

06/29/2021 12:39:32



KEY ENABLER: Support deployment, utilisation, business change and benefits realisation

Responsible Board: PDG Workstream(s): Implementation support/Commercial & Contract management

2020/21 2021/22 2022/23

Q1 Q2 Q3 Q4

Deployment pipeline

reporting, process to

maintain oversight and

publish updates agreed

with Regional Programmes

16 LAs & 4 HBs DO signed

15 LAs & 3 HBs Live


17 LAs & 4 HBs Live


18 LAs & 7 HBs live

Benefits Framework

published

First tranche Benefits data

published in 2020/21

Annual Report – Q1

Approved Business Case

and funding BAU ongoing

support function

(regional/national)

Implementation of Tech

Refresh decision

Training, guidance, DM

support

Implementation of Tech Refresh decision

Pack P

age 51

53/62 136/284

Fuller,Sophie

06/29/2021 12:39:32



KEY ENABLER: In partnership, lead and support development and implementation of information and

reporting standards

Responsible Board: IMB Workstream(s): Information Management

2020/21 2021/22 2022/23

Q1 Q2 Q3 Q4

Fast tracked reporting

requirements for COVID-

19

National information

standards - reporting

requirements (perf

improvement/rehab

services)



requirements – SC proof

concept

Safeguarding

standardisation



requirements – Full MH

suite

National Info Development

Boards in place

Management & processes

to address/prevent

duplicate records in place


and funding for BAU

national standards function

(within NWIS successor

org)

Pack P

age 52

54/62 137/284

Fuller,Sophie

06/29/2021 12:39:32


KEY ENABLER: Ensure availability and performance of the contracted service

Responsible Board: SMB Workstream(s): Service Management/Operations/Commercial

2020/21 2021/22 2022/23

Q1 Q2 Q3 Q4



Supplier agreed



Supplier fully implemented

Proposals for national

support model agreed &

Business Case for

additional funding

requirements approved


and funding for BAU

ongoing national service

management & operations

function (within NWIS

successor org)

User Group established

Pack P

age 53

55/62 138/284

Fuller,Sophie

06/29/2021 12:39:32

Cyfarwyddwr Cyffredinol Iechyd a Gwasanaethau Cymdeithasol/ Prif Weithredwr GIG Cymru Grŵp Iechyd a Gwasanaethau Cymdeithasol Director General Health and Social Services/ NHS Wales Chief Executive Health and Social Services Group

Parc Cathays ● Cathays Park

Caerdydd ● Cardiff CF10 3NQ

Ffôn ● Tel 0300 025 1182 [email protected]

Gwefan ● website: www.wales.gov.uk

Nick Ramsay MS

Chair of the Public Accounts Committee

Cardiff Bay

CF99 1NA

Our Ref: AG/RP

12 February 2021

Dear Mr Ramsay

Update on progress against recommendations made in Public Accounts Committee

and Wales Audit Office reports on Out of Hours Services

Thank you for your letter of 29 September, noting our response, of 28 August, updating the Committee on progress in delivering the recommendations of its July 2020 Report into Out of Hours Services. You requested a further update by 12 February 2021 on progress made against these recommendations. Previously you have also asked us to provide you with an update on the Audit Wales (WAO at that time) recommendations made in their Out of Hours report published in July 2018. Please accept my apologies for the delay in providing you with this update. In August 2020 we noted that a great deal of progress has been made against the recommendations of both reports and we provided a comprehensive update document, unfortunately given the need to support the Covid-19 response we have been unable to refresh the update to reflect more recent progress and the changing context. However I have provided a general update on progress and a reflection on the changing context as part of this letter. You should also be aware that Officials have had discussions with Audit Wales relating to the progress highlighted in the update and the process for agreeing that recommendations have been delivered. Unfortunately these discussions have been interrupted by the pandemic.

Pack Page 61

Agenda Item 2b

56/62 139/284

Fuller,Sophie

06/29/2021 12:39:32

file:///C:/Documents%20and%20Settings/Thomast2/Local%20Settings/Temporary%20Internet%20Files/OLK1/www.wales.gov.uk

The broader context and landscape relating to urgent primary care has changed significantly over the last 12 months. As you will be aware Covid-19 has had a profound impact on the NHS. In terms of OoHs/111: demand has fluctuated as patient behaviours change; there have often been more clinicians available to the Out of Hours and 111 service; 111 has become a more recognisable brand as a result of its use during the pandemic being available across Wales for Covid-19 related calls; and the full service is now available in 5 of the 7 health boards (Cwm Taf Morgannwg successfully launched the 111 service in October 2020). Covid-19 has also seen a much greater emphasis on care closer to home both by the NHS and patients. Emergency Departments (EDs) are no longer seen as the easiest, or best, point of access for the public with urgent care needs. In this context, over the pandemic period the CAV 24/7 contact first model has been introduced in Cardiff, with a similar model now operating in Anuerin Bevan and implementations planned in other health boards over the next few months. In these models, patients are asked to phone first before attending ED. They receive an initial triage from a call handler and if required will then be passed onto a clinician who will undertake a further triage. Following this the clinician will then make a decision on the best point of care for the patient, often this is back to primary or community care services, but if this is ED then the patients are booked in at a time of less demand. At the same time and partly to support the phone/contact first approach, Urgent Primary Care Centre pathfinders are now operating in 5 health boards, these seek to provide a ‘setting’ where patients with an urgent primary care need can be seen by Primary Care clinicians in a timely manner both in and out of hours. The implementation of the NHS 111 Website including the on-line symptom checker has had a significant impact with the site having over 1.6m hits in March 2020 alone. At the same time a range of other digital services for clinicians and the public has made a significant difference and increased NHS resilience throughout the COVID period. We continue to review how the service can support wider urgent care whilst we also implement the new 111 IT system, SALUS. Despite delays caused by Covid-19 I anticipate this being in place in Quarter 3 next year. These developments are examining different approaches and testing various models the aim is to produce a consistent, integrated and accessible framework for 24/7 urgent primary care. 111 will be the point of access for this integrated model. In summary, the COVID-19 pandemic of 2020 has had a profound effect upon the delivery of NHS services and the behaviour of the general public in the way they choose to access healthcare. We have seen rapid developments in operational delivery within the NHS in order to ensure patients who are COVID positive receive the treatment they need and at the same time protect those who are most at risk. This provides a blueprint for the future, the ‘lockdowns’ aimed at controlling the spread of COVID-19 saw a sharp reduction in attendance at Emergency Departments (EDs), and a large increase in the amount of calls to the NHS 111 service and use of the COVID-19 online symptom checker. 111 services continue to operate above pre-COVID levels, while attendances at ED returned to a more ‘usual’ level between wave one and two, they have again reduced compared to the pre-COVID situation. In light of the changes described above, the 111 Programme Team and Urgent Primary Care group within the Primary Care Strategic Programme are working closely together to review the future strategy and implementation over the next few years. This is aimed at Pack Page 62

57/62 140/284

Fuller,Sophie

06/29/2021 12:39:32

providing a consistent 24/7 urgent primary care offering rather than one that is defined by the time of the day, or day of the week. I hope you find this update helpful. Yours sincerely

Dr Andrew Goodall Director General/ Chief Executive NHS Wales

Pack Page 63

58/62 141/284

Fuller,Sophie

06/29/2021 12:39:32

Document is Restricted

Pack Page 64

Agenda Item 3 By virtue of paragraph(s) vi of Standing Order 17.42

59/62 142/284

Fuller,Sophie

06/29/2021 12:39:32

Document is Restricted

Pack Page 71

Agenda Item 6By virtue of paragraph(s) vi of Standing Order 17.42

60/62 143/284

Fuller,Sophie

06/29/2021 12:39:32

1

WRITTEN STATEMENT BY

THE WELSH GOVERNMENT

TITLE Shaping Wales’ Future: Delivering National Well-being Milestones and National Well-being Indicators and a report on Wales’ future.

DATE 19 February 2020

BY Jane Hutt MS, Deputy Minister and Chief Whip The past year has been an unprecedented period of uncertainty and challenge, one which has impacted every aspect of our lives. Although the challenge of the pandemic remains it is important we begin to lay the foundations for a sustainable future. In particular, it remains crucial for us to continue to take an evidence based and long-term approach to leading Wales out of the pandemic. Key to shaping Wales’ future is how we measure Wales’ progress through our National well-being Indicators, shape the future direction through the setting of National Milestones, and understand what might shape Wales’ future through a Future Trends Report for Wales. We consulted on the development of the National Milestones and some changes to the National Indicators in 2019. Since then as well as responding to the coronavirus pandemic we have faced a number of other extraordinary challenges with profound implications for Wales, including addressing the climate emergency, tackling systemic inequality and preparing for Wales’ changed place in the world after Brexit. We recognise that each of these challenges has fundamental implications for the future of Wales and understanding their impact has been vital in developing our approach. The pandemic in particular has disrupted our ability to collect some of the data we rely upon to measure progress towards some of our Indicators and has caused some delays to the planned work on the revision of some Indicators and development of Milestones following the consultation. Although we continue to face sustained challenges, we are now in a position to start work on the Future Trends Report, restart the important work on the development of National Milestones for Wales and make some small changes to the National Indicators. Taken together they will play an important supporting role in providing direction for Wales in the future as we move towards reconstruction and recovery.

Pack Page 156

61/62 144/284

Fuller,Sophie

06/29/2021 12:39:32

2

To reaffirm our commitment, we have published a roadmap for 2021 setting an accelerated timescale for delivery given the urgent challenges we face and the progress we have made since the consultation. As well as setting National Milestones and making changes to the National Indicators, this plan also outlines the development of the Future Trends Report which will provide a valuable source of information on the trends likely to shape Wales’ future, and support the work of public bodies and Public Services Boards. The activity set out in this plan has implications for public bodies and Public Services Boards and there will be an opportunity for these organisations and wider stakeholders to be engaged in the activity we plan to deliver this year. Although the continued pressures we face may continue to impact on what we can deliver, I am pleased to publish this plan, the next step in our commitment to accelerate the embedding of the Well-being of Future Generations approach across our work and across Wales. To support this national implementation I have established a cross sector stakeholder advisory forum. The forum will gather stakeholder perspectives on key issues, opportunities and barriers to the implementation of the WFG Act; share innovative practice; and, provide a mechanism for discussion between Government and stakeholders on key matters relating to further implementation of the WFG Act.

Pack Page 157

62/62 145/284

Fuller,Sophie

06/29/2021 12:39:32

https://gov.wales/future-trends-national-indicators-and-national-milestones-consolidated-plan-for-2021



Agenda Item

4.1





N/A


Prepared By Sophie Fuller, Corporate Governance and Assurance Manager

Presented By Chris Darling, Board Secretary


Recommendation

The Committee is being asked to:NOTE the contents of the updated milestone plan.

DIGITAL HEALTH AND CARE WALESRISK MANAGEMENT AND BOARD ASSURANCE

FRAMEWORK UPDATE REPORT

1/4 146/284

Fuller,Sophie

06/29/2021 12:39:32

of 4 Author: Sophie Fuller

Approver: Chris DarlingINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

BAF Board Assurance Framework SHA Special Health AuthorityDHCW Digital Health and Care Wales


1.1 The Digital Health and Care Wales Special Health Authority Board approved the risk management and board assurance strategy on the 27th May, following endorsement from the Audit and Assurance Committee on the 11th May.


2.1 Following approval of the risk management and board assurance strategy work has commenced to implement the strategy, with the DHCW risk management group playing a central role in ensuring the strategy is widely shared, understood and implemented.

2.2 Progress has also been made with regard to the risk management and BAF milestone plan (included as Appendix A, item 4.1i). An initial facilitated training session with the full Board is planned for the 1st July Board Development session, subsequent sessions have been booked with the members of the Management Board (officer members) for the 22nd July 1:30pm – 4pm and 9th August 2pm – 5pm to explore and articulate the DHCW principle risks. There will be a follow up session with all Board members on the 2nd September to review principle risks and discuss and agree the DHCW risk appetite as part of the Board Development Session.


3.1 The risk management and BAF milestone plan has been updated to reflect confirmed dates and progress on activity to date.

4 RECOMMENDATIONThe Committee is being asked to:NOTE the contents of the updated milestone plan.

5 IMPACT ASSESSMENT


2/4 147/284

Fuller,Sophie

06/29/2021 12:39:32






If more than one standard applies, please list below:All standards have a requirement to manage risk.






APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEAudit and Assurance Committee 11th May Endorsed (Risk and BAF Strategy)Digital Governance and Safety Committee 12th May Endorsed (Risk and BAF Strategy)SHA Board 27th May Approved (Risk and BAF Strategy)Risk Management Group 1 June Discussed the Risk and BAF Strategy

and its implementation

IMPACT ASSESSMENT



Yes, please see detail belowLEGAL IMPLICATIONS/IMPACT Should rigorous risk management practices not be in place,

there could be legal implications for the organisation.



Should rigorous risk management practices not be in place, there could be financial implications for the organisation.

Yes, please see detail belowWORKFORCE IMPLICATION/IMPACT The strategy outlines new ways of working for the workforce.

3/4 148/284

Fuller,Sophie

06/29/2021 12:39:32





4/4 149/284

Fuller,Sophie

06/29/2021 12:39:32


4.1i APPENDIX A RISK MANAGEMENT & BAF MILESTONE PLAN

TASK TIMELINE STATUS UPDATE1. Develop Risk Management and Board Assurance Framework Strategy, to be

considered via the Risk Management Group, Audit and Assurance Committee, Management Board, DHCW Board.

May 2021

Approved at Special Health Authority Board on 27th May 2021.

2. Write and ask that new risks are articulated with; IF (this happens - cause) THEN (event) RESULTING IN (impact will be – effect). Ask that high risks and those on the corporate risk register are re-worded to use: IF, THEN, RESULTING IN.

May – July 2021 This approach has been discussed at the risk management group on the 1st June. The Corporate Risk Register will now be re-written using this approach.

3. Arrange time on the Risk Group agenda to: Review the draft Risk Management and BAF Strategy Discuss/confirm proposed process to include triggers and hierarchy, how

risks get into the corporate risk register and Principal risks onto the BAF (informed by the Annual Plan/IMTP)

The role of Management Board in owning the corporate risk register and initial identification of principle risks.

The role of the DHCW Board in overseeing the Principal risks and BAR Review risk scores on risk registers Consider how DHCW risks with potential impact on the wider health and

care system are best communicated to partners

May – July 2021 The detail of the Risk and Board Assurance Framework Strategy was discussed at the risk management group on the 1st June.The risk narrative and scores were reviewed, and suggestions made at the risk management group on the 1st June for the owners of the risk to review and update where necessary.

4. Board Risk Management and Board Assurance Training Provided. Amberwing to provide the training.

NB: DHCW Annual Plan to include Strategic Objectives to be reviewed/discussed at the Board Development Session on 01.07.2021

1 July 2021 Session booked 1st July 9am – 11am

5. The identification of principle risks to the organisation are considered at the Management Board (and the DHCW Risk Group) in June 2021. Facilitated by Amberwing.

22 July 2021 & 9 August Facilitated sessions booked with Management Board colleagues.

6. Assurance and controls mapping exercise undertaken by Directorates based on the principle risks identified and agreed.

22 July – end of August 2021

Sessions are now booked in for:22nd July 1:30pm – 4pm, 9th August 2pm – 5pm. Further consideration and work on controls mapping can take place after these sessions.

7. Risk Management training to be provided to relevant DHCW staff / Directorates to cover (building on training provided to Board members): The basics of risk management The process for escalating risk The triggers for escalating risk How risk will be discussed and reviewed at the Management Board

8. The DHCW risk appetite and what this means for the organisation.

August 2021 – November 2021

9. Board Development session to consider and agree the DHCW Board risk appetite. Facilitated by Amberwing.

2 September 2021 Facilitated session booked for 2nd September to discuss, agree and articulate DHCW’s risk appetite.

10. Principle risks presented to DHCW Board at the September Board meeting, and first draft Board Assurance Report.

30 September 2021

11. DHCW risk appetite statement to be presented to Board in September 2021 if ready, if not to go to the November Board.

30 September 2021

DHCW

App

roac

h to

Ris

k M

anag

emen

t and

Boa

rd A

ssur

ance

Fra

mew

ork

12. Board Assurance Report to Board to be updated to include DHCW risk appetite statement, and statement to be added to Risk Management and BAF Strategy.

25 November 2021

1/2 150/284

Fuller,Sophie

06/29/2021 12:39:32

4.1i APPENDIX A RISK MANAGEMENT & BAF MILESTONE PLAN

13. DHCW objectives agreed via the IMTP process for 2022/23 – 2024/25. March 2022

14. Principle risks considered and agreed against the DHCW plan for 2022/23 March – May 2022 Included in the Annual Cycle of Business for the SHA Board.

15.

2/2 151/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.2





N/A





Recommendation

The Committee is being asked to:Note this report.

DIGITAL HEALTH AND CARE WALESDHCW CORPORATE RISK REGISTER

1/4 152/284

Fuller,Sophie

06/29/2021 12:39:32

of 4

INTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

A&A Audit and Assurance DHCW Digital Governance and Safety


1.1 Audit & Assurance Committee will, at each meeting, review the Corporate Risk Register. The Corporate Risk Register is also reviewed every month by the Risk Management Group and the Management Board.

1.2 Responsibility for risk management is transferring from the Director of Finance to the Board Secretary, effective from the 1st July 2021.


2.1 The Committee are asked to review all Corporate Risks and note existing and proposed mitigation action in place. They are asked to consider scoring and make recommendations for consideration should this be required.


3.1 There were 16 corporate risks presented to the last Audit and Assurance Committee. Since then, three risks have been removed:

DHCW0252 Medical Devices – this is now being managed at Directorate level in line with guidance as it is issued

DHCW0262 Biztalk – reviewed as part of a review of all Cancer Informatics Programme risks and now included in actions managed under DHCW0204, the overarching Canisc risk

DHCW0236 Accessible Lift at Ty Glan-yr-Afon – risk now closed as lift is now in working order

3.2 Two new risks have been added since the last Committee meeting:

DHCW0268 Data Centre Migration delay DHCW0269 Switching Service replacement

2/4 153/284

Fuller,Sophie

06/29/2021 12:39:32

of 4


3.3 There are now 15 corporate risks on the public Corporate Risk Register.

3.4 The Risk Management function is being handed over to the Corporate Governance Team on 1 July 2021.

3.5 The Risk Management Group continues to meet monthly and all corporate risks are subject to review at monthly Management Board meetings.

4 RECOMMENDATIONThe Committee is being asked to note this report.

5 IMPACT ASSESSMENT








No, (detail included below as to reasoning) Outcome:Statement: The Corporate Risk Register does not require an EQIA.




3/4 154/284

Fuller,Sophie

06/29/2021 12:39:32

of 4


IMPACT ASSESSMENT

Yes, please see detail belowQUALITY AND SAFETY IMPLICATIONS/IMPACT Risk Management is essential for good governance which

contributes to the quality and safety of services.

Yes, please see detail belowLEGAL IMPLICATIONS/IMPACT Some risks can be associated with legislative requirements

Yes, please see detail belowFINANCIAL IMPLICATION/IMPACT Some risks have a financial element associated with them.





4/4 155/284

Fuller,Sophie

06/29/2021 12:39:32

Item 4.2i DHCW Corporate Risk Register – May 2021

DomainRisk Ref

Risk DescriptionRisk level

(Initial)

Risk level

(Current)

Risk level (Target) Action Status

Last Reviewed

Next Review Risk Owner

DHCW0207 Document Management Strategy

IF DHCW do not update their Document Management Strategy in light of the adoption and roll-out of Microsoft 0365 THEN their processes may not be the most effective they can be

RESULTING IN sub-optimal use of resources.

12 12 4Third party company commissioned to undertake a

review of Document Management and provide roadmap. Report received and reviewed. Workshops

to be held in July 2021. Implementation plan for iPassport.

17/06/21 06/07/2021 Director of Finance & Business Assurance

DHCW0208 Welsh Language Compliance

IF DHCW are unable to comply with Welsh Language Standards outlined in the Welsh Language Scheme under development THEN they would not be compliant with national legislation

applicable to other public bodies RESULTING IN potential disadvantage to Welsh speakers and the potential for

reputational damage

16 12 8 Welsh Language Scheme to be developed to support compliance with Standards (which will not be applied

to the new SHA at its outset)Corporate Apps team now progressing outstanding

work on Standards 4/5 (All Wales Language Preference System) and demo arranged with Welsh Language

Officers.

17/06/21 06/07/2021 Director of ICT

DHCW0259 Staff Vacancies

IF DHCW are unable to recruit to vacancies due to skills shortages and unavailability of suitable staff THEN this will

impact on service deliverables and timescales RESULTING IN delays to system support and new functionality for NHS Wales

users.

12 12 6A Recruitment Task and Finish Group has been

established to focus on all outstanding vacancies and put into action a plan to get staff into position. Extra

help has been identified to help speed up the administration of the recruitment process.

17/06/21 06/07/2021 Chief Operating Officer

DHCW0268 Data Centre Transition

IF the dates for the data centre physical transition need to moved from Quarter 2 into Quarter 3, THEN there may be a resource constraint in various teams RESULTING IN a risk of

failing to deliver some items in the annual plan and the risk of increased costs.

12 12 4

Project team to liaise closely with other DHCW teams to take a holistic view to re-planning and to minimise the risk of disruption to the plan and keep costs to a

minimum

17/06/21 06/07/2021 Director of ICT

Business & Organisational

DHCW0269 Switching Service

IF the current switching service fails THEN no data new will be acquired into the ISD Data Warehouse RESULTING IN the inability to provide updates to multiple reporting systems.

9 16 6Further engagement with NDR Team to consider

acceleration of the switching service replacement as part of the wider requirement for the acquisition of

data into NDR.

17/06/21 06/07/2021 Deputy Director of Information

Clinical

DHCW0260 Shielded Patient List

IF ISD are required to maintain the Shielded Patient List using current processes with significant manual intervention THEN the

inherent risk of human error will persist RESULTING IN the possible incorrect identification of patients on the list.

12 12 4 ISD and NDR team are working with a third party on development of an automation process. This should

remove the requirement for manual intervention and hence human error.

17/06/21 06/07/2021 Deputy Director of Information


DHCW0263 DHCW Functions

IF directions from Welsh Government do not provide a sound legal basis for the collection, processing and dissemination of

Welsh resident data THEN (i) partners, such as NHS Digital, may

12 12 4 Actions set against Welsh Government to define a set of Directions that will enable DHCW to move forwards on BAU and to provide cover for important functions

such as NDR

17/06/21 06/07/2021 Medical Director

1/3 156/284

Fuller,Sophie

06/29/2021 12:39:32


stop sharing data, (ii) DHCW may be acting unlawfully if it continues to process data RESULTING IN (i) DHCW being unable to fulfil its intended functions regarding the processing of data, or, in the case of continued processing, (ii) legal challenge, or

(iii) the need to submit a further application to the Confidentiality Advisory Group (which may not be successful) to assess the public interest in processing confidential data without

a legal basis or consent.

DHCW0264 Data Promise

IF the national conversation regarding the use of patient data (Data Promise) is delayed THEN stakeholders and patients will not be assured that the proposed uses of Welsh resident data

include sufficient controls to ensure data is treated responsibly, handled securely and used ethically RESULTING IN (i) potential

challenges to proposed uses of data, and/or a loss of public/professional confidence, and (ii) a failure to realise the desired outcomes regarding ‘data and collaboration’ (effective

and innovative uses of data, joined up services, better outcomes for individuals) set out in Welsh Government’s Digital Strategy.

12 12 4

Specific responsibilities for implementation of the Data Promise given to the Head of Digital

Strategy/Technology, Digital & Transformation, WG


Project

DHCW0237 Covid-19 Resource Impact

IF new requirements for digital solutions to deal with Covid 19 and recovery of services continue to come in, THEN staff may need to be moved away from other deliverables in the plan

RESULTING IN non delivery of our objectives and ultimately a delay in benefits being realised by the service.

16 16 9The 2021/22 DHCW Plan was approved by the DHCW

Board in May subject to detailed feedback from Welsh Government. . Ongoing assessment of impact of new

requirements being managed by the Planning and Performance Management group and Planning team.

17/06/21 06/07/2021 Chief Operating Officer

DHCW0205 DMZ/Internet Failure at Data Centre

IF a failure of the DMZ network or Internet Circuit in Blaenavon occurred THEN DHCW patient facing digital services would be

unavailable for users RESULTING IN service downtime and reputational damage.

12 16 4 Further migrations of services to Azure have completed, including secure file share portal and Mura websites. Whilst the data centre project is moving DMZ servers to a Cloud provider, only some services will be

hosted in more than one data centre. The risk will remain for other services

17/06/21 06/07/2021 Director of ICT

DHCW0228 Fault Domains

IF fault domains are not adopted across the infrastructure estate THEN a single failure could occur RESULTING IN multiple

service failures.

16 16 6 New equipment being deployed which will increase fault domains for some services. A Cloud Strategy and Business Case is being developed with a view of using Cloud services to provide the required fault domains

17/06/21 06/07/2021 Director of ICT

DHCW0201 Infrastructure Investment

IF recurrent funding is not available to support the replacement of obsolete infrastructure THEN the risk of failure and under performance will increase RESULTING IN service disruption.

12 12 4A revised infrastructure Business Case and Funding

Requirement needs to be developed and submitted to secure additional funding

17/06/21 06/07/2021 Director of ICT

Service Interruption

DHCW0266 VPN Capacity

IF a circuit failure occurred at a data centre THEN due to the increased number of VPN users and increased adoption of Office

12 12 4 Additional VPN appliances have arrived and are being scheduled for installation. Firewall and internet

capacity at Newport Data Centre is currently coping, but close to limits. Despite larger loan firewalls being

17/06/21 06/07/2021 Director of ICT

2/3 157/284

Fuller,Sophie

06/29/2021 12:39:32


365 services, there is currently a risk that the internet and VPN infrastructure could not sustain the load at one data centre with

the other circuit/equipment becoming overwhelmed, RESULTING IN a reduction in service, possibly including a

complete outage of these services. Users would not be able to access NHS Services from home and users on the NHS Network

would not be able to access any internet services including Office 365 (email, Teams, etc), on-line journals, etc. Public

access to NHS Websites would also be unavailable.

installed at BDC, they have been unable to cope with all traffic. Load balancing equipment is now being loaned by the manufacturer. In order to reduce the load, split tunnelling on the VPN service has been implemented for Office 365 traffic and this has reduced the load of

VPN and Internet by around 20%.

DHCW0204 Canisc System

IF there is a problem with the unsupported software used within the Canisc system THEN the application will fail RESULTING IN

disruption to operational service requiring workarounds.

15 20 6 All available mitigations are now complete. Being discussed and reviewed by SMB. The Cancer

Informatics Programme has been accelerated to iteratively mitigate risk of disruption to services should Canisc fail. This work is being managed under the Silver

(Managing Customers) Command Group.


DHCW0267Host Failures

IF a host fails on one of the virtual server environments THEN some guests may fail to migrate seamlessly to other hosts

RESULTING IN some servers failing to recover.

12 12 6 The periodic crashing issue continues. The manufacturer has recently identified what they believe is the root cause and changes are being

scheduled to make the necessary amendments in our environment. Once these are applied a period of

monitoring will be needed to determine next steps.

17/06/21 06/07/2021 Director of ICT

3/3 158/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.3.2





N/A


Prepared By Mark Cox, Deputy Director of Finance

Presented By Mark Cox, Deputy Director of Finance


Recommendation

The Audit and Assurance Committee is asked to:NOTE the contents of the report.

DIGITAL HEALTH AND CARE WALESAUDIT OF 2020/21 ACCOUNTS REPORT

1/4 159/284

Fuller,Sophie

06/29/2021 12:39:32

Audit of 2020/21 accounts report Page 2 of 4 Author: Mark Cox


Acronyms

DHCW Digital Health and Care Wales ISA International Standards on AuditingNHS National Health Service NWIS NHS Wales Informatics Service


1.1 The Auditor General has a wide range of audit and related functions, including auditing the accounts of Welsh NHS bodies, and reporting on the economy, efficiency and effectiveness with which those organisations have used their resources. The Auditor General undertakes his work using staff and other resources provided by the Wales Audit Office, which is a statutory board established for that purpose and to monitor and advise the Auditor General.

1.2 As part of the audit programme the Audit of 2020-21 Financial Statements Report set out findings (called an ISA260) was presented to the Velindre NHS Trust Audit Committee. As DHCW (NWIS at the time), formed part of the Trust and was incorporated within the statement of accounts it is important that any issues be addressed within the new organisation.


2.1 The audit report attached at Appendix A has been completed and presented to Velindre NHS Trust, whilst there were no issues identified relating to NWIS/DHCW the auditors stated their “intention is to issue a qualified ‘limitation of scope’ opinion on the 2020-21 financial statements as a consequence of being unable to obtain sufficient appropriate audit evidence to support the Trust’s inventory balance of £95.564million as at 31 March 2021.”

The opinion concludes, except for the possible effects of the matters described in the ‘Basis for qualified opinion’, the financial statements:

give a true and fair view of the state of affairs of Velindre University NHS Trust and its group as at 31 March 2021 and of its surplus for the year then ended;

have been properly prepared in accordance with international accounting standards as interpreted and adapted by HM Treasury’s Financial Reporting Manual; and

have been properly prepared in accordance with the National Health Service (Wales) Act 2006 and directions made there under by Welsh Ministers.

It will be a key learning point for DHCW to learn from the experience of Velindre NHS Trust and incorporate any recommendations into its procedures and future engagement with Audit Wales.

2/4 160/284

Fuller,Sophie

06/29/2021 12:39:32




3.1 None

4 RECOMMENDATION

4.1 The Audit and Assurance Committee are asked to:NOTE the content of the report including the attached audit report and the intention to report a number of recommendations in a separate report to the Trust which will be presented to the Audit Committee scheduled for the Autumn 2021.

5 IMPACT ASSESSMENT








No, (detail included below as to reasoning) Outcome: N/AStatement:Not applicable



APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEExecutive Director of Finance & Business Assurance

22/6/21 Approved

3/4 161/284

Fuller,Sophie

06/29/2021 12:39:32



IMPACT ASSESSMENT











4/4 162/284

Fuller,Sophie

06/29/2021 12:39:32


Audit of Accounts Report Velindre University NHS Trust

Audit year: 2020-21

Date issued: June 2021

Document reference: 2439A2021-22

1/22 163/284

Fuller,Sophie

06/29/2021 12:39:32

This document has been prepared as part of work performed in accordance with statutory functions.

In the event of receiving a request for information to which this document may be relevant, attention

is drawn to the Code of Practice issued under section 45 of the Freedom of Information Act 2000.

The section 45 code sets out the practice in the handling of requests that is expected of public

authorities, including consultation with relevant third parties. In relation to this document, the Auditor

General for Wales and the Wales Audit Office are relevant third parties. Any enquiries regarding

disclosure or re-use of this document should be sent to the Wales Audit Office at

[email protected].

We welcome correspondence and telephone calls in Welsh and English. Corresponding in Welsh will

not lead to delay. Rydym yn croesawu gohebiaeth a galwadau ffôn yn Gymraeg a Saesneg. Ni fydd

gohebu yn Gymraeg yn arwain at oedi.

2/22 164/284

Fuller,Sophie

06/29/2021 12:39:32


Contents

Page 3 of 22 - Audit of Accounts Report Velindre University NHS Trust

We intend to issue a qualified audit report on your 2020-21 financial statements with an Emphasis of Matter paragraph drawing attention to a disclosure note in your accounts and a substantive report providing further detail on the matter. There are some issues to report to you prior to their approval.

Audit of Accounts Report

Introduction 4

Impact of COVID-19 on this Year’s Audit 4

Proposed Audit Report 5

Significant Issues 6

Recommendations 8

Appendices

Appendix 1 – Final Letter of Representation 9

Appendix 2 – Proposed Audit Report 12

Appendix 3 – Summary of Corrections Made 19

3/22 165/284

Fuller,Sophie

06/29/2021 12:39:32

Audit of Accounts Report


Introduction

1 We summarise the main findings from our audit of your 2020-21 financial

statements in this report.

2 We have already discussed these issues with the Executive Director of Finance

and his team.

3 Auditors can never give complete assurance that accounts are correctly stated.

Instead, we work to a level of ‘materiality’. This level of materiality is set to try to

identify and correct misstatements that might otherwise cause a user of the

accounts into being misled.

4 We set this level at £8.5m for this year’s audit.

5 There are some areas of the accounts that may be of more importance to the

reader and we have set a lower materiality level for these, as follows:

• Remuneration report / senior pay disclosure - £5,000

• Related parties - £5,000 for individuals, £25,000 for companies and other

bodies

6 We have now substantially completed this year’s audit although at the time of

issuing this report we are seeking some additional documentary evidence from the

Trust to support some areas of our audit work. We will provide an update on this to

the Audit Committee on 8 June.

7 In our professional view, we have complied with the ethical standards that apply to

our work; remain independent of yourselves; and our objectivity has not been

compromised in any way. There are no relationships between ourselves and

yourselves that we believe could undermine our objectivity and independence.

Impact of COVID-19 on this Year’s Audit

8 The COVID-19 pandemic continues to have a significant impact on all aspects of

our society and continues to do so. You are required by law to prepare accounts

and it is of considerable testament to the commitment of your accounts team that

you have succeeded in doing so this year in the face of the challenges posed by

this pandemic. We are extremely grateful to the professionalism of the team in

supporting us to complete our audit in such difficult circumstances.

9 The pandemic has unsurprisingly affected our audit and we summarise in Exhibit

1 the main impacts. Other than where we specifically make recommendations, the

detail in Exhibit 1 is provided for information purposes only to help you understand

the impact of the COVID-19 pandemic on this year’s audit process.

4/22 166/284

Fuller,Sophie

06/29/2021 12:39:32

of 22 - Audit of Accounts Report Velindre University NHS Trust

Exhibit 1 – impact of COVID-19 on this year’s audit

Timetable • We received the draft accounts on 30 April 2021.

• The deadline for submitting your audited accounts to the

Welsh Government is 11 June 2021, two and a half weeks

earlier than last year.

• We expect the Auditor General to certify his audit report on 15

June 2021 and for your accounts to be laid before the Senedd,

alongside all of the other accounts of NHS Wales, on 16 June

2021.

Electronic

signatures

As a result of the pandemic the use of electronic signatures are

permissible for both the Trust and Audit Wales and will be used

this year.

Audit

evidence

Our audit of the financial statements was undertaken remotely.

Trust officers effectively supported us in this by continuing to

provide us with appropriate and timely information to inform our

audit. Specifically:

• officers provided electronic working papers in accordance with

our agreed Audit Deliverables Report;

• officers provided audit evidence to the audit team via e-mail or

a shared folder accessible via the Trust’s shared server;

• the audit team had remote read only access to the Trust’s

Oracle ledger which enabled the team to query the ledger and

hence reduce the burden on officers to provide this

information; and

• officers were available by video conferencing for discussions,

and for the sharing of on-screen information/evidence.

10 We will be reviewing what we have learned for our audit process from the COVID-

19 pandemic and whether there are innovative practices that we might adopt in the

future to enhance that process.

Proposed Audit Opinion

11 We intend to issue a qualified audit opinion on this year’s accounts once you have

provided us with a Letter of Representation, containing certain confirmations we

are required to obtain from you under auditing standards, based on that set out in

Appendix 1.

12 We issue a ‘qualified’ audit opinion where we have material concerns about some

aspects of your accounts; otherwise we issue an unqualified opinion.

5/22 167/284

Fuller,Sophie

06/29/2021 12:39:32


13 Our intention is to issue a qualified ‘limitation of scope’ opinion on the 2020-21

financial statements as a consequence of being unable to obtain sufficient

appropriate audit evidence to support the Trust’s inventory balance of £95.564

million as at 31 March 2021.

14 As a result of Covid-19 restrictions we were unable to observe and reperform parts

of the Trust’s count of its inventories. We have been unable to obtain the required

audit assurance by alternative means because, for a material inventory balance,

physical stocktake attendance by auditors is mandated by professional Auditing

Standard ISA501.

15 It is therefore important to emphasise that this qualification is not due to any

shortcomings in the Trust’s systems or actions, but because of the impact of Covid-

19 on one of our key audit procedures. We are not reporting that we consider the

inventory balance to be materially misstated, but rather that we do not know

whether it is materially true and fair.

16 Our proposed audit report is set out in Appendix 2 which also includes an

emphasis of matter, drawing the reader’s attention to Note 24 of the accounts. We

describe this further in Exhibit 2 below.

Significant Issues arising from the Audit

Uncorrected misstatements

17 There are no misstatements identified in the accounts, which remain uncorrected.

18 There is however a matter that we are required to bring to your attention. Appendix

3 summarises the amendments that have been made to the Trust’s accounts as a

result of our audit. One of those amendments is a £3.6m reduction to the

Provisions balance, relating to Welsh Risk Pool Structured Settlement cases. This

adjustment was required as unimpaired life expectancies were used to calculate

the provisions for three cases instead of the shortened expected lives as advised

by solicitors within NWSSP.

19 In addition to this adjustment, uncertainty exists in relation to a further seven cases

where there was either no or insubstantial evidence to support the unimpaired life

expectancies used to support the aggregate provision value of £20.5m concerning

these cases. This absence of documentary evidence occurred as a result of the

age of these cases - as they were all in excess of 10 years old the supporting

information had been disposed of. We have undertaken further work and are

satisfied that any potential over-statement of the provision value is not material to

our opinion.

6/22 168/284

Fuller,Sophie

06/29/2021 12:39:32


Corrected misstatements

20 There were some misstatements in the accounts that have now been corrected by

management. These are summarised, for information, in Appendix 3.

Other Significant Issues arising from the Audit

21 In the course of the audit, we consider a number of matters relating to the accounts

and report any significant issues arising to you. There was one issue arising

regarding Clinicians’ Pension Tax Liabilities, the implications of which are

summarised in Exhibit 2:

Exhibit 2 – significant issues arising from the audit

Emphasis of matter – Clinicians’

Pension Tax Liabilities

Within the Audit Report we draw attention to

Note 24 of the financial statements, which

describes the impact of a Ministerial

Direction issued on 18 December 2019 to

the Permanent Secretary of the Welsh

Government. The opinion is not modified in

respect of this matter.

Substantive report - Clinicians’

Pension Tax Liabilities

All NHS bodies will be held harmless for the

impact of the Ministerial Direction, however

the Auditor General’s opinion is that any

transactions included in the Trust’s financial

statements to recognise this liability would

be irregular and material by their nature.

This is because the payments are contrary

to paragraph 5.6.1 of Managing Public

Money and constitute a form of tax planning

which will leave the Exchequer as a whole

worse off. The Minister’s direction alone

does not regularise the scheme.

Furthermore, the arrangements are novel

and contentious and potentially precedent

setting.

Although this is not a new issue the Auditor

General has this year decided to place a

substantive report on your accounts (and

those of other NHS bodies) setting out the

detail.

7/22 169/284

Fuller,Sophie

06/29/2021 12:39:32


Recommendations

22 We intend to report a number of recommendations in a separate report to the Trust

which will be presented to the Audit Committee scheduled for the Autumn 2021.

8/22 170/284

Fuller,Sophie

06/29/2021 12:39:32

Appendix 1


Final Letter of Representation

Audited body’s letterhead

Auditor General for Wales

Wales Audit Office

24 Cathedral Road

Cardiff

CF11 9LJ

8 June 2021

Representations regarding the 2020-21 financial statements

This letter is provided in connection with your audit of the financial statements (including

that part of the Remuneration Report that is subject to audit) of Velindre University NHS

Trust for the year ended 31 March 2021 for the purpose of expressing an opinion on their

truth and fairness, their proper preparation and the regularity of income and expenditure.

We confirm that to the best of our knowledge and belief, having made enquiries as we

consider sufficient, we can make the following representations to you.

Management representations

Responsibilities

As Chief Executive and Accountable Officer I have fulfilled my responsibility for:

• Preparing the financial statements in accordance with legislative requirements and

the Treasury’s Financial Reporting Manual. In preparing the financial statements, I

am required to:

‒ observe the accounts directions issued by Welsh Ministers, including the

relevant accounting and disclosure requirements and apply appropriate

accounting policies on a consistent basis;

‒ make judgements and estimates on a reasonable basis;

‒ state whether applicable accounting standards have been followed and

disclosed and explain any material departures from them; and

‒ prepare them on a going concern basis on the presumption that the services

of Velindre University NHS Trust will continue in operation.

• Ensuring the regularity of any expenditure and other transactions incurred.

9/22 171/284

Fuller,Sophie

06/29/2021 12:39:32


• The design, implementation and maintenance of internal control to prevent and

detect error.

Information provided

We have provided you with:

• Full access to:

‒ all information of which we are aware that is relevant to the preparation of

the financial statements such as books of account and supporting

documentation, minutes of meetings and other matters;

‒ additional information that you have requested from us for the purpose of the

audit; and

‒ unrestricted access to staff from whom you determined it necessary to

obtain audit evidence.

• The results of our assessment of the risk that the financial statements may be

materially misstated as a result of fraud.

• Our knowledge of fraud or suspected fraud that we are aware of and that affects

Velindre University NHS Trust and involves:

‒ management;

‒ employees who have significant roles in internal control; or

‒ others where the fraud could have a material effect on the financial

statements.

• Our knowledge of any allegations of fraud, or suspected fraud, affecting the

financial statements communicated by employees, former employees, regulators or

others.

• Our knowledge of all known instances of non-compliance or suspected

non-compliance with laws and regulations whose effects should be considered

when preparing the financial statements.

• The identity of all related parties and all the related party relationships and

transactions of which we are aware.

• Our knowledge of all possible and actual instances of irregular transactions.

Financial statement representations

All transactions, assets and liabilities have been recorded in the accounting records and

are reflected in the financial statements.

The methods, the data and the significant assumptions used in making accounting

estimates, and their related disclosures are appropriate to achieve recognition,

measurement or disclosure that is reasonable in the context of the applicable financial

reporting framework.

10/22 172/284

Fuller,Sophie

06/29/2021 12:39:32


Related party relationships and transactions have been appropriately accounted for and

disclosed.

All events occurring subsequent to the reporting date which require adjustment or

disclosure have been adjusted for or disclosed.

All known actual or possible litigation and claims whose effects should be considered

when preparing the financial statements have been disclosed to the auditor and

accounted for and disclosed in accordance with the applicable financial reporting

framework.

The financial statements are free of material misstatements, including omissions. The

effects of uncorrected misstatements identified during the audit are immaterial, both

individually and in the aggregate, to the financial statements taken as a whole.

Representations by Velindre University NHS Trust

We acknowledge that the representations made by management, above, have been

discussed with us.

We acknowledge our responsibility for the preparation of true and fair financial

statements in accordance with the applicable financial reporting framework. The financial

statements were approved by the Board on 8 June 2021.

We confirm that we have taken all the steps that we ought to have taken in order to make

ourselves aware of any relevant audit information and to establish that it has been

communicated to you. We confirm that, as far as we are aware, there is no relevant audit

information of which you are unaware.

Signed by: Signed by:

Chief Executive: Trust Chair:

Date: Date:

11/22 173/284

Fuller,Sophie

06/29/2021 12:39:32

Appendix 2


Proposed Audit Report

The Certificate and independent auditor’s report of the Auditor General for Wales to the Senedd

Opinion on financial statements

I certify that I have audited the financial statements of Velindre University NHS Trust and

its group for the year ended 31 March 2021 under Section 61 of the Public Audit (Wales)

Act 2004. These comprise the Consolidated Statement of Comprehensive Income, the

Consolidated Statement of Financial Position, the Consolidated Cash Flow Statement

and the Consolidated Statement of Changes in Taxpayers’ Equity and related notes,

including a summary of significant accounting policies. The financial reporting framework

that has been applied in their preparation is applicable law and international accounting

standards as interpreted and adapted by HM Treasury’s Financial Reporting Manual.

In my opinion, except for the possible effects of the matters described in the ‘Basis for

qualified opinion’ section of my report, the financial statements:

• give a true and fair view of the state of affairs of Velindre University NHS Trust and

its group as at 31 March 2021 and of its surplus for the year then ended;

• have been properly prepared in accordance with international accounting

standards as interpreted and adapted by HM Treasury’s Financial Reporting

Manual; and

• have been properly prepared in accordance with the National Health Service

(Wales) Act 2006 and directions made there under by Welsh Ministers.

Basis for qualified opinion

Note 16.1 of the financial statements discloses an inventory balance of £95.564 million as

at 31 March 2021. Due to the impact of the COVID-19 pandemic and the statutory

lockdown arrangements that took effect from 23 March 2020, I was unable to observe

and reperform parts of the Trust’s count of its inventories on 31 March 2021.

As I have been unable to obtain the required audit assurance by alternative means, I am

therefore unable to determine whether the Trust’s reported year-end inventory balance of

£95.564 million is materially true and fair.

Opinion on regularity

In my opinion, in all material respects, the expenditure and income in the financial

statements have been applied to the purposes intended by the Senedd and the financial

transactions recorded in the financial statements conform to the authorities which govern

them.

Basis of opinions

I conducted my audit in accordance with applicable law and International Standards on

Auditing in the UK (ISAs (UK)) and Practice Note 10 ‘Audit of Financial Statements of

12/22 174/284

Fuller,Sophie

06/29/2021 12:39:32


Public Sector Entities in the United Kingdom’. My responsibilities under those standards

are further described in the auditor’s responsibilities for the audit of the financial

statements section of my report. I am independent of the trust and its group in

accordance with the ethical requirements that are relevant to my audit of the financial

statements in the UK including the Financial Reporting Council’s Ethical Standard, and I

have fulfilled my other ethical responsibilities in accordance with these requirements. I

believe that the audit evidence I have obtained is sufficient and appropriate to provide a

basis for my opinions.

Emphasis of Matter – Clinicians’ pension tax liabilities

I draw attention to Note 24 of the financial statements, which describes the impact of a

Ministerial Direction issued on 18 December 2019 to the Permanent Secretary of the

Welsh Government. My opinion is not modified in respect of this matter.

Conclusions relating to going concern

In auditing the financial statements, I have concluded that the use of the going concern

basis of accounting in the preparation of the financial statements is appropriate.

Based on the work I have performed, I have not identified any material uncertainties

relating to events or conditions that, individually or collectively, may cast significant doubt

on the body’s ability to continue to adopt the going concern basis of accounting for a

period of at least twelve months from when the financial statements are authorised for

issue.

My responsibilities and the responsibilities of the directors with respect to going concern

are described in the relevant sections of this report.

Other Information

The other information comprises the information included in the annual report other than

the financial statements and my auditor’s report thereon. The Chief Executive is

responsible for the other information contained within the annual report. My opinion on

the financial statements does not cover the other information and, except to the extent

otherwise explicitly stated in my report, I do not express any form of assurance

conclusion thereon. My responsibility is to read the other information and, in doing so,

consider whether the other information is materially inconsistent with the financial

statements or knowledge obtained in the course of the audit, or otherwise appears to be

materially misstated. If I identify such material inconsistencies or apparent material

misstatements, I am required to determine whether this gives rise to a material

misstatement in the financial statements themselves. If, based on the work I have

performed, I conclude that there is a material misstatement of this other information, I am

required to report that fact.

I have nothing to report in this regard.

13/22 175/284

Fuller,Sophie

06/29/2021 12:39:32


Report on other requirements

Opinion on other matters

In my opinion, the part of the remuneration report to be audited has been properly

prepared in accordance with the National Health Service (Wales) Act 2006 and directions

made there under by Welsh Ministers.

In my opinion, based on the work undertaken in the course of my audit:

• the information given in the Annual Governance Statement for the financial year for

which the financial statements are prepared is consistent with the financial

statements and the Annual Governance Statement has been prepared in

accordance with Welsh Ministers’ guidance;

• the information given in the Performance Report for the financial year for which the

financial statements are prepared is consistent with the financial statements and

the Performance Report has been prepared in accordance with Welsh Ministers’

guidance.

Matters on which I report by exception

In the light of the knowledge and understanding of the Trust and its environment obtained

in the course of the audit, I have not identified material misstatements in the Performance

Report or the Annual Governance Statement.

I have nothing to report in respect of the following matters, which I report to you, if, in my

opinion:

• adequate accounting records have not been kept, or returns adequate for my audit

have not been received from branches not visited by my team;

• the financial statements and the audited part of the Remuneration Report are not in

agreement with the accounting records and returns;

• information specified by HM Treasury or Welsh Ministers regarding remuneration

and other transactions is not disclosed; or

• I have not received all the information and explanations I require for my audit.

Responsibilities

Responsibilities of Directors and the Chief Executive for the financial statements

As explained more fully in the Statements of Directors’ and Chief Executive’s

Responsibilities set out on pages … and …, the Directors and the Chief Executive are

responsible for the preparation of financial statements which give a true and fair view and

for such internal control as the Directors and Chief Executive determine is necessary to

enable the preparation of financial statements that are free from material misstatement,

whether due to fraud or error.

In preparing the financial statements, the Directors and Chief Executive are responsible

for assessing the Trust’s ability to continue as a going concern, disclosing as applicable,

14/22 176/284

Fuller,Sophie

06/29/2021 12:39:32


matters related to going concern and using the going concern basis of accounting unless

deemed inappropriate.

Auditor’s responsibilities for the audit of the financial statements

My objectives are to obtain reasonable assurance about whether the financial statements

as a whole are free from material misstatement, whether due to fraud or error, and to

issue an auditor’s report that includes my opinion. Reasonable assurance is a high level

of assurance but is not a guarantee that an audit conducted in accordance with ISAs (UK)

will always detect a material misstatement when it exists. Misstatements can arise from

fraud or error and are considered material if, individually or in the aggregate, they could

reasonably be expected to influence the economic decisions of users taken on the basis

of these financial statements.

Irregularities, including fraud, are instances of non-compliance with laws and regulations.

I design procedures in line with my responsibilities, outlined above, to detect material

misstatements in respect of irregularities, including fraud.

My procedures included the following:

• Enquiring of management, internal audit and those charged with governance,

including obtaining and reviewing supporting documentation relating to Velindre

NHS University Trust’s policies and procedures concerned with:

‒ identifying, evaluating and complying with laws and regulations and whether

they were aware of any instances of non-compliance;

‒ detecting and responding to the risks of fraud and whether they have

knowledge of any actual, suspected or alleged fraud; and

‒ the internal controls established to mitigate risks related to fraud or non-

compliance with laws and regulations.

• Considering as an audit team how and where fraud might occur in the financial

statements and any potential indicators of fraud. As part of this discussion, I

identified potential for fraud in the following areas: revenue recognition and the

posting of unusual journals.

• Obtaining an understanding of Velindre NHS University Trust’s framework of

authority as well as other legal and regulatory frameworks that the Velindre NHS

University Trust operates in, focusing on those laws and regulations that had a

direct effect on the financial statements or that had a fundamental effect on the

operations of Velindre NHS University Trust.

In addition to the above, my procedures to respond to identified risks included the

following:

• reviewing the financial statement disclosures and testing to supporting

documentation to assess compliance with relevant laws and regulations discussed

above;

15/22 177/284

Fuller,Sophie

06/29/2021 12:39:32


• enquiring of management, the Audit Committee and legal advisors about actual

and potential litigation and claims;

• reading minutes of meetings of those charged with governance and the Board; and

• in addressing the risk of fraud through management override of controls, testing

the appropriateness of journal entries and other adjustments; assessing whether

the judgements made in making accounting estimates are indicative of a potential

bias; and evaluating the business rationale of any significant transactions that are

unusual or outside the normal course of business.

I also communicated relevant identified laws and regulations and potential fraud risks to

all audit team and remained alert to any indications of fraud or non-compliance with laws

and regulations throughout the audit.

The extent to which my procedures are capable of detecting irregularities, including fraud,

is affected by the inherent difficulty in detecting irregularities, the effectiveness of the

Velindre NHS University Trust’s controls, and the nature, timing and extent of the audit

procedures performed.

A further description of the auditor’s responsibilities for the audit of the financial

statements is located on the Financial Reporting Council's website

www.frc.org.uk/auditorsresponsibilities. This description forms part of my auditor’s report.

Responsibilities for regularity

The Chief Executive is responsible for ensuring the regularity of financial transactions.

I am required to obtain sufficient evidence to give reasonable assurance that the

expenditure and income have been applied to the purposes intended by the Senedd and

the financial transactions conform to the authorities which govern them.

Please see my Report on pages x to y.

Adrian Crompton 24 Cathedral Road

Auditor General for Wales Cardiff

15 June 2021 CF11 9LJ

16/22 178/284

Fuller,Sophie

06/29/2021 12:39:32

https://www.frc.org.uk/auditors/audit-assurance/auditor-s-responsibilities-for-the-audit-of-the-fi/description-of-the-auditor%e2%80%99s-responsibilities-for


Report of the Auditor General to the Senedd

Introduction

Under the Public Audit Wales Act 2004, I am responsible for auditing, certifying and

reporting on Velindre NHS Trust’s (the Trust’s) financial statements. I am reporting on

these financial statements for the year ended 31 March 2021 to draw attention to one key

matter for my audit. This is the implications of the ministerial direction on senior clinicians’

pensions. I have not qualified my ‘true and fair’ opinion in respect of this matter.

Ministerial direction on senior clinicians’ pensions

NHS Pension scheme and pension tax legislation is not devolved to Wales. HM

Treasury’s changes to the tax arrangements on pension contributions in recent years

included the reduction in the Annual Allowance limit from over £200k in 2011-12 to £40k

in 2018-19. As a result, in cases where an individual’s pension contributions exceed

certain annual and / or lifetime pension contribution allowance limits, then they are taxed

at a higher rate on all their contributions, creating a sharp increase in tax liability.

In a Written Statement on 13 November 2019, the Minister for Health and Social Services

had noted that NHS Wales bodies were: ‘regularly reporting that senior clinical staff are

unwilling to take on additional work and sessions due to the potentially punitive tax

liability’. In certain circumstances this could lead to additional tax charges in excess of

any additional income earned.

On 18 December 2019, the First Minister (mirroring earlier action by the Secretary of

State for Health and Social Care for England) issued a Ministerial Direction to the

Permanent Secretary to proceed with plans to commit to making payments to clinical staff

to restore the value of their pension benefits packages. If NHS clinicians opted to use the

‘Scheme Pays’ facility to settle annual allowance tax charges arising from their 2019-20

NHS pension savings (i.e. settling the charge by way of reduced annual pension, rather

than by making an immediate one-off payment), then their NHS employers would meet

the impact of those tax charges on their pension when they retire.

The Ministerial Direction was required because this solution could be viewed by HMRC to

constitute tax planning and potentially tax avoidance, hence making the expenditure

irregular. Managing Welsh Public Money (which mirrors its English equivalent) specifically

states that ‘public sector organisations should not engage in…tax evasion, tax avoidance

or tax planning’.

A Ministerial Direction does not make regular what would otherwise be irregular, but it

does move the accountability for such decisions from the Accounting Officer to the

Minister issuing the direction.

The solution applies only to annual allowance tax charges arising from an increase in the

benefits accrued in the NHS Pension Scheme during the tax year ended 5 April 2020. For

the tax year ended 5 April 2021, the Chancellor increased the thresholds for the tapered

annual allowance and, as a result, it is anticipated that the risk to the supply of clinical

staff has been mitigated.

17/22 179/284

Fuller,Sophie

06/29/2021 12:39:32


The Trust currently has insufficient information to calculate and recognise an estimate of

the potential costs of compensating senior clinical staff for pension benefits that they

would otherwise have lost, by using the ‘Scheme Pays’ arrangement. As a result no

expenditure is recognised in the financial statements but as required the Trust has

disclosed a contingent liability in note 24 of its financial statements.

All NHS bodies will be held harmless for the impact of the Ministerial Direction, however

in my opinion any transactions included in the Trust’s financial statements to recognise

this liability would be irregular and material by their nature. This is because the payments

are contrary to paragraph 5.6.1 of Managing Public Money and constitute a form of tax

planning which will leave the Exchequer as a whole worse off. The Minister’s direction

alone does not regularise the scheme. Furthermore, the arrangements are novel and

contentious and potentially precedent setting.

I have not modified my regularity opinion in this respect this year because as set out

above, no expenditure has been recognised in the year ended 31 March 2021. I have

however placed an Emphasis of Matter paragraph in my audit report to highlight this

issue and, have prepared this report to bring the arrangement to the attention of the

Senedd.

Adrian Crompton

Auditor General for Wales

15 June 2021

18/22 180/284

Fuller,Sophie

06/29/2021 12:39:32

Appendix 3


Summary of Corrections Made

Some adjustments have been made to the Financial Statements as a result of our audit.

These have been corrected by management. A summary of the most significant

corrections made are summarised below.

Exhibit 2: summary of corrections made

Value of

correction

Nature of correction

£10.5m

£nil impact on

disclosed surplus

Trade and other receivables (Note 17)

£10.5m had been included within the draft accounts to recognise a

prepayment for PPE. On 23 April 2021, having not received the PPE,

NWSSP cancelled the order. As the value of the transaction is material

to our opinion, this should be treated as an adjusting Post Balance

Sheet Event. As a result, the entire value of the prepayment has been

reclassified to the “Other Debtors” sub balance within Note 17.

£3.6m

£nil impact on

disclosed surplus

Provisions (Note 23)

We found that three Welsh Risk Pool Structured Settlement cases were

calculated on an incorrect basis. Unimpaired life expectancies were

used to calculate the provisions for these cases instead of the

shortened expected lives as advised by the Trust’s solicitors.

The ‘Provisions’ and corresponding ‘Trade and other Receivables’

balances have been adjusted by this value.

£286,000

£nil impact on

disclosed surplus

Welsh Risk Pool Account Changes

The Trust’s accounts have been amended to reflect the findings arising

from the audits of the WRP returns of the various LHBs and Trusts:

• a decrease in provisions of £286k: and

• a decrease in contingent liabilities of £14.057m

£788,000

£nil impact on

disclosed surplus

Note 16.2 – Inventories recognised in expenses

The “inventories recognised as an expense” disclosed within the note

was understated by £788,000.

19/22 181/284

Fuller,Sophie

06/29/2021 12:39:32


N/A Note 32 – Events after the Reporting Period

The disclosure note has been amended to disclose:

• the latest position concerning the supply of PPE and other

equipment to India in regard to the response to the Covid-19 crisis;

and

• NHS Wales Informatics Service (NWIS), which has been hosted by

the Trust since 1 April 2010, ceased to be hosted by the Trust on

1st April 2021, and became a new Special Health Authority, Digital

Health & Care Wales.

N/A Note 24 – Contingent Liabilities

• The value of the Trust’s contingent liabilities was under-disclosed

by £400,000 as a number of NWSSP cases had been omitted; and

• Additional narrative has been included to describe the potential

impact of a decision to fund NHS Clinicians’ pension tax liabilities.

N/A Note 17 – Trade and other Receivables

The Trust identified some classification errors between the sub-

balances within the note which have been corrected. There has been

no impact on the overall Receivables balance as a result of this.

N/A Other Narrative Amendments

A number of other narrative and disclosure adjustments have been

made to the financial statements, including:

• Note 5.1 (Operating Expenses) – the disclosure of the audit fee has

been corrected to comply with the requirements of the Manual for

Accounts;

• Accountability and Performance Report – some narrative

amendments have been made to the content of the Reports; and

• Remuneration Report – the remuneration disclosed for one of the

Executive Directors was found to be slightly overstated.

20/22 182/284

Fuller,Sophie

06/29/2021 12:39:32

21/22 183/284

Fuller,Sophie

06/29/2021 12:39:32

22/22 184/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.3.3





N/A




Purpose of the Report For Approval

Recommendation

The Audit and Assurance Committee is asked to:APPROVAL the contents of the report

DIGITAL HEALTH AND CARE WALESBANKING FINANCIAL CONTROL PROCEDURE

1/4 185/284

Fuller,Sophie

06/29/2021 12:39:32

of 4 Author: Mark Cox


Acronyms

DHCW Digital Health and Care Wales SO Standing OrdersSHA Special Health Authority SFI Standing Financial Instruction

FCP Financial Control Procedures


1.1 These Financial Procedures provide guidance to the SHA, its Directors and officers on the operation of internal controls. These procedures must be read in conjunction with the organisations Standing Financial Instructions (SFI’s), Standing Orders (SO’s), Scheme of Delegation and relevant policies, which provide the framework within which a reliable system of internal control may operate.

1.2 Internal control is the whole system of controls, financial and otherwise, established by management in order to carry out financial and related activities in an orderly and efficient manner, safeguard the SHA’s assets and secure the completeness and accuracy of records.

1.3 The organisations Standing Financial Instructions sets out responsibilities of the Executive Director of Finance relating to banking and explicitly in section 8.3.1 that “The Director of Finance will prepare detailed instructions on the operation of bank accounts, that ensure there are sound controls over the day-to-day operation of bank accounts.” Consequently, the Banking FCP at Appendix A was constructed to be enacted.


2.1 The Banking Financial Control Procedure sets out how the banking arrangements operate within DHCW, including who can access and make changes to the bank accounts. The document also states who is authorised to make payments through the banking system. This document describes how the DHCW’s bank records and statements for these bank accounts are reconciled to the DHCW’s own records and ledger in a timely manner.


3.1 None

4 RECOMMENDATIONThe Audit and Assurance Committee is asked to:APPROVAL the contents of the report

2/4 186/284

Fuller,Sophie

06/29/2021 12:39:32



5 IMPACT ASSESSMENT











APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEDirector of Finance 22/6/21 Approved

IMPACT ASSESSMENT





FINANCIAL No, there are no specific financial implication related to the activity outlined in this report

3/4 187/284

Fuller,Sophie

06/29/2021 12:39:32



IMPLICATION/IMPACT





4/4 188/284

Fuller,Sophie

06/29/2021 12:39:32




Document author: Sian Williams

Approved by Mark Cox

Date approved: 31.3.2021

Review date: 31.3.2022

Document Version 1.0.1

Status Approved

This procedure is to ensure that banking arrangements operate within DHCW, including who can access and make changes to the bank

accounts.

BANKING ARRANGEMENTS

1/9 189/284

Fuller,Sophie

06/29/2021 12:39:32

of 9 Author: [Sian Williams]

Approver: [Mark Cox]INTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

TEM – FCP-012–V1








No, (detail included below as to reasoning) Outcome:Statement:


APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this

COMMITTEE OR GROUP DATE OUTCOMEAudit and Assurance Committee 10th May 2021 Approved

IMPACT ASSESSMENT

Choose an item.QUALITY AND SAFETY IMPLICATIONS/IMPACT

Choose an item.LEGAL IMPLICATIONS/IMPACT

Choose an item.

2/9 190/284

Fuller,Sophie

06/29/2021 12:39:32





Choose an item.WORKFORCE IMPLICATION/IMPACT

Choose an item.SOCIO ECONOMIC IMPLICATION/IMPACT

3/9 191/284

Fuller,Sophie

06/29/2021 12:39:32



TABLE OF CONTENTS

1 DOCUMENT HISTORY...............................................................................................................5

1.1 REVISION HISTORY...........................................................................................................5

1.2 REVIEWERS .......................................................................................................................5

1.3 AUTHORISATION ...............................................................................................................5

1.4 DOCUMENT LOCATION.....................................................................................................5

2 PURPOSE ...................................................................................................................................6

3 SCOPE ........................................................................................................................................6

4 ROLES AND RESPONSIBILITIES..............................................................................................6

5 REFERENCES ............................................................................................................................8

6 PROCEDURE..............................................................................................................................9

6.1 Banking Arrangements ........................................................................................................9

6.2 Administration and Reconciliation of Bank accounts ...........................................................9

6.3 Cash Forecasting.................................................................................................................9

4/9 192/284

Fuller,Sophie

06/29/2021 12:39:32



1 DOCUMENT HISTORY

1.1 REVISION HISTORY

Date Version Author Revision Summary

1.2 REVIEWERS

This document requires the following reviews:

Date Version Name Position

1.3 AUTHORISATION

Signing of this document indicates acceptance of its contents.

Author’s Name: Sian Williams

Role: Head of Financial Services and Reporting

Signature:

e:

Approver’s Name: Mark Cox

Role: Deputy Director of Finance

Signature:

t e:

1.4 DOCUMENT LOCATION

Type Location

Electronic Sharepoint/FinBus/Management System/Forms

XAuthor

XApprover

5/9 193/284

Fuller,Sophie

06/29/2021 12:39:32




2 PURPOSEThis procedure sets out how the banking arrangements operate within DHCW, including who can access and make changes to the bank accounts. The document also states who is authorised to make payments through the banking system. This document describes how the DHCW’s bank records and statements for these bank accounts are reconciled to the DHCW’s own records and ledger in a timely manner.

3 SCOPE This procedure shall apply specifically to the Finance Directorate but will impact all Divisions of DHCW.

4 ROLES AND RESPONSIBILITIES It is the responsibility of the Finance Directorate to ensure that this procedure is followed and that the necessary financial information is made available to enable this to be achieved. The Director of Finance is responsible for the security, integrity and accuracy of the DHCW bank accounts.

4.1.1The day to day responsibility and management of the DHCW bank accounts are delegated to the Finance Officers.

4.1.2 The individuals (or equivalent post holders as a result of approved changes to the Board structure) shown in table A below are set up on the bank mandate and hold the authority to:

Authorise the setting up of a new bank account Authorise a regular payment / standing order (note that 2 signatories are required) Authorise amendments to BACs Primary Security Contacts (note that 2 signatories are

required) Authorise amendments to the Natwest Contact Details (note that 2 signatories are

required) Authorise amendments to the cheque panels (note that 2 signatories are required) • Sign

indemnities (note that 2 signatories are required)

Table A

Role Chief Executive Executive Director of Finance & Business Deputy Director of FinanceHead of Financial Services and Reporting

4.1.3The individuals shown in table B below have been given access to:

Set up, create, edit, suspend and delete users (note that two individuals need to make this request)

Reactivate disabled users (note that two individuals need to make this request)

6/9 194/284

Fuller,Sophie

06/29/2021 12:39:32




Order new activation codes and smartcard readers Specify how often users must change their passwords (note that two individuals need

to make this request, one of which must be the Head of Financial Accounting) Manage the users profile adding and deleting responsibilities (note that two individuals

need to make this request) Manage which actions require dual authorisation and set payment limits (note that two

individuals need to make this request, one of which must be the Head of Financial Accounting)

Restrict access to bank accounts and mark accounts as confidential (note that two individuals need to make this request)

4.1.4The audit report available in Bankline should be downloaded, saved and reviewed by the Head of Financial Services or an appropriate delegate on a quarterly basis.

Table B

RoleHead of Financial Services and ReportingDeputy Head of Financial Services

4.1.5The individuals shown in table C below have been set up on the bank mandate to:

Input payment details Authorise payments from the bank account providing they didn’t input details above

(CHAPS payments above £100,000 require two users to authorise the payment) Search payment details and foreign exchange rates Manage direct debits and standing orders Manage customer templates Manage bulk lists

Table C

RoleHead of Financial Services and ReportingDeputy Head of Financial ServicesSenior Finance Officers

**Note – Authorisation relates to the payment process only. Approval to make the payment must be in line with the Scheme of Delegation

4.1.6As requested changes and appropriate authorisation can only be given by certain named individuals, it is important to ensure their appropriate availability.

7/9 195/284

Fuller,Sophie

06/29/2021 12:39:32




4.1.7Wherever possible, advance notice of payments should be given to ensure that appropriate officers are available to process the transaction. Where staff are not available alternative arrangements will include:

• Ensuring access can be obtained from a remote venue and an alert sent to the individual when the authorisation is required

• Changing existing commitments, for example moving the time or venue of a meeting• Contacting those likely to require authorisation of a payment and making them aware that

authorisation may not be available during a set period of time

5 REFERENCES

DOCUMENT VERSION

DHCW standing orders and financial instructions Current

Accounts receivable Current

Accounts payable Current

Government Banking customer guide

6 PROCEDURE

6.1 Banking Arrangements

6.1.1The Director of Finance is ultimately responsible for authorising the opening and closing of bank accounts, and this is undertaken as described in the section above

6.1.2 The DHCW operating account are held with Natwest and are overseen by Government Banking Service.

Only authorised personnel are allowed entry to the online bank accounts via controlled access levels.

The Head of Financial Services and Reporting and maintains a list of signatories for each bank account as authorised by the Chief Executive and Director of Finance. This is included in section 4 above.

6.2 Administration and Reconciliation of Bank accountsThe Head of Financial Reporting and Services via the team members, ensures that that the cash book as per general ledger is updated and reconciled to the DHCW bank account on a regular basis. As a minimum this should be done at least once a week, although more frequent reconciliations may be appropriate depending on the volume, value and nature of transactions posted.

8/9 196/284

Fuller,Sophie

06/29/2021 12:39:32




6.2.1At month end, the DHCW cash book as recorded in the General Ledger is reconciled to the bank statements as part of the closedown procedures and the reconciliation is reviewed by the Head of Financial Services and Reporting.

6.3 Cash Forecasting

6.3.1The Head of Financial Services and Reporting will maintain an appropriate method of forecasting DHCW’s cash requirements and will notify Welsh Government of the monthly core funding draw-down in line with their timetable.

9/9 197/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.3.4





N/A





Recommendation

The Audit and Assurance Committee is being asked to:NOTE the details of major procurements reported since the last Audit Committee meeting.

DIGITAL HEALTH AND CARE WALESHIGH VALUE PURCHASE ORDER COVER

REPORT

1/4 198/284

Fuller,Sophie

06/29/2021 12:39:32

High Value Purchase Order Cover Report Page 2 of 4 Author: Mark Cox


Acronyms

VAT Value Added Tax DHCW Digital Health and Care WalesGP General Practitioners


1.1 The purpose of this report is to provide the Audit & Assurance Committee with an update in relation to high value purchase orders over £0.750m (excluding VAT) raised and issued to suppliers over the stated period. The relevance of the £0.750m threshold is that this is consistent with the scheme of delegation financial limits for All Wales Digital Contracts & Agreements (detailed within Schedule 1 page 56 of the organisations Standing Orders). Due to the sensitive nature of the transactions, exact order amounts are not detailed within the public portion of this report in order to minimise any possible fraud activity.


2.1 During the period April 1st 2021 and June 22nd 2021 four orders over £0.750m were raised totalling £8.3m.

2.2 Of the four orders raised two (ref 1 & 2 in item 2.4) related to the provision of services to GP Surgeries across Wales (printer services and software applications).

2.3 The remaining two orders (ref 3 & 4 in item 2.4) related to the provision of datacentre hosting services1 at two sites (location withheld from this report in line with security recommendations).

2.4 The details of all orders raised to date and individual governance approval is presented within Appendix A – High Value Purchase Order Tracker. An extract is detailed within table 1.

Table 1: High Value Orders (redacted extract) April 1st - June 22nd

Ref Date Raised Area Supplier Description

1 14/06/2021 GP Systems Hewlett Packard Managed Print Service

2 14/06/2021 GP Systems In Practice Systems Ltd GP Software Systems Maintenance (Vision) 2021-22

3 14/04/2021 Datacentres BT PLC Datacentre 1 Rental to 2023

4 14/04/2021 Datacentres CDW Ltd Datacentre 2 Rental to 2026

Total

1 The two datacentres provide hosting services to All Wales applications as well as provision of racks.

2/4 199/284

Fuller,Sophie

06/29/2021 12:39:32




3.1 None

4 RECOMMENDATION

4.1 The Audit and Assurance Committee are asked to:NOTE the contents of this report and the high value orders raised to date.

5 IMPACT ASSESSMENT





HEALTH CARE STANDARD N/A




STRATEGIC OBJECTIVE All Objectives apply


APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEExecutive Director of Finance & Business Assurance

22/6/21 Approved

3/4 200/284

Fuller,Sophie

06/29/2021 12:39:32



IMPACT ASSESSMENT





Yes, please see detail belowFINANCIAL IMPLICATION/IMPACT See section 2 for specific financial information.





4/4 201/284

Fuller,Sophie

06/29/2021 12:39:32


HIGH VALUE PURCHASE ORDER TRACKER2021/22 Purchase Orders

Ref Area Supplier Service/Good Detail Date OrderRaised Amount £ Procurement Approved by DHCW Board (Date)

Reported at Audit & Assurance Committee 6th July 2021

1 GP Systems HEWLETT PACKARD Managed Print Service 14.06.2021 >£0.750m N/A Velindre NHS Trust novated approved NWIS contract

2 GP Systems IN PRACTICE SYSTEMS LTD GP Software Systems Maintenance (Vision) 2021-2214.06.2021 >£0.750m N/A Velindre NHS Trust novated approved NWIS contract

3 Datacentres BT PLC Datacentre 1 Rental to 2023 14.04.2021 >£0.750m N/A Velindre NHS Trust novated approved NWIS contract

4 Datacentres CDW LTD Datacentre 2 Rental to 2026 14.04.2021 >£0.750m N/A Velindre NHS Trust novated approved NWIS contract

Total £8.277m

Reported at Audit & Assurance Committee 5th October 2021

5 TBC TBC TBC TBC TBC TBC



Total TBC

Reported at Audit & Assurance Committee 4th January 2022

TBC TBC TBC TBC TBC TBC TBC

Total TBC

Grand Total High Value Purchase Orders £8.277m

1/1 202/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.4





N/A


Prepared By Nathan Beynon, Senior Category Manager

Presented By Julie Francis, Head of Commercial Services


Recommendation

The Committee is being asked to:NOTE the contents of the report.

DIGITAL HEALTH AND CARE WALESPROCUREMENT AND SCHEME OF DELEGATION

COMPLIANCE REPORT

1/4 203/284

Fuller,Sophie

06/29/2021 12:39:32

of 4 Author: Nathan Beynon

Approver: Julie FrancisINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

PCR 2015 Public Contracts Regulations 2015 DHCW Digital Health and Care WalesCCN Change Control Notes SQA Single Quotation ActionsSTA Single Tender Actions


1.1 The purpose of this report is to provide the Audit and Assurance Committee with an update in relation to procurement activity undertaken during the period 1st April 2021 to 31st May 2021 and in accordance with reference 1.2 (Schedule 2.1 Procurement and Contracting for Goods and Services) of the standing Financial Instructions.

1.2 An explanation of the reasons, circumstances and details of any further action taken is also included.

SFI Reference Description Items12.9.4 Free of Charge Services 012.13 Single Quotation Actions 112.13 Single Tender Actions 112.13 Single Tenders for consideration following a call for Competition

under PCR2015.0

12.17 Contract Extensions:Award of additional funding outside the terms of the contract (executed via Contract Change Note (CCN) or Variation of Terms)

3


2.1 The Committee is required to note the following:

Single tender and single quotation activity (set out in appendix A) Change control notes (set out in appendix A)


3.1 None at this time.

4 RECOMMENDATIONThe Committee is being asked to:NOTE the contents of the report.

2/4 204/284

Fuller,Sophie

06/29/2021 12:39:32



5 IMPACT ASSESSMENT


If more than one standard applies, please list below:A globally responsible Wales


If more than one standard applies, please list below:ISO 27001ISO 9001BS 1008

HEALTH CARE STANDARD Effective Care

If more than one standard applies, please list below:Staff and Resources


No, (detail included below as to reasoning) Outcome: N/AStatement:EQIA’s are undertaken by the service leads for relevant procurements.

STRATEGIC OBJECTIVE Mobilising digital transformation and ensuring high quality health and care data

If more than one objective applies, please list below:Delivering High Quality Digital ServicesDriving value from data for better outcomes



3/4 205/284

Fuller,Sophie

06/29/2021 12:39:32



IMPACT ASSESSMENT





Yes, please see detail belowFINANCIAL IMPLICATION/IMPACT SQAS (x1) as set out in Appendix 1: Total Value

£17,000.00 ex VAT

STAS (x1) as set out in Appendix 1: Total Value £700,000.00 ex VAT

CCN’s (x3) as set out in Appendix 1: Total Value £96,829.26 ex VAT

Grand total £813,829.26 ex VATYes, please see detail belowWORKFORCE

IMPLICATION/IMPACT

Yes, please detail belowSOCIO ECONOMIC IMPLICATION/IMPACT

4/4 206/284

Fuller,Sophie

06/29/2021 12:39:32


APPENDIX A – PROCUREMENT AND SCHEME OF DELEGATION COMPLIANCE REPORT – ACTIVITY OVERVIEW

ORGANISATION DIRECTORATE Procurement Reference

Agreement Period SFI Reference Agreement Title/ Description

Supplier Anticipated Value Reason Compliance Comment

First Submission or Repeat

DHCW Test Trace Protect Programme

P64217A 01/02/2021-31/05/2021 STA Integrated Telephony Solution for TTP - Additional value required to cover SMS and Call costs

Solgari Ltd £700,000.00 The purpose of this STA is to increase the value of the Solgari contract and obtain subsequent approval for the unanticipated expenditure under the original Solgari Agreement.

The original Contract Award was approved by Velindre University NHS Trust Board (as hosts of NWIS). The new requirement required continuity of service under regulation 72 of PCR2015. A VEAT notice has been issued.

Repeat Submission- the original STA submission was reported to Velindre Audit Committee

DHCW Clinical Knowledge Services

P21.45 01/04/2021-31/03/2022 SQA iRefer Guidelines 2021

Royal College of Radiologists

£17,000.00 The RCR are the sole supplier of the I Refer Guidelines which are required for Radiologists to conduct their clinical work.

No further action

Repeat Submission

DHCW Software Development

P308 01/07/2021-30/06/2023 CCN/Extension System Integration Tool

Fiorano £60,000.00 The contract did not include a further option to extend, however, an extension was required and approved via an options paper.

Procurement activities to commence in 2021-22 for a replacement service.

First submission

DHCW Information Services

P307 01/05/2021-30/06/2021 CCN All Wales Data Quality Service (DQS)

Informatica Ltd

£29,000.00 The CCN was required to commission Informatica to support the migration of the DQS solution from old legacy servers onto new PDES Servers. This will transition the DQS solution out of BDC and into NDC as part of the exit from BDC. This is being conducted on a time and materials basis, capped at £29,000 and is scheduled to take approximately 8 weeks.

No further action

First submission

DHCW Network Services

P493 30/04/2021/31/07/2021 CCN/Extension HCSN Connection MLL Telecom

£7,829.26 The contract did not include any extension provisions and a re-procurement was undertaken in February this year. The short-term extension is required due to the lead times on new circuits. The extension will ensure there is no disruption to service while the new circuits are ordered and installed by the new provider, Adept Telecom.

No further action

First submission

Total Value ex VAT

£813,829.26

1/1 207/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.5





N/A





Recommendation

The Committee is being asked to:NOTE the work to populate a Declarations of Interests Register for DHCW and NOTE the Declarations of Gifts, Hospitality, Sponsorship and Honoraria declarations for June 2021.

DIGITAL HEALTH AND CARE WALESDECLARATIONS INTERESTS AND

DECLARATIONS OF GIFTS, HOSPITALITY, SPONSORSHIP AND HONORARIA

1/6 208/284

Fuller,Sophie

06/29/2021 12:39:32


Approver: Claire Osmundsen-Little


Acronyms

DHCW Digital Health and Care Wales SO’s Standing OrdersNWIS NHS Wales Informatics Service


1.1 Up until 31 March 2021 Declarations of Internet and Declarations of Interest, Gifts Hospitality, Sponsorship activities for NWIS were captured via the Velindre NHS Trust governance processes and reported to the Velindre NHS Trust Audit Committee.

1.2 In accordance with the requirements of the DHCW’s Standing Orders (SO’s) and Standards of Behaviour Policy, approved by the DHCW Board on 1 April 2021, a report is required to be received by the DHCW Audit & Assurance Committee as a standing agenda item which will detail the Declarations of Interest, Gifts, Declarations of Interest, Gifts Hospitality, Sponsorship activities.


2.1 Following approval of the DHCW Standards of Behaviour Policy by the DHCW Board on 1 April 2021 work has commenced to collate Board member declarations of interest. All Board members declarations of interest have been received and captured on the register which is included as Appendix A (item 4.5i) and published on the DHCW website.

2.2 The next step will be to capture the declarations of interest of all DHCW staff band 8a and above and report this to the October Audit and Assurance Committee meeting.

2.3 All declaration forms are reviewed and checked by the Board Secretary and any queries addressed prior to entry on the register.

2.4 It should be noted that no Declarations of Interest, Gifts, Hospitality, Honoraria or Sponsorship activities have been declared since the establishment of DHCW (item 4.5ii).

2.5 The Standards of Behaviour Framework summary from the Standards of Behaviour Policy is set out below:

2/6 209/284

Fuller,Sophie

06/29/2021 12:39:32



The Board has described its vision that underpin the way that services are provided and to support this, all employees must ensure that they carry out their roles with dedication and commitment to the Special Health Authority and its core values.

All staff must have the highest standards of corporate and personal conduct and behave in an exemplary manner based on the following seven principles:

Selflessness – Individuals should act solely in terms of the public interest. They should not do so in order to gain financial or other benefits for themselves, their family or friends;

Integrity – Individuals should not place themselves under any financial or other obligation to outside individuals or organisations that might seek to influence them in the performance of their official duties;

Objectivity – In carrying out public business, including making public appointments, awarding contracts, recommending individuals for rewards and benefits, choices should be made on merit;

Accountability – Individuals are accountable for their decisions and actions to the public and must submit themselves to whatever scrutiny is appropriate for their position;

Openness – Individuals should be as open as possible about all the decisions and actions they take. They should give reasons for their decisions and restrict information only when the wider public interest clearly demands it;

Honesty – Individuals have a duty to declare any private interests relating to their duties and to take steps to resolve any conflicts arising in a way that protects the public interest, and;

Leadership – Individuals should promote and support these principles by leadership and example.

To uphold these principles you must:-

- Ensure that the interests of patients and the public remain paramount; - Be impartial and honest in the conduct of your official business; - Use NHS resources to the best advantage of the service and the patients, always

seeking to ensure value for money; - Not abuse your official position for personal gain or to benefit your family or

friends; - Not seek advantage or to further private business or other interests in the course

of your official duties, and; - Not seek or knowingly accept, preferential rates or benefits in kind for private

transactions carried out with companies, with which they have had, or may have, official dealings on behalf of the SHA.

The Standards of Behaviour Framework Policy outlines the arrangements within the Special Health Authority to ensure that staff comply with these requirements, including recording and declaring potential conflicts of interest and handling of gifts, hospitality and sponsorship (even if these are declined). Further guidance is available via the Standards of Behaviour Policy on the intranet site.

3/6 210/284

Fuller,Sophie

06/29/2021 12:39:32




It is your responsibility to ensure that you are familiar with the requirements of the Policy and supporting guidance. The relevance of this information will vary depending on your role within the Special Health Authority and your interests outside of your employment.

In summary:-

DO:

Make sure that you are not in a position where your private interests and NHS duties may conflict.

Declare any relevant interests. These include:-

- Directorships, including Non-Executive Directorships held in private companies or PLCs.;

- Ownership or part-ownership, of private companies, businesses or consultancies likely or possibly seeking to do business with the Special Health Authority.

- A position of authority in a charity or voluntary body in the field of health and social care;

- A personal or departmental interest in any part of the pharmaceutical or healthcare associated industries that could be perceived as an influence on decision making or on the provision of advice to members of the team;

- Sponsorship or funding from a known NHS supplier or associated company/subsidiary;

- Employment where there could be a perceived or actual conflict with NHS duties. This includes the undertaking of private practice;

- Anything else that could cause a potential for conflict.

Remember that the need to declare an interest also includes those of your close family and possibly friends.

Seek your manager’s permission before taking any outside work, in accordance with employment terms and conditions.

Obtain your Directors permission before accepting any commercial sponsorship or hospitality;

Declare offers of gifts, hospitality or sponsorship using the appropriate form where required.

DO NOT:

▪ Accept any gifts from suppliers or commercial organisations unless they are of low value e.g. pens, diaries;

▪ Accept any gifts over the value of £25 from patients or their relatives, these should be politely declined;

▪ Accept any inappropriate hospitality or sponsorship from suppliers or commercial organisations;

▪ Abuse your position to obtain preferential rates for private deals; ▪ Unfairly advantage one competitor over another or show favouritism in your

dealings with commercial organisations; ▪ Use NHS resources for your own private use.

If you need any further guidance please contact the Board Secretary via email or [email protected]

4/6 211/284

Fuller,Sophie

06/29/2021 12:39:32





3.1 There are no matters for escalation.

4 RECOMMENDATIONThe Committee is being asked to:

Note the contents of the report and the DHCW declaration of interests captured to date (item 4.5i), and Note that no declarations of gifts, hospitality, sponsorship and honoraria were received in April or May 2021.

5 IMPACT ASSESSMENT





HEALTH CARE STANDARD Effective Care



No, (detail included below as to reasoning) Outcome: N/AStatement:No EQIA required..

STRATEGIC OBJECTIVE All Objectives apply


5/6 212/284

Fuller,Sophie

06/29/2021 12:39:32




APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEDHCW Board 1 April 2021 Standards of Behaviour Policy approved

IMPACT ASSESSMENT



Yes, please see detail belowLEGAL IMPLICATIONS/IMPACT The declarations of interests process ensures DHCW staff

adhere to the organisation’s statutory responsibilities.







6/6 213/284

Fuller,Sophie

06/29/2021 12:39:32


DECLARATIONS OF INTEREST REGISTER 21-22

ID Date Received Name Title Nature of Declaration

Relevant Dates from

Relevant Dates to Description of Declaration Comment

1 29/03/2021 Ruth Glazzard

Is-gadierydd Aelod Anibynnol Iechyd a Gofal Digidol Cymru/Vice Chair and Independent Member Digital Health and Care Wales Other 01/04/2021 31/03/2021

Partner is working for Hywel Dda in an informatics project delivery role. Paid

2 15/04/2021 Rhidian Hurle Cyfarwyddwr Clinigol / Prif Swyddog Gwybodaeth Clinigol/Medical Director I confirm a nil declaration;

3 15/04/2021 Chris Darling Ysgrifennydd Bwrdd/Board Secretary

Other position of authority not included in Directorships - A position of authority (i.e. Director, Chairman. Trustee etc.) in a charity or voluntary body in the field of health and social care; 01/05/2019 Ongoing

Chair, Tir a Mor St Brides Major Scouts Unit Unpaid

4 15/04/2021

Claire Osmundsen-Little

Cyfarwyddwr Cyllid a Sicrhau Busnes/Executive Director of Finance Digital Health and Care Wales I confirm a nil declaration;

5 16/04/2021 Helen Thomas Cyfarwyddwr Dros Dro Gwasanaeth Gwybodeg GIG Cymru/ Chief Executive Officer I confirm a nil declaration;

6 19/04/2021 Rowan Gardner

Aelod Anibynnol Iechyd a Gofal Digidol Cymru/ Independent Member Digital Health Care Wales

Directorships - Public or private appointments, employment or consultancies. Company directorship’s in private or limited companies; 05/03/2001 Ongoing

Personal Director of BioLauncher Ltd Paid

8 21/04/2021 Michelle Sell Prif Swyddog Gweithredu/Chief Operating Officer I confirm a nil declaration;

9 22/04/2021 David Selway Aelod Anibynnol Iechyd a Gofal Digidol Cymru/ Independent Member Digital Health Care Wales Other; 01/09/2019 Ongoing

Part time Management Consultant for Amey Consulting Ltd Paid

10 28/04/2021 Marian Wyn Jones


Other position of authority not included in Directorships - A position of authority (i.e. Director, Chairman. Trustee etc.) in a charity or voluntary body in the field of health and social care; Ongoing

Cadeirydd y Cyngor/ Chair of Council, Prifysgol Bangor University Paid

11 12/05/2021 Robert Noel Hudson

Cadeirydd Dros Dro Iechyd a Gofal Digidol Cymru/Interim Chair Digital Health and Care Wales

Directorships - Public or private appointments, employment or consultancies. Company directorship’s in private or limited companies;Other Ongoing

Hudson Coaching and Consultancy Ltd Paid

12 12/05/2021 Gary Bullock

Cyfarwyddwr Cymorth a Datblygu Cymwysiadau/Director of Application Development and Support I confirm a nil declaration;

13 14/05/2021 Rachael Powell Dirprwy Gyfarwyddwr Wybodaeth /Deputy Director of Information I confirm a nil declaration;

14 17/05/2021 Carwyn Lloyd-Jones

Cyfarwyddwr Technoleg Gwybodaeth a Chyfathrebu / Director of Information and Communications Technology

Directorships - Public or private appointments, employment or consultancies. Company directorship’s in private or limited companies Ongoing

Family own Arfordir Holdings Ltd.

Is not paid by company.

16 26/05/2021 Sophie Fuller

Rheolwr Llywodraethu Corfforaethol a Sicrwydd/Corporate Governance and Assurance Manager I confirm a nil declaration;

17 19/04/2021 Rowan Gardner


Interest in Companies and Securities - Substantial interest is ownership or part ownership, more than 1/100th (i.e. share) of private companies, businesses or consultancies ; 12/09/2013 Ongoing PrecisionLife Paid

19 21/04/2021 Sian Elin Doyle Aelod Anibynnol Iechyd a Gofal Digidol Cymru/ Independent Member Digital Health Care Wales

Directorships - Public or private appointments, employment or consultancies. Company directorship’s in private or limited companies 01/05/2021 Ongoing

Provision of consultancy advising a software company for research application in US and telecoms business in Wales Paid

1/3 214/284

Fuller,Sophie

06/29/2021 12:39:32




Other position of authority not included in Directorships - A position of authority (i.e. Director, Chairman. Trustee etc.) in a charity or voluntary body in the field of health and social care;

Aelod o Fwrdd/Board Member Canolfan Gerdd William Mathias, Ymddiriedolwr/ Trustee



Other position of authority not included in Directorships - A position of authority (i.e. Director, Chairman. Trustee etc.) in a charity or voluntary body in the field of health and social care;

Family member is a BBC Journalist Paid

22 12/05/2021 Robert Noel Hudson

Cadeirydd Dros Dro Iechyd a Gofal Digidol Cymru/Interim Chair Digital Health and Care Wales Other Ongoing

Visiting professor of University of South Wales Unpaid

23 23/05/2021 Grace Quantock


Directorships - Public or private appointments, employment or consultancies. Company directorship’s in private or limited companies 2016 Ongoing

Grace Quantock Trailblazing Wellness Ltd Paid




Board Member & Deputy Chair of Regulation and Standards – Social Care Wales Paid




Associate Non-executive Director - Wye Valley NHS Trust Paid




Wales Committee – Equality and Human Rights Commission Paid




Senior Independent Panel Member – Welsh Government Paid




Partner is a paid Director of Grace Quantock Trailblazing Wellness Ltd Paid



Interest in Companies and Securities - Substantial interest is ownership or part ownership, more than 1/100th (i.e. share) of private companies, businesses or consultancies ; 2016 Ongoing




Interest in Companies and Securities - Substantial interest is ownership or part ownership, more than 1/100th (i.e. share) of private companies, businesses or consultancies ; 2020 Ongoing





Spouse is Access to Elected Office Fund Wales Panel Member – Disability Wales Unpaid




Spouse is Independent Advisory Group Panel Member – South Wales Police Unpaid


Aelod Anibynnol Iechyd a Gofal Digidol Cymru/ Independent Member Digital Health Care Wales Other Ongoing

Spouse is Social Care Worker – Mirus Wales Paid



Brother is Social Care Worker – National Autism Society Paid



Brother-in-law is Social Care Manager – Pobl Paid

2/3 215/284

Fuller,Sophie

06/29/2021 12:39:32




Cousin is Social Worker – Caerphilly County Council Paid


Is-gadierydd Aelod Anibynnol Iechyd a Gofal Digidol Cymru/Vice Chair and Independent Member Digital Health and Care Wales


Non-executive director and Chair of Governance, Remuneration and Audit Committee – Coastal Housing Paid



Other position of authority not included in Directorships - Public or private appointments, employment or consultancies. Company directorship’s in private or limited companies 01/03/2020 Ongoing

Non-Executive Director at Greenstream Flooring CIC Unpaid



Other position of authority not included in Directorships - Public or private appointments, employment or consultancies. Company directorship’s in private or limited companies 01/04/2021 Ongoing

Member of the Independent Remuneration Panel for Wales Paid

3/3 216/284

Fuller,Sophie

06/29/2021 12:39:32

of 1

REGISTER FOR NWIS GIFTS, HOSPITALITY, SPONSORSHIP AND HONORARIA

DIGITAL HEALTH AND CARE WALES

April to May 2021

Date entered on Register

Name Designation or

Department

Division Provided by / From

Date Gift, Hospitality,

Honoraria or sponsorship

received/to be received

Details Value Type Was the activity/event undertaken in the individuals

own time, study leave or Trust

time?

For Honoraria

only

Authorised by

Date Accepted or

Declined

NIL ENTRIES

1/1 217/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.6





N/A





Recommendation

The Committee is being asked to:Note this report.

DIGITAL HEALTH AND CARE WALESESTATES COMPLIANCE REPORT

1/4 218/284

Fuller,Sophie

06/29/2021 12:39:32



Acronyms

DHCW Digital Health and Care Wales PPM Planned Preventative Maintenance


1.1 The Audit & Assurance Committee will, at each meeting, review the latest available Estates Compliance Report. This report covers performance as at end of May 2021.

DHCW have a robust programme of planned, preventative maintenance (PPM) and schedule of inspections that need to be undertaken across the entire DCHW estate. DHCW monitor, on a monthly basis, progress of actions arising as a result of various surveys and inspections, such as Fire, Legionella and Asbestos.


2.1 Estates Compliance

The Estates Compliance report (item 4.6i) details the statutory and mandatory compliance performance of systems and equipment within Digital Health and Care Wales (DHCW) premises, to confirm that they meet with legal requirements, and to safeguard DHCW employees.

Good progress has been made in May 2021, with overall compliance of plant systems and equipment now up to 94% (208 out of 221) against our target of 90%. This is a big increase from last month’s compliance rate of 72%, which was largely due to our new Media Point office, which is not yet fully occupied being included in the figures.

This means that as of the end of May 2021 we have 13 out of date items and 9 that require testing within one month, to prevent them from going out of date.

We have improved our overall compliance by conducting a large number of testing across all premises and liaising with our landlords to locate documentation. During Quarter 2 we plan to undertake additional testing at Media Point, which will help to improve overall compliance.

Planned preventative maintenance is currently at 97%. Actions resulting from legionella/fire risk assessments and asbestos surveys are 92% compliant.

We are looking at our long-term estates strategy and are working with agility during this period following Covid-19 to develop new ways of working.

2.2 Environment

DHCW acknowledge the potential impact that we may have on the environment due to the nature of our business practices; therefore, we are fully committed to reducing this impact across the scope of our operations and the services that we deliver. The Estates Compliance report (item 4.6i page 12 onwards) details how DHCW has performed against our goals to reduce water consumption and

2/4 219/284

Fuller,Sophie

06/29/2021 12:39:32



energy (gas and electricity) emissions and increase the amount of waste that we recycle as an organisation.

DHCW’s environment annual trend is positive. We continue to measure water, energy usage and waste disposal in order to reduce CO2 levels.

DHCW’s accumulative CO2 emissions from electricity usage, per m2, in 2020-21 has reduced compared to 2019-20, and significantly reduced even more significantly compared to 2018-19.

DHCW’s accumulative CO2 emissions from gas usage per m2 in 2020-21 has reduced slightly a comparison to 2019-20.

DHCW’s accumulative water consumption per m2 in 2020-21, reduced significantly in comparison to 2019-20.

99% of DHCW’s waste has been recycled, repurposed or reused

DHCW’s carbon footprint information can be seen on page 19 of the Estates Compliance report (item 4.6i).

We plan to review the structure and frequency of environment reporting.


3.1 There are no matters for escalation.

4 RECOMMENDATIONThe Committee is being asked to:NOTE this report and the detailed content included in the Estates Compliance report (item 4.6i)

5 IMPACT ASSESSMENT






3/4 220/284

Fuller,Sophie

06/29/2021 12:39:32







No, (detail included below as to reasoning) Outcome:Statement: The Estates Compliance Report does not require an EQIA.


IMPACT ASSESSMENT

Yes, please see detail belowQUALITY AND SAFETY IMPLICATIONS/IMPACT Health &Safety Incidents are contained in the report for

monitoring purposesYes, please see detail belowLEGAL

IMPLICATIONS/IMPACT Ensures compliance with legislation and good governance.



Yes, please see detail belowWORKFORCE IMPLICATION/IMPACT This activity is essential to ensure the health & safety of staff



4/4 221/284

Fuller,Sophie

06/29/2021 12:39:32

May 2021

1/19 222/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE

ESTATES COMPLIANCE REPORT

3

4

5

6

7

8

9

10

11

12-19

Executive Summary

Estates Compliance

KEY

Overall Compliance

Compliance Responsibility

Monthly Compliance Trend

Key Areas

Compliance Action Plan Overview

Planned Preventative Maintenance (PPM) Overview

Environmental Performance

CONTENTS

2

2/19 223/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE

Executive Summary

3

Estates ComplianceGood progress has been made in May 2021, with overall compliance now up to 94%. This is a big increase from last month’s compliance rate of 72%, which was largely due to our new Media Point office, which is not yet fully occupied being included in the figures.

We have improved our overall compliance by conducting a large number of testing across all premises and liaising with our landlords to locate documentation. During Quarter 2 we plan to undertake additional testing at Media Point, which will help to improve overall compliance.

Planned preventative maintenance is currently at 97%. Actions resulting from legionella/fire risk assessments and asbestos surveys are 92% compliant.

We are looking at our long term estates strategy and are working with agility during this period following Covid-19 to develop new ways of working.

EnvironmentOur Environment annual trend is positive. We continue to measure water, energy usage and waste disposal in order to reduce CO2 levels. We plan to review the structure and frequency of environment reporting.

3/19 224/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE

Estates Compliance

4

At DHCW, we are fully aware of our responsibilities for ensuring that the workplace is kept safe by compliance with legislation.

We have a robust programme of planned, preventative maintenance (PPM) and schedule of inspections that need to be undertaken across the entire Estate.

We monitor, on a monthly basis, progress of actions arising as a result of various surveys and inspections, such as Fire, Legionella and Asbestos.

4/19 225/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


KEYCompliance

GuidelinesRegulations

Green

Systems and equipment that are fully compliant

Red

Systems and equipment that are no longer compliant

Yellow

Systems and equipment that are due to be serviced in one month or less

5

Arrows denote:-Percentage is higher than previous monthPercentage is lower than previous monthPercentage is the same as the previous monthAll percentages include and totals added together.

This report details the statutory and mandatory compliance performance of systems and equipment within Digital Health and Care Wales (DHCW) premises, to confirm that they meet with legal requirements, and to safeguard DHCW employees.

Throughout this report compliance is measured by site, type of system or equipment and based on DHCW or Landlord responsibility.

5/19 226/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


OVERALL COMPLIANCE

Number of System & Equipment that Require Testing.

Serviced Service Due Out of Date0

50

100

150

200

250

199

9 13

Serviced Service Due Out of Date

This Month Last Month

94% 72%

6

Overall Compliance of plant systems and equipment has seen a significant increase from 72% last month to 94% this month against our target of 90%.

This means that as of the end of May 2021 we have 13 out of date items and 9 that require testing within one month, to prevent them from going out of date.

6/19 227/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


COMPLIANCE RESPONSIBILITY

Bocam Technium 2 Tŷ Glan-yr-Afon Mamhilad Media Point Technium 2 Castlebridge 2 Tŷ Glan-yr-Afon Mamhilad

1 2 1 2 7 1 5 1 2

SERVICED87%

SERVICE DUE

OUT OF DATE

92%

Landlord Compliance Responsibility DHCW Compliance Responsibility

7%

0%

7

6%


94% 84%


94% 73%

2%

6%

The above chart shows a breakdown per site of the 9 service due and 13 out of date compliance items. We are arranging testing for the 9 service due items. In regards to the out of date services, Media Point which is a newly occupied site has the most outstanding tests to be completed, therefore we will prioritise this site.

Through increased testing we have vastly improved DHCW compliance responsibility by 21%.

We have liaised with our Landlords in order to locate compliance documentation, which has seen a 10% upturn in Landlord Compliance.

7/19 228/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


MONTHLY COMPLIANCE TREND

JAN FEB MAR APR MAY0

10

20

30

40

50

60

70

80

90

100

CompliantDEC -NOV -OCT -SEP -AUG -JUL -JUN -MAY 94%APR 72%MAR 85%FEB 89%JAN 89%


94% 72%

This line denotes the

minimum % compliance

requirement of 90%

8

The chart shows the trend in compliance in April is reduced reflecting the annual requirements of many of our tests, as well as being the first month that we incorporated our new site Media Point in to our compliance data.

8/19 229/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE

91%

9%

89%

11%


KEY AREAS

78%

22%

Last Month

82%

Last Month

82%

Last Month

93%

Asbestos Compliance Percentage Legionella Compliance Percentage Fire Risk Assessment Compliance Percentage

ComplianceCompliance due / awaiting

confirmationNon Compliance

Media Point(DHCW)

9

Mamhilad (Landlords)

Ty Glan-yr-Afon (DHCW) Mamhilad (DHCW)

The graphs show the compliance percentage of Asbestos Surveys and Legionella and Fire risk assessments. Asbestos Surveys at our Mamhilad and Ty Glan-yr-Afon sites have been completed, we are awaiting the certificates. The Media Point Legionella Risk assessment has been arranged and we have contacted our Landlord at Mamhilad to inform them that the Fire Risk assessment is due within one month.

9/19 230/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


Compliance Action Plan Overview

Compliance Category Compliance Subcategory ReferenceNumber of Actions across DHCW by Priority

High Medium Low

Fire Fire Risk Assessment FR2018.1 0 0 0 0 19 7 4 0 40 9 1 0

Water Legionella RiskAssessment LR2018.1 11 2 2 0 3 0 4 0 1 0 0 0

Asbestos Asbestos RiskAssessment AR2018.1 0 0 0 0 4 0 0 0 24 0 0 0

Compliance Criteria Overall Compliance

Green – Action complete 78%

Yellow – Action on target to be completed by agreed date 14%

Orange – Action not on target for completion by agreed date 8%

Red – Implementation passed management action not complete 0%

10


92% 88%

A number of actions have been completed recently raising the percentage from 88% to 92%. Eleven actions are past there agreed completion date, we will review these actions in the next quarter. 102 actions are complete and no actions have turned red.

10/19 231/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


PLANNED PREVENTATIVE MAINTENANCE (PPM) OVERVIEW

Tŷ Glan-Yr-Afon % Complete

Total Inspections 21099%

Total Complete 209

Bocam % Complete


Total Complete 126

Mamhilad % Complete


Total Complete 75

Media Point % Complete

Total Inspections 0N/A

Total Complete 0

Technium 2 % Complete


Total Complete 62

DHCW – 2021 % Complete


Total Complete 458

11


97% 97%

Castlebridge 2 % Complete


Total Complete 120Compliance Criteria

Green – PPM 90% and above compliant

Yellow – PPM 80% - 89% compliant

Red – PPM 79% compliant and below

Routine testing has been completed as planned and is currently at 97%, which is no change from last month. The majority of DHCW sites are 99% or above compliant. Routine testing at Media Point (our new site) has not yet begun.

11/19 232/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE

Environmental Performance

12

At DHCW, we acknowledge the potential impact that we may have on the environment due to the nature of our business practices; therefore, we are fully committed to reducing this impact across the scope of our operations and the services that we deliver.

This report details how DHCW has performed against our goals to reduce water consumption and energy (gas and electricity) emissions, and increase the amount of waste that we recycle as an organisation.

IT waste and other emission reporting categories performance is also communicated.

12/19 233/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


ELECTRICITY FIGURES QTR 1-4*

Total Electricity Accumulative CO2 Emissions per m2

The graph shows DHCW’s accumulative CO2 emissions, from electricity usage, per

m2, in 2020-21 as well as a comparison to 2019-20.

From the data we can see –

• 46% reduction in 2020-21 compared to 2019-20

• 83% reduction in 2020-21 compared to the baseline year (2017-18)

13

Electricity emissions target: 9% reduction against 2017/18 baseline year

CO2e

m2

2017 - 2018 2018 - 2019 2019 - 2020 2020 - 20210,000

0,010

0,020

0,030

0,040

0,050

0,060

0,070

0,080

0,090

0,076

0,064

0,024

0,013

13/19 234/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


GAS FIGURES QTR 1-4*Total Gas Accumulative CO2 Emissions per m2

The graph shows DHCW’s accumulative CO2 emissions, from gas

usage per m2 in 2020-21, as well as a comparison to 2019-20.

From the data we can see -


• 13% increase in 2020-21 compared to the baseline year (2017-18)

14

Gas emissions target: 9% reduction against 2017/18 baseline year

CO2e

m2

2017 - 2018 2018 - 2019 2019 - 2020 2020 - 20210,0000

0,0020

0,0040

0,0060

0,0080

0,0100

0,0120

0,0140

0,0160

0,0180

0,0200

0,01170,0110

0,01380,0132

14/19 235/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


WATER FIGURES QTR 1-4*

Water Accumulative Consumption Per m2

The graph shows DHCW’s accumulative water consumption per m2 in

2020-21, as well as a comparison to 2019-20.

From the data we can see –


• 54% reduction against the baseline year (2017-18)

15

Water consumption target: 12% reduction against 2017/18 baseline year

Wat

er m

3

2017 - 2018 2018 - 2019 2019 - 2020 2020 - 20210,00

0,10

0,20

0,30

0,40

0,50

0,60

0,70

0,80

0,90

1,00

0,760,79

0,84

0,35

15/19 236/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE

Recyclable waste target: 68%

was

te P

rodu

ced

(Ton

nes/

m2)

General Waste Landfill Weight (Tonnes/m2) All Recyclable Waste Weight (Tonnes/m2)0,00000

0,00100

0,00200

0,00300

0,00400

0,00500

0,00600

0,00000

0,00552


WASTE FIGURES QTR 1-4*The graph shows the accumulative recyclable waste weight (tonnes) per

m2 in 2020-21, as well as a comparison to general waste weight

(tonnes) per m2 in 2020-21. From the data we can see that 99% of

DHCW’s waste has been recycled, repurposed or reused.

16

99%

*Please note: Due to the nature of our tenancy agreements and waste contracts, it is possible that a small amount of waste may have been sent to landfill. This potential amount has been accounted for in this graph

16/19 237/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


IT WASTE FIGURES

DHCW IT Waste Produced

The table shows the total number of IT equipment units that

have been recycled, repurposed or reused, during 2020/21.

17

Type Units Collected

Battery 1Boxes of cables, chargers,adapters 2

Docking port 39

Fax 3

HDD Destroy 12

Laptops 340

Mixed Cables 1

Mixed WEEE 54

Mobile phones 63

Monitors (CRT) 3

Monitors (flat screen) 375

Networking gear, switches, hubs 59

Other 23

Overhead projectors 4

PC's 1372

Printers - free standing 149

Scanners 12

Servers 28TV's 2UPS 12Grand Total 2554

Total Units:2,554

17/19 238/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE


ADDITIONAL EMISSION

REPORTING CATEGORIES

Fleet Vehicles Business Mileage

F-Gas EV Charging (Staff)

EV Charging (CS Van)

0,00

5,00

10,00

15,00

20,00

-5,00

19,04

5,32

0 -0,095 -0,197

Tonnes of CO2 Emissions during 2020/21

The graph shows Fleet Vehicle, Business Mileage and F-Gas emissions

(MtCO2e) data, as well as EV Charging emissions offsetting data, which

is enabled by the Electric Vehicle (EV) charging points located at our

Tŷ Glan-yr-Afon and Media Point sites.

18

18/19 239/284

Fuller,Sophie

06/29/2021 12:39:32

NHS WALES. PAGE

CARBON FOOTPRINT

19

DHCW total carbon footprint 2020-21:186.652 MtCO2e

DHCW total carbon footprint per m2:0.029 MtCO2e

DHCW total carbon footprint per person:0.243 MtCO2e

Performance Vs. 2019 – 2020:

-26% Reduction

Carbon Emissions (MtCO2e)

0,000 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000 90,000-10,000

Electricity

Gas

Water Supply

Water Treatment

General Waste Landfill

General Waste WtE

Recycling

WEEE Recycled

Business Mileage

Fleet Vehicles

F-Gas

EV Charging (Staff)

EV Charging (CS Van)

78,383

80,840

0,734

1,893

0,000

0,196

0,238

0,307

5,318

19,035

0,000

-0.095

-0,197

Carbon Footprint Emissions Breakdown 2020-2021 YTD

40.97%

44.08%

0.39%

1.01%

0.11%

0.13%

0.17%

2.87%

10.28%

Carbon Footprint Type Percentage Breakdown 2020-2021 YTD

Electricity

Gas

Water Supply

Water Treatment

General Waste Landfill

General Waste WtE

Recycling

WEEE Recycled

Business Mileage

Fleet Vehicles

F-Gas

19/19 240/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.7


Date of Meeting 11 May 2021



N/A

Executive Sponsor Claire Osmundsen-Little, Director of Finance & Business Assurance

Prepared By Konrad Kujawinski, Head of Quality & Regulatory Compliance

Presented By Konrad Kujawinski, Head of Quality & Regulatory Compliance


Recommendation

The Committee is being asked to:Approve the plan.

DIGITAL HEALTH AND CARE WALESQUALITY & REGULATORY ANNUAL PLAN

1/16 241/284

Fuller,Sophie

06/29/2021 12:39:32

2 | P a g e

Acronyms

DHCW Digital Health and Care Wales NWIS NHS Wales Informatics ServiceeQMS Electronic Quality Management

SystemPDCA Plan Do Check Act

WELL-BEING OF FUTURE GENERATIONS ACT A healthier WalesIf more than one standard applies, please list below:


If more than one standard applies, please list below:ISO 14001ISO 20000ISO 27001BS 76000/76005ISO 13485BS 10008Service Desk Certification


If more than one standard applies, please list below:Safe Care


No, (detail included below as to reasoning) Outcome: N/AStatement: EQIA not required for this Plan

STRATEGIC OBJECTIVE All Objectives Apply


2/16 242/284

Fuller,Sophie

06/29/2021 12:39:32

3 | P a g e

IMPACT ASSESSMENT

Yes, please see detail belowQUALITY AND SAFETY IMPLICATIONS/IMPACT The Plan will complement the delivery of high quality safe

services

Yes, please see detail belowLEGAL IMPLICATIONS/IMPACT The Quality Standards require regular legislative review which

is documented and subject to audit



Yes, please see detail belowWORKFORCE IMPLICATION/IMPACT The establishment of a Quality & Regulatory Team to support

the activity in the plan



3/16 243/284

Fuller,Sophie

06/29/2021 12:39:32

https://gov.wales/socio-economic-duty-overview#:~:text=The%20overall%20aim%20of%20the%20duty%20is%20to%20deliver%20better,that%20those%20taking%20strategic%20decisions:&text=drive%20a%20change%20in%20the,way%20that%20decision%20makers%20operate

TABLE OF CONTENTS

1 Outline .........................................................................................................................................5

2 Background .................................................................................................................................5

2.1 Delivering High Quality Digital Services. .............................................................................7

3 Roles & Objectives ......................................................................................................................8

3.1 Internal Audit Schedule to support Standards: ..................................................................11

4 The New Face of Quality & Regulatory Moving Forward ..........................................................12

4.1 Regulatory role ..................................................................................................................12

4.2 How we are going to achieve these:..................................................................................13

4.3 The Quality Role ................................................................................................................14

4.4 How we are going to achieve these:..................................................................................14

5 The Quality and Regulatory Management Governance framework ..........................................15

6 Summary ...................................................................................................................................16

7 Areas for Improvements ............................................................................................................16

4/16 244/284

Fuller,Sophie

06/29/2021 12:39:32

5 | P a g e

1 OutlineThe purpose of this document is to give an overview of the Annual Plan 2021/21 for the Quality and Regulatory function in Digital Health and Care Wales (DHCW). The background describes the legal requirements of Quality and candor in health and Social care and the link to the central thread of the DHCW strategy. It defines the refreshed approach to Quality and Regulation, the plan, and priorities for 2021/22 including the scheduled audit Programme and governance arrangements and finally highlights areas of risk and opportunities for consideration.

2 BackgroundDHCW is required to comply with the duties of quality and candor in the Health and Social Care (Quality and Engagement) (Wales) Act 2020 set out by the Welsh Government. Whilst quality has always featured in the NWIS Organisation DHCW has repositioned quality and regulation as a fundamental contributor to its future strategy. To re-enforce this position, it has as part of the new Organisation established a Quality and Regulation Team reporting to the Finance and Business Assurance Director. Quality is the responsibility of every employee within DHCW however, in defining quality we attempted to qualify this through the application of relevant Internationally recognised Quality Standards. DHCW wants to be at the forefront of regulatory development and compliance which is particularly important in relation to the medical devices.

Previously NWIS and now DHCW has evidenced being a committed Quality organisation by statement through compliance with internationally recognised standards. Through the integrated management system approach, we have also identified what we need to work towards. We have been supported by a number of Quality groups these include: Quality Management Board, Integrated Management Systems Group alongside these have been a number of groups that govern processes including the Wales Informatics Assurance Group, Operational Service Group and Operational Change Group. Moving forward and to support the new Special Health Authority these groups will continue to support but with the added functionality of bringing a higher level of Quality and Regulatory support and visibility via the introduction of the new Audit and Assurance Committee.

5/16 245/284

Fuller,Sophie

06/29/2021 12:39:32

The new Board structure to support Quality and Regulatory is outlined below:

6/16 246/284

Fuller,Sophie

06/29/2021 12:39:32

Our Quality and Regulatory activities relate directly to the following Strategic objective:

2.1 Delivering High Quality Digital Services.

Quality is at the heart of all we do and from the strategic objectives we have identified key International Standards that support quality definition and direction by:

Controls – through the Quality and Regulatory Group and part of the Audit and Assurance Committee.

Planning - Annual Quality and Regulatory Plan and improvements and integrated across the Directorates and supported by the internal audit programme.

Improvements – The organisation has a strong culture of organisational learning and improvement.

As a digital organisation our key assets are our workforce skills and capability are reflected in our practices. We were the first organization in the UK to achieve certification against the BS 76000, the British Standard for Valuing People. This accreditation demonstrates our commitment to people practices that are principled, relevant and developmental. BS76000 is a standard that requires clear understanding of the purpose of and vision for our business, thoughtful execution and a commitment to excellence via continuous learning and development. This standard is all about our staff and developing the organization to be the best it can be, through reflection, recognition, appreciation and improvement of people practices. Achieving the certification has meant that this is now demonstrable to internal, external and prospective stakeholders.

Being confident in the quality of the cyber security is reflected in compliance ISO 27001, Providing the right quality services as part of ISO 20000 and finally, the right support envelops by the adoption of Service Management, environment and management. The service desk quality is underpinned by the work with the Service Desk Institute. All of our standards have been carefully chosen for their applicability to our requirements.

Our internal Quality Framework supports and maintains certification to the following International Standards:

ISO 9001:2008 Quality Management Systems ISO 14001:2004 Environmental Management Systems ISO 20000-1:2011 IT Service Management Systems ISO 27001:2013 Information Security Management Systems BS 76000:2015 Valuing People Standard Service Desk Institute Regulatory focus will develop internal processes, systems and standards to enable

compliance with medical devices and other future regulatory developments.

As part of the plan in 2021/22 we would look and validate the fit with the quality standards and the refresh digital strategy.

7/16 247/284

Fuller,Sophie

06/29/2021 12:39:32

8 | P a g e

It is the intention for DHCW to adopt the principles around the Duty of Quality Health and Social Care (Quality and Engagement) (Wales) Act 2020 which was passed by the Senedd on 17 March 2020 and received Royal Assent in June 2020.

The duty of quality intends to unlock the potential of NHS bodies to demonstrate that quality is at the heart of all they do. It also applies to Welsh Ministers, in relation to their health-related functions.

The new duty requires NHS bodies to exercise their functions with a view to securing improvement in the quality of health services, and outcomes for their populations. Importantly, it applies equally to clinical and non-clinical services.

The duty will focus on the 6 domains of quality: Safe Effective Person-centered Timely Efficient Equitable

Objectives will be considered with these domains to be productive in driving the organisation forward.

3 Roles & ObjectivesThe Quality and Regulatory statement of requirements for objectives can be split and defined into five main areas of focus for activity and improvements these all support the high-level strategic objective and are defined below:

Ensure that QUALITY MANAGEMENT SYSTEMS support the organisation from a Quality and Regulatory perspective

Ensure MANAGEMENT RESPONSIBILITY and Commitment is Evident throughout the Organisation

Ensure that RESOURCE MANAGEMENT is in place to meet the Organisations Requirements for Quality and Regulatory

Provide Quality and Regulatory support to enable PRODUCT REALISATION

Ensure that robust mechanisms are in place to enable MEASUREMENT, ANALYSIS AND IMPROVEMENT

In order to achieve these requirements a number of activities have been generated and are measurable/ accountable and monitored via a planner board system. The key activities are outlined below to support these:

High level Requirement Activity to support Impacted areaImplementation of Quality strategy to support for the Organisations requirements and systems

QualityQUALITY MANAGEMENT SYSTEMS

Implement an Electronic Quality Management Quality

8/16 248/284

Fuller,Sophie

06/29/2021 12:39:32

9 | P a g e

System (eQMS) which will support the OrganisationDevelop a regulatory and compliance framework to support monitoring and changes in legislation and standards

Regulatory

*Embedding standards and defining External / Internal Audit programme to support to ensure compliance

Regulatory

Management commitment with a clear, defined process where evidence can be obtained efficientlyManagement Review- Ensure a new process is generated in-line with Organisational change and standard requirements

Quality

Quality

MANAGEMENT RESPONSIBILITY

Develop a regulatory and compliance framework to support monitoring and changes in legislation and standards and escalation process to Management

Regulatory

Planning and Objectives captured and resourced Quality RESOURCE MANAGEMENT

New Regulatory governance structure to support organisation

Regulatory

PRODUCT REALISATION Generate a process for supporting end to end product lifecycle and release. Including: Categorization, SubmissionRelease and CE marking all to MDD/MDR

Quality & Regulatory

Working on process for monitoring improvements within planner

Quality

Increased trending, monitoring and trending on QMS

Quality

MEASUREMENT, ANALYSIS AND IMPROVEMENT

New quality portal help locate and evidence Quality

The compliance with the quality standard will be audited during the year on scheduled external audit dates. Each of the standards has a lead and an internal audit Programme to validate adoption. A summary of this Programme for the forthcoming year is scheduled below

External Audit Schedule to support Standards is outlined below:

DHCW Standard Leads Summary of Clauses Covered Schedule

Dates

Quality (ISO9001)

Konrad Kujawinski

Context of the Organisation: Leadership: Planning: Support: Operation: Performance Evaluation:

Continual Improvement

25th February ‘21August ‘21January ‘22

May ‘22

9/16 249/284

Fuller,Sophie

06/29/2021 12:39:32

10 | P a g e

Service Management

(ISO20000)

Rob Ludman/Theresa

Keating

SM Policy and Plan : Document Management and Control : Resource Management : Service

Improvement (PDCA) : Service Transition : Service Reporting and Service Level Management :

Capacity Management : Information Security Management : Service Continuity : Availability :

Incident Management : Service Request Management : Problem Management :

Configuration Management : Change Management : Release & Deployment Management : Budgeting

& Accounting Management : Relationship Management : Supplier Management

24th & 25th June ‘21

November ‘21May ‘22

Information Security

(ISO27001)Andy Shanahan

ISMS Policy and Plan : Organisation of Information Security : Human resource security : Asset

Management : Access Control : Cryptography : Physical and environmental security : Operations

Security : Communications Security : System acquisition, development and maintenance : Supplier relationships : Information security incident management : Information security aspects of business continuity management :

Compliance

November ‘21November ‘22

Valuing People,

Diversity & Inclusion

(BS76000 / 76005)

Vicki Harris

Context of the Organisation: Leadership: Planning: Support: Support mechanisms: Staying

in/continuing the relationship: Getting in/starting the relationship: Operation: Performance

Evaluation: Improvement

19th & 21st October ‘21

Environmental Management

(ISO14001)Michael McGrath

Environmental Strategy : IMS Policy (Inc Environmental Statement) : Environmental

Management SOP : Environmental Aspects Register : Legislation Register : Environmental Objectives

and Targets : Training : Awareness (Control of Contractors) : Communication : Monitoring and

Measuring : Documented Information : Emergency Preparedness and Response : Internal Audit (SHE

Inspections) : Management Review : Non Conformity and Corrective Action (SHE Action

Plans)

19th February ‘21August ‘21January ‘22

May ‘22

Software Development

(DHCW standards)

Geoff Norton

Requirements gathering, analysis and specifications: Planning, estimation, and work item

tracking: Source control: Software design and maintainability: Coding standards: Code reuse:

Observing the 'Definition of Done’: Deployment: Governance of Technologies

To Be Scheduled

Service DeskInstitute

CertificateBryan Thomas

Leadership: Policy and Strategy: People Management: Resources: Processes and

Procedures: Managing Employee Satisfaction: Managing the Customer Experience: Management

Information and Performance Results: Social Responsibility

November ‘21

10/16 250/284

Fuller,Sophie

06/29/2021 12:39:32

11 | P a g e

GAMP Paul Evans Working towards

Infra Tech Assurance Mo Amin

Design: Topology: Current v Future: Management: Documentation: Resources (finance): Resources

(human): Resources (skills and capabilities)Working towards

Digital Economy Act / Trusted Third

Party

Trevor Hughes

DEA Research Code of Practice : DEA Research Code of Practice : DEA Research Code of Practice

policies : Information security policies : Organisation of information security : Human

resource security : Asset management : Access control : Cryptography : Physical and

environmental security : Operations security : Communications security : System acquisition,

development and maintenance : Supplier relationships : Information security incident

management : Information security aspects of business continuity management : Compliance :

Research Governance : Human resource skills and competencies

To Be Scheduled

Medical Device

Directive (ISO13485)

Konrad Kujawinski

Quality Management System: Management Responsibility: Resource Management: Product

Realisation: Measurement, analysis and improvement

Working towards

Information Management

(BS10008)

Darren Reynolds/ Siân Howson

Information Capture: Information in Structured Databases: Version Control: Storage Systems:

Information Transfer: Indexing and Other Metadata: Authenticated Output Procedures:

Identity: Information Retention and Disposition: System Maintenance: Information Management

Testing: Information Stewardship

To Be Scheduled

Business Continuity (ISO22301)

Keith ReevesContext of the Organisation: Leadership: Planning:

Support: Operation: Performance Evaluation: Improvement

Working towards

Digital Accessibility TBC

Organisation maturity assessment: Service Assessment (Management elements): Service

Assessment (Technical against WCAG 2.1)Working towards

Microsoft 365 Compliance TBC

Protect Information: Govern Information: Control Access: Manage Devices: Protect against threats:

Discover and respond: Manage internal risksWorking towards

3.1 Internal Audit Schedule to support Standards:

The Quality and Regulatory group is working on improving our compliance by embedding standards and developing a stronger network of internal auditors developed through training and compliance maintenance. DHCW needs to commit to in excess of 150 internal audits to be compliant with our current standards requirements. These will happen over an 18month cycle. These audits need to be carried out to ensure the strong level of compliance and standards are maintained.

11/16 251/284

Fuller,Sophie

06/29/2021 12:39:32

12 | P a g e

4 The New Face of Quality & Regulatory Moving Forward

DHCW plans to be a Trusted Quality driven organisation and Regulatory leader/advisor. An organisation that is underpinned by internationally recognised quality standards delivered through a defined structure with clear responsibility, ownership and delivery. Moving forward to the SHA, DHCW want to show our commitment to being the pioneers for NHS Wales and be at the forefront of best practice to give confidence to all that we are delivering a high-quality product and service.

DHCW have recognised the need for additional improvements in Quality and to develop their Regulatory strategy. Alongside this it also acknowledges the requirements of the Medicines & Healthcare products Regulatory Authority (MHRA) who announced that software has to be classified as a medical device with submitted evidence needed. It was apparent that the current Quality arrangements would not be sufficient to establish the regime required to meet the regulations and a strategy and structure which will support the organisation moving forward is shown below:

The above covers the main roles needed to support the Regulatory and Quality side of the Organisation. Below is a definition of the expectations of those areas for delivery purposes:

4.1 Regulatory role

The software, applications, data and ICT we provide are now, or will be, subject to multiple regulations for ensuring quality, safety and efficacy. The regulatory role in an organisation is responsible for

12/16 252/284

Fuller,Sophie

06/29/2021 12:39:32

13 | P a g e

understanding which regulations impact products and services, ensuring compliance and maintaining all records, documents and artefacts that are required to evidence compliance.

The essential aspects of the role for DHCW are:

To horizon scan and ensure DHCW is at the forefront of relevant legislation, guidelines and best practice.

To fully understand all services in the DHCW portfolio and that are subject to regulations and require governance (not only Medical Devices).

Provide assurance that all relevant portfolio services comply with current regulations. Advise on the legal restraints and requirements, and collect, collate, and evaluate the

changes to regulations whilst monitoring the use and identifying issues associated with relevant portfolio products.

Review data that may impact on Digital. Formulate regulatory strategy for all appropriate and relevant mandated regulatory

submissions to regulatory bodies. Determine the standard of evidence required in the form of documents, artefacts and

records (Design History File (DHF)) for submission to the regulator. Coordinate, prepare and review the appropriate DHF and submit them to regulatory

authorities. Oversee the change control of the software lifecycle for compliance to standards and the

submissions. Maintain the register of and manage the progress of submissions. Develop and maintain a good working relationship with the regulators and respond to their

queries in a timely fashion. Develop and deliver training on current regulatory requirements. Manage audit and compliance reports, regulatory and partner inspections and manage any

subsequent corrective actions.

4.2 How we are going to achieve these:

Fundamental to this is getting the right resource and responsibilities clear and allocated. Timeline: Q1

Developing a regulatory and compliance framework to support monitoring and changes in legislation and standards with a process where this is reviewed and any changes driven into the organisation.Timeline: Q1

Working on improving our compliance by embedding standards and defining External / Internal Audit programme to support to organisational needs. Timeline: Q1/Q2

Generate a process for supporting end to end product lifecycle and release. Including: Categorisation, Submission, Release and CE marking all to MDD/MDR Having a defined structure and process for capturing all the activity in place including a Design history file and being able to release software in a safer, more efficient compliant way. Timeline: Q4

New Regulatory governance structure to support organisation by working with standard leads as an interface to improve communication and compliance. Timeline: Q1

13/16 253/284

Fuller,Sophie

06/29/2021 12:39:32

14 | P a g e

4.3 The Quality Role

The role of Quality in DHCW should involve the act of management and overseeing different activities and tasks to ensure that products and services offered, as well as the means used to provide them, are consistent. It helps to achieve and maintain a desired level of output and control.

Quality consists of three key components:

Quality Planning – The process of identifying the quality standards for the product or service and deciding how to meet them.

Quality Improvement – The purposeful change of a process to improve the confidence or reliability of the outcome.

Quality Control – The continuing effort to uphold a process’s integrity and reliability in achieving an outcome.

The aim of quality management is to ensure resources integrate and work together to improve DHCW’s processes, products, services, and culture to achieve the long-term success that lead to stakeholder satisfaction.

The process of quality management involves a collection of guidelines that are developed by a team to ensure that the products and services that they produce are of the right standards or fit for a specified purpose.

4.4 How we are going to achieve these:

There are a number of improvements around quality and will be supported by the growth of the quality team these will enable us to strengthen our Quality Management Systems and have a more robust working environment by:

Implement an Electronic Quality Management System (eQMS) which will support the Organisation. This will have major benefits and impact on the organisation. The roll out of this is happening and on-boarding of departments is underway. The system starts with documentation module implementation and then rolling out all other aspects of the management system in module order. All managed and coordinated by a central team. Timeline: Q1 (module dependency)

Increased analysis, monitoring and trending on QMS with improvement projects as a result of root cause analysis. Timeline: Q1 Define Q3 Feedback

New quality and regulatory portal help improve the visibility of quality in the organisation and make information easier to locate. Timeline: Q1

Defining a process for monitoring improvements within planner. Timeline: Q1/Q2

14/16 254/284

Fuller,Sophie

06/29/2021 12:39:32

15 | P a g e

Working with requirements of standard and Executives to define a clearer model for measurements and dashboard reporting. Timeline: Q2

Key activities and developments on an annual Plan and in planning tools to track and trace. Timeline: Q1

5 The Quality and Regulatory Management Governance framework

The Governance and reporting of progress are reported via the Quality and Regulatory Group. The Quality and Regulatory compliance will be integrated into each Directorate internally through a number of processes. This reporting feeds into the Audit and Assurance Committee for governance and into the Management Board for operational performance. Both of these then feed into the DHCW Board. Contributing to the function of the Quality and Regulatory group are three main areas. The Integrated Management Systems group which hosts the standard leads and implementation. The Welsh Informatics Assurance Group (WIAG) which gives assurance on product conformance and the Medical Devices Action Group which looks at implementation of the new directive. Completion of the quality actions will be reviewed at the monthly Quality and Regulatory Meeting and escalations and outcomes will be fed into the Performance report to the management committee and ultimately the Board.

15/16 255/284

Fuller,Sophie

06/29/2021 12:39:32

16 | P a g e

6 Summary

DHCW will be a source of quality management and regulatory compliance guidance to ensure that digital solutions and services used across the Health and Care Sector in Wales are of the necessary regulatory quality in order to provide safety for patients and professionals, ensuring patient information is treated with the appropriate governance. DHCW will build on existing expertise supporting and advising regulatory quality and governance arrangements to digital solutions and services across the Health and Care sector in Wales. It will:

Support the continual improvement, monitoring and evaluation of the quality, information assurance and information governance arrangements in digital Health and Care services across Wales.

Provide advice and support services in terms of interpretation and application of digital services guidance, policies and standards.

Quality assure the processes adopted within NHS organizations in relation to quality, assurance and governance arrangements in digital solutions, when requested by Welsh Government or Health Bodies.

Work with individual NHS organizations to ensure that quality, assurance and governance arrangements are clearly articulated in IMTPs, when requested by Welsh Government or Health Bodies.

Ensure that digital services deployed and developed by DHCW meet the minimum standards for strategic, architectural and technical fit, as set by the CDO.

Ensure regulatory compliance and patient safety of digital Health and Care services hosted, deployed and developed by DHCW by working with regulators, the CDO and their relevant officials.

The new structure that supports all of the above it will bring harmonization of approach to quality management and compliance across all the DHCW. This will ensure that all integration and software release is monitored, and all their required standards are being maintained centrally.

7 Areas for Improvements

The following are areas identified during the development of the plan which are potential improvement areas:

Internal audit programme support – To further strengthen our internal audit programme with improved numbers of trained auditors against a revised streamlined internal audit schedule.

Recruitment to key positions – Work alongside the DHCW workforce task force to add pace and recruit the most competent skillset for the specialised roles.

Regulation identification – DHCW intends to define its regulatory position and to horizon scan and ensure DHCW is at the forefront of relevant legislation, guidelines, and best practice.

Quality integration and adoption – The importance and priority of quality as part of the new organisational culture and to create and promote a quality culture.

16/16 256/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.8





N/A

Executive Sponsor Claire Osmundsen-Little, Executive Finance Director

Prepared By Konrad Kujawinski, Head of Quality and Regulation

Presented By Konrad Kujawinski, Head of Quality and Regulation


Recommendation

The Committee is being asked to:Note the content of this report.

DIGITAL HEALTH AND CARE WALESQUALITY AND REGULATORY UPDATE REPORT

1/5 257/284

Fuller,Sophie

06/29/2021 12:39:32

Quality and Regulatory Update Report Page 2 of 5 Author: Konrad Kujawinski


Acronyms

DHCW Digital Health and Care Wales QIAL Quality Improvement Action ListKPI Key Performance Indicators ISO International Organization for

StandardisationeQMS electronic Quality Management

SystemLR Lloyd Register

NWIS NHS Wales Informatics Service IMS Integrated Management Systems

1 SITUATION

1. There were no external International Organisation for Standardisation (ISO) quality audits in the month of April or May and no notable changes in regulation. The Monthly Quality and Regulation meeting was held on 2nd June and observations / risks noted below. The next meetings of the Quality and Regulatory Group meeting is scheduled for 7th July.

2. The Quality and Regulatory Team is now live with all but one position filled and progress and work in line with the plan and objectives is on track. This team will increase the visibility of Quality and Regulatory across the organisation and strengthen compliance with a view to meeting the requirements of the Medical Device Directive.

3. The certifications are being updated in conjunction with the Lloyd Register (LR) and there will be subsequently a change audit planned for later in the year.

4. The roll out and on-boarding of the electronic Quality Management System (eQMS) known as the iPassport is underway with the focus on document module and developing particular key modules within the system and bringing the departments online on a needs basis.


2.1 Following recent audits; ISO 14001 Environmental Standard and ISO 9001 Quality Management System Standard and 9001 Quality Management. The Auditor identified 1 major and 3 minor non-conformities and work is now progressing on all of these.

2.2 Internal audits compliance has not been a strength across all the standards, impacted by the additional significant Covid-19 related activities in key areas. As a result of this and in-line with the new Quality and Regulatory structure we have recruited a specialist resource to come and support the organisation in developing, training and roll out of internal audit programme. This resource has now been interviewed and offer in place with a view to establishing a start date by the end of July. Work has already started on defining a compliant schedule that will cover all

2/5 258/284

Fuller,Sophie

06/29/2021 12:39:32



aspects of all the standards we maintain. Some internal audits have been undertaken across the organisation.

2.3 Evidence of the review of the legislation register is now under way with review at the IMS group and Quality and Regulatory Group meetings. The formal procedure and review of the content and structure of the register is now being developed.

External audit planned in June (25th/26th) - when ISO 20000 Service management is planned an upgrade from 2011 to 2018. Currently preparations are underway and work planned.

Due to the change in organisation name from NWIS to DHCW there is an additional audit required to confirm the change. The dates are awaiting confirmation.

All the outstanding audit actions will be inputted into the Quality Improvements Action Log and their progress is tracked through the performance reporting that is reviewed in the Quality and Regulatory Group.

Quality and Regulatory Group met in the month had focus on audit outcomes and formulating of annual plans for the forthcoming year. The meeting highlighted the importance of setting clear line of sight between the quality standards, internal audits, and the audit programme within the local directorate meetings. There was also a review of the key quality metrics and performance. There was a legislation register format update.

2.4 Quality Improvement Action List (QIAL) figures have improved over the last 2 months from 204 open to 128 with 147 overdue items now reduced to 95. The new team are working with individuals to improve this further. Integrated Management Systems (IMS) document reviews noted a decrease in reviews from 96% to 84% (this was flagged at the Quality and regulatory group and efforts now mean it is back to 93%) and working with areas to ensure these documents are completed.

2.5 There is a new Quality Portal that is set out to improve awareness within the organisation line with the new structure and supporting visibility.


In summary:

3.1 The Quality and Regulatory Group KPIs will target a standard and directorate view of quality compliance, focus will be on integrating the plans as part of the directorate Annual Plans.

3/5 259/284

Fuller,Sophie

06/29/2021 12:39:32



Further development of metrics will be developed in line with organisational performance reporting.

3.2 The importance of good document management practices and the strengthening of the quality management systems is underway with the onboarding of departments to iPassport. Moving forward this will be part of the annual plan process.

3.3 Improved Compliance and commitment to the internal and external audit programme with a view to becoming more aware of impact of regulatory in the organisation.

3.4 In the month of June the ISO20000 audit is scheduled and there will be the need for a change audit.

3.5 In July the focus will be to start the implementation of iPassport tool and continued focus on closing out QIAL/IMS actions and considerations of any outcomes from the ISO 20,000 Audit.

4 RECOMMENDATION

4.1 The Audit and Assurance Committee as ask to:Note the content of the report.

5 IMPACT ASSESSMENT

WELL-BEING OF FUTURE GENERATIONS ACT A globally responsible Wales


DHCW QUALITY STANDARDS Choose an item.

If more than one standard applies, please list below: All standards are reflected





CORPORATE RISK (ref if appropriate) N/A

4/5 260/284

Fuller,Sophie

06/29/2021 12:39:32





IMPACT ASSESSMENT

Yes, please see detail belowQUALITY AND SAFETY IMPLICATIONS/IMPACT Ref section 2.2 Impact of internal audits









5/5 261/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.9





N/A

Executive SponsorCarwyn Lloyd-Jones, Director of Information Communication Technology / Chris Darling, Board Secretary

Prepared By Sophie Fuller, Corporate Governance and Assurance Manager

Presented By Sophie Fuller, Corporate Governance and Assurance Manager

Purpose of the Report For Discussion/Review

Recommendation

The Committee is being asked to:Note the content of the update.

DIGITAL HEALTH AND CARE WALESWELSH LANGUAGE SCHEME UPDATE REPORT

1/4 262/284

Fuller,Sophie

06/29/2021 12:39:32


Approver: Carwyn Lloyd-JonesINTERNAL – IF PRINTED THIS BECOMES AN UNCONTROLLED COPY

Acronyms

DHCW Digital Health and Care Wales WLCO Welsh Language Commissioners OfficeSHA Special Health Authority NWIS NHS Wales Informatics Service


1.1 Until the 31st March 2021 Digital Health and Care Wales (DHCW) were operating as NHS Wales Informatics Service (NWIS) hosted by Velindre University Trust and were adhering to the Welsh Language Standards issued to Velindre.

1.2 On the 1st April 2021 the DHCW Special Health Authority was formed. Special Health Authorities are not currently named under the 2011 Welsh Language Measures, however DHCW wish to continue to maintain compliance with these Standards by creating a dedicated Welsh Language Scheme ‘Scheme’.

1.3 The initial draft of the DHCW Welsh Language Scheme has been completed, the ‘Scheme’ sets out how Digital Health and Care Wales will give effect to the principles established by the Welsh Language Act 1993 that, in the conduct of the public businesses the English and Welsh language should be treated on a basis of equality.


2.1 The main points of the ‘Scheme’ will include DHCW’s approach to Welsh Language in relation to:

Public communication, Corporate Identity and public face Operating the Scheme including Service/System Design Implementing and Monitoring Publicising the Scheme Complaints and comments

2.2 Included in Appendix A (item 4.9i) is a timeline for the drafting and consultation of the ‘Scheme’ for DHCW. This also includes the appointment of a Welsh Language Scheme Manager

2/4 263/284

Fuller,Sophie

06/29/2021 12:39:32



to ensure dedicated resource is in place to implement and monitor the ‘Scheme’ and provide advice and support to the organisation.

2.3 The draft ‘Scheme’ will be shared internally to the Welsh Language Group and DHCW Board members for comments ahead of the final draft being published for public consultation.

2.4 The public consultation will last for 12 weeks, planned to be from the 2nd August to the 25th October and will provide both internal and external stakeholder the opportunity to feed back on the ‘Scheme’. DHCW will proactively consult with the following stakeholders:

Welsh Language Commissioners Office (External) Welsh Language Group (Internal) Audit and Assurance Committee (Internal) DHCW SHA Board (Internal)

The list of stakeholders is currently being benchmarked with Health Education and Improvement Wales (HEIW) and advice has been sought from the Welsh Language Commissioners office to aid this exercise.


3.1 There is currently no Welsh Language Officer within DHCW, however a job description is in for consistency matching with a view to recruit to this post as soon as possible to support the implementation of the DHCW Welsh Language ‘Scheme’.

4 RECOMMENDATIONThe Committee is being asked to:Note the content of the update, including the timeline for developing the ‘Scheme’ (as set out in item 4.10i).

5 IMPACT ASSESSMENT

WELL-BEING OF FUTURE GENERATIONS ACT A Wales of vibrant culture and thriving Welsh language




3/4 264/284

Fuller,Sophie

06/29/2021 12:39:32





HEALTH CARE STANDARD Individual Care

If more than one standard applies, please list below:Dignified Care


No, (detail included below as to reasoning) Outcome:Statement: The Welsh Language Scheme will Equality Impact Assessed as part of the process.

APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMECarwyn Lloyd Jones 21.06.2021 Approved

IMPACT ASSESSMENT



Yes, please see detail belowLEGAL IMPLICATIONS/IMPACT Should the activities within the scheme not be appropriately

followed, there is a potential for legal action.

Yes, please see detail belowFINANCIAL IMPLICATION/IMPACT Should the activities within the scheme not be appropriately

followed, there is a potential for financial action.

Yes, please see detail belowWORKFORCE IMPLICATION/IMPACT Elements of the scheme will include expectations of members

of staff and more specifically managers.



4/4 265/284

Fuller,Sophie

06/29/2021 12:39:32


1 Digital Health and Care Wales

Welsh Language Lead to review action plan for

scheme implementation and monitoring

Draft Scheme Consultation W

ELSH

LA

NGU

AGE

SCHE

ME

WL

LEAD

RE

CRU

ITM

ENT

2021 2022Jun Jul Aug Sept Oct Nov Dec Jan Feb

Scheme finalised

Consultation

Board sign off

Consistency Checking Begin

recruitmentIdeal start date

Implementation and monitoring

Draft Scheme finalised

In progress

Planned activity

CompleteItem 4.9i Appendix A – Welsh Language Scheme Timeline Plan

1/1 266/284

Fuller,Sophie

06/29/2021 12:39:32



Agenda Item

4.10





N/A


Prepared By Alex Percival, Principal Project Manager

Presented By Michelle Sell, Chief Operating Officer


Recommendation

The Audit and Assurance Committee is being asked to:NOTE the report in Appendix A following approval by the DHCW Management Board and ahead of submission to the SHA Programme Board.

DIGITAL HEALTH AND CARE WALESSHA TRANSITION PROJECT CLOSURE COVER

REPORT

1/4 267/284

Fuller,Sophie

06/29/2021 12:39:32

SHA Transition Project Closure Report Page 2 of 4 Author: Alex Percival


Acronyms

SHA Special Health Authority DHCW Digital Health and Care WalesNWIS National Health Service Wales

Informatics ServiceVUNHST Velindre University National Health

Service TrustOD Organisational Development WG Welsh Government

1. SITUATION/BACKGROUND

1.1 In order to take forward the establishment of the new Digital Special Health Authority known as Digital Health and Care Wales (DHCW), a Programme Board was set up chaired by Andrew Goodall, Chief Executive of NHS Wales with three constituent projects. One of these projects, known as the Transition Project, was led by the NHS Wales Informatics Service (now DHCW). Following the launch of Digital Health and Care Wales on 1st April 2021, the SHA Transition Project can now be closed. A Project Closure Report (Appendix A) has been completed and approved by the DHCW Management Board and is included for the Audit and Assurance Committee to note prior to being submitted to the SHA Programme Board as part of the overall closure activity for the Programme.

1.2 The Project has performed well and has achieved all the milestones required to enable the successful transition of staff and services from NWIS to DHCW. The Transition Task and Finish Group held a ‘lessons learned’ review session to reflect on the performance of the Project and these have also been included in the report.

2. SPECIFIC MATTERS FOR CONSIDERATION BY THIS MEETING (ASSESSMENT)

2.1 The Report provides detail on the performance of the Project as well as a management plan for outstanding actions. While the Project had achieved all of the high-level milestones required for the transition, there are a number of residual tasks that will be taken forward by teams and departments within DHCW for completion in the first few months of DHCW operation. These actions are formally noted in the report and provide a description on how they will be managed following the closure of the Project.

3. KEY RISKS/MATTERS FOR ESCALATION TO BOARD/COMMITTEE

3.1 A risk register relating to the transition was maintained on DATIX and while the vast majority of these have been closed, two risks associated with the transfer remain open and on the corporate risk register. The report provides details of these risks (relating to information governance and data sharing) and the action management plan in the Report sets out how work will be taken forward by the risk handlers to manage these risks following closure of the

2/4 268/284

Fuller,Sophie

06/29/2021 12:39:32



project. Please note that the other two risks identified in the closure report (ID 15987 and 15785, relating to funding and resources) have now been addressed and closed.

4. RECOMMENDATIONThe Audit and Assurance Committee is being asked to:NOTE the report in Appendix A following approval by the DHCW Management Board and ahead of submission to the SHA Programme Board.

5. IMPACT ASSESSMENT











APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this paper prior to this meeting COMMITTEE OR GROUP DATE OUTCOMEWeekly Directors 10/05/2021 Document AgreedDHCW Management Board 20/05/2021 Approved

IMPACT ASSESSMENT

3/4 269/284

Fuller,Sophie

06/29/2021 12:39:32













4/4 270/284

Fuller,Sophie

06/29/2021 12:39:32


Document author: Alex Percival, SHA Project Manager

Approved by Michelle Sell, Chief Operating Officer

Date approved: 10/05/2021

Review date: N/A



Document Version 1.0

Status Approved

DIGITAL HEALTH AND CARE WALESSHA TRANSITION PROJECT CLOSURE REPORT

1/14 271/284

Fuller,Sophie

06/29/2021 12:39:32

2

WELL-BEING OF FUTURE GENERATIONS ACT Choose an item.




HEALTH CARE STANDARD N/A



Choose an item. Outcome:Statement:

STRATEGIC OBJECTIVE Development of the new digital organisation

APPROVAL/SCRUTINY ROUTE: Person/Committee/Group who have received or considered this

COMMITTEE OR GROUP DATE OUTCOMEWeekly Directors 10/05/2021 Document AgreedDHCW Management Board 20/05/2021 Final Approval

IMPACT ASSESSMENT





FINANCIAL No, there are no specific financial implication related to the activity outlined in this report

2/14 272/284

Fuller,Sophie

06/29/2021 12:39:32

3

IMPLICATION/IMPACT





3/14 273/284

Fuller,Sophie

06/29/2021 12:39:32

https://gov.wales/socio-economic-duty-overview#:~:text=The%20overall%20aim%20of%20the%20duty%20is%20to%20deliver%20better,that%20those%20taking%20strategic%20decisions:&text=drive%20a%20change%20in%20the,way%20that%20decision%20makers%20operate

4

TABLE OF CONTENTS

1 DOCUMENT HISTORY...............................................................................................................5

1.1 REVISION HISTORY...........................................................................................................5

1.2 REVIEWERS .......................................................................................................................5

1.3 AUTHORISATION ...............................................................................................................5

1.4 DOCUMENT LOCATION.....................................................................................................5

2 PURPOSE ...................................................................................................................................6

3 BACKGROUND...........................................................................................................................6

4 REASON FOR CLOSING THE PROJECT..................................................................................7

5 PROJECT PERFORMANCE.......................................................................................................7

5.1 Against Objectives ...............................................................................................................7

5.2 Against Costs.......................................................................................................................8

5.3 Against Timescales..............................................................................................................8

6 CLOSURE ACTIVITIES...............................................................................................................8

6.1 Project Staff .........................................................................................................................8

6.2 Outstanding Action Management ........................................................................................8

6.3 Issue / Risk Management ....................................................................................................9

6.4 Financial Management ........................................................................................................9

6.5 Asset Management............................................................................................................10

6.6 Records Management .......................................................................................................10

6.7 Post Project Responsibilities .............................................................................................10

7 LESSONS LEARNED AND RECOMMENDATIONS.................................................................10

8 APPENDIX A – UPDATED MILESTONE PLAN........................................................................11

9 APPENDIX B – FINAL PROJECT RISK LOG ...........................................................................13

4/14 274/284

Fuller,Sophie

06/29/2021 12:39:32

5

1 DOCUMENT HISTORY

1.1 REVISION HISTORY

Date Version Author Revision Summary

16/04/2021 d0.1 Alex Percival Creation of document

05/05/2021 d0.2 Alex Percival Updates following initial review from Project Team

10/05/2021 d0.3 Alex Percival Updates following review by DHCW Directors

1.2 REVIEWERS

This document requires the following reviews:

Date Version Name Position

30/05/2021 d0.1 Michelle Sell Chief Operating Officer

10/05/2021 d0.2 Claire Osmundsen-Little Director of Finance

1.3 AUTHORISATION

Signing of this document indicates acceptance of its contents.

Author’s Name: Alex Percival

Role: Principal Project Manager – SHA Programme

Signature:

e:

Approver’s Name: Michelle Sell

Role: Chief Operating Officer

Signature:

t e:

1.4 DOCUMENT LOCATION

Type Location

Electronic

Invalid signature

X A.PercivalAuthor

Signed by: Alex Percival (al165475)

Invalid signature

X Michelle SellApprover

Signed by: Michelle Sell (MI000317)

5/14 275/284

Fuller,Sophie

06/29/2021 12:39:32

6

2 PURPOSEThis Project Closure report documents the closure activities for the SHA Transition Project, following the launch of Digital Health and Care Wales (DHCW) on 1 April 2021. It provides an overview of the completion activity for the Project and provides assurance for DHCW that activities associated with the project have either been closed or handed over to business as usual operations.

3 BACKGROUNDOn the 30th September 2019 the Minister for Health and Social Services, Vaughan Gething, announced that the NHS Wales Informatics Service (NWIS) would transition from its current structure, as part of Velindre University NHS Trust (VUNHST), to a new Special Health Authority.

A formal Programme Board was established through Welsh Government, with Andrew Goodall, Chief Executive NHS Wales, acting as the Programme’s SRO. The Programme Board is responsible for overseeing the transition and monitoring the progress of the Programme’s three constituent projects, which are as follows:

Establishment Project – Led by Ifan Evans, Director – Technology, Digital and Transformation, Welsh Government (WG), this Project was responsible for the establishment of the Special Health Authority including the creation of legislation and the appointment of a Chair and Board for the organisation.

Velindre Transfer of Accountabilities Project – Led by Steve Ham, Chief Executive of Velindre University NHS Trust (VUNHST), this Project was responsible for ensuring that staff, assets and liabilities relating to NWIS were effectively transferred out of Velindre and into the new SHA. The Project was also responsible for ensuring that the appropriate, legal, financial and governance processes were in place for continuity within VUNHST.

NWIS Transition Project – This project led by Michelle Sell, Chief Operating Officer, was responsible for delivering activity relating to NWIS’ transition into the SHA, and the readiness of the new organisation to operate effectively, this included the establishment of internal governance processes, financial management, staff engagement and communications.

To achieve the objectives of the NWIS Transition Project, a Task and Finish Group was established with the leads of eight workstreams responsible for delivering key activity to achieve the go-live of the organisation. The Project workstreams and a brief Summary of their responsibilities are listed in the table below.

Workstream Name Summary of ResponsibilitiesCommercial Services To establish robust mechanisms for the novation of all contracts and commercial

agreements held by VUNHST on NWIS behalf to the new SHA are put in place and that the transfer is executed effectively.

Communications and Engagement

To manage internal and external communications, to raise awareness and ensure staff and stakeholders are informed

Finance To ensure appropriate funding, financial systems and services, opening financial balances, reporting and controls are in place to support the transition from a hosted body to a new Special Health Authority

Governance To ensure appropriate governance arrangements are in place to support the transition from a hosted body to a new Special Health Authority


To consider the actions required to ensure the new SHA has the appropriate mandates and agreements to continue to process information in line with Data

6/14 276/284

Fuller,Sophie

06/29/2021 12:39:32

7

Protection and other associated legislationReporting To ensure that the new Digital SHA has the appropriate mechanisms for providing

internal and external reports on the organisation’s activitiesSoftware Development

To ensure that Application Screens and Websites for services run by NWIS are updated with the New SHA Name and Logo

Workforce and Organisational Development

To ensure an effective and smooth transition of staff and workforce services and systems from the hosted body into the new Digital Special Health Authority.

On 27th March 2020, Welsh Government wrote to the Programme Board and NWIS Directors to confirm that their work on the Transition Programme had been paused due to COVID-19 prioritisation and that it was likely that the planned 1st October 2020 go-live would no longer be achievable. Following correspondence with Andrew Goodall and the Welsh Government’s Digital Team, a letter from Andrew Goodall was issued on 8th June 2020 to Programme Board members to confirm that Welsh Government activities on the Programme would be restarting, with a revised go-live date of 1st April 2021.

4 REASON FOR CLOSING THE PROJECTThe SHA Transition Project has successfully delivered the key milestones to ensure the launch of the Digital Health and Care Wales took place on 1st April 2021 and that the organisation can now function as a Special Health Authority. As such, the Project can now be closed, and any outstanding actions related to the transition should be handed over for completion through Business as Usual activity.

5 PROJECT PERFORMANCE

5.1 Against ObjectivesThe table below lists the objectives for the project that were set out in the Project Initiation Document and provides comment on the achievement of each of these. Appendix A contains the updated Milestone Plan, which provides details of the key activities completed through the Project lifecycle.

Objective Status CommentTo support the Programme Board in establishing a new Special Health Authority under the National Health Service (Wales) Act 2006

Complete Digital Health and Care Wales was established in two tranches of legislation. The first was the Establishment Order, this became law on 30th December 2020. The Transfer Order came into force on 1st April 2021 and effectively transferred all NWIS staff, property, liabilities, and assets from VUNHST to DHCW.

Develop and deliver a robust plan to enable NWIS to transition into running as a Special Health Authority from 1st April 2021

Complete A milestone plan and critical path were created and used to track progress up to the 1st April go-live date.

Ensure that the scope and functions of the new SHA are clearly articulated and reflected in the structure and resource requirements

Complete A resource plan was developed to reflect the proposed functions and responsibilities of the organisation and while this activity was completed and reflected in the core allocation of the DHCW budget, there are lessons to learn from this process.

7/14 277/284

Fuller,Sophie

06/29/2021 12:39:32

8

Ensure staff are fully informed, involved and ready for the transition

Complete Staff engagement sessions took place throughout the Project lifecycle and briefings and updates were able to continue despite the disruption caused by the COVID-19 pandemic.

Work collaboratively with stakeholders to build on the solid foundations to inform the future direction of the SHA

Ongoing While collaborative working has featured in the development of the inaugural annual plan for DHCW, this is work that will continue to be taken forward by DHCW on an ongoing basis to inform future direction.

5.2 Against CostsThe Transition Project received £717,782 in funding for the financial year 2020/21. In total the Project spent £601,303, an underspend of £116,479. The reason for the underspend was due to planned appointments not being made and the appointments of the Chair and Board being made later than originally assumed during planning. In addition, the Interim Chair was hosted by Public Health Wales prior to the go-live on 1st April 2021, so funding for that post was arranged directly between WG and Public Health Wales and not through the Transition Project as initially anticipated.

5.3 Against TimescalesThe project achieved the completion of the key Critical Path activities required to ensure the go-live of DHCW on 1st April 2021.

6 CLOSURE ACTIVITIES

The following sub-sections cover the various activities required to close the project.

6.1 Project StaffMost staff involved in the delivery of the Project were performing their Project role and responsibilities in addition to their ordinary duties. The SHA Programme Manager was seconded to Welsh Government from NWIS and will return to a substantive post in DHCW in line with the secondment agreement.

6.2 Outstanding Action ManagementThe final Transition Task and Finish Group meeting identified outstanding actions that will be handed over to business as usual activity, the table below sets out the actions and any associated handover activity.

Action Description Workstream Handover activity Associated DATIX ID

DHCW Branding to be included on future releases of software in line with existing release plans.

Software Development

Branding to be included has been agreed and incorporated into the software release plans of all applicable products. The newly branded products will be rolled out in accordance with agreed release plans and product update windows.

Development and agreement of an SLA between Velindre and DHCW for Workforce support for job evaluation and investigations.

Workforce and OD

An agreement in principle has been made to reflect that DHCW and VUNHST will work collaboratively to share

8/14 278/284

Fuller,Sophie

06/29/2021 12:39:32

9

resources and experience. This will be confirmed formally in a Service Level Agreement.

Recruitment activity to support the Board Secretary and Board Governance Arrangements

Governance Recruitment activity for the board governance arrangements commenced prior to go-live and will continue to be taken forward by the office of the DHCW Board Secretary.

15785

Ongoing work to ensure that DHCW has an appropriate legal basis for data collection, processing, analysis, and dissemination.


The Information Governance Team will continue to work closely with Welsh Government to ensure that DHCW are issued with the required directions to support the legal basis for data collection.

1650416505

Planning of full launch event for DHCW and sign off of organisational communications strategy.

Communications To be taken forward by the Communications team with support and approvals from the DHCW Board.

Migration of organisational risk management system to Datix Cloud.

Governance Interim arrangements to be managed by the Corporate Services team prior to go-live of Datix Cloud in July 2021.

Handling of queries from commercial partners relating to contract novation.

Commercial Services

The Commercial Services team have created a register to track suppliers’ responses to the novation letters. The team will continue to handle queries and log responses from commercial partners with regards to the novation. The signed responses to the novation letters are also shared with VUNHST.

Note – All commercial arrangements were transferred by statutory instrument on 1 April 2021.

6.3 Issue / Risk ManagementMost Risks identified through the Project’s lifecycle have now been closed out. The risks identified in Appendix B have been identified as remaining open and will be managed on Datix in line with DHCW risk management policy.

6.4 Financial ManagementSHA Transition Project finances were provided as revenue funding for the financial year 2020/21, no recurring funding will be made available as part of this Project.

9/14 279/284

Fuller,Sophie

06/29/2021 12:39:32

10

6.5 Asset Management The Digital Health and Care Wales (Transfer of Staff, Property, Rights and Liabilities) Order 2021 made provision for the transfer of NWIS assets from VUNHST to DHCW.The transfer of assets and liabilities will formally take place once the financial statements for the 2020/21 financial year have been through external audit. Transfers of confirmed values will then be actioned prior to the Welsh Government deadline of 30th September 2021.

6.6 Records ManagementDHCW are currently developing a document retention policy and project documentation will be stored in line with this. In the interim, documentation will be stored on the Project’s internal sharepoint site. Key documentation such as the PID, monthly reports and this project closure document will also be shared with the Welsh Government to support any Gateway or post project reviews that may be undertaken by the Programme Board.

6.7 Post Project ResponsibilitiesThe SHA Programme is planning a Gateway Review to assess its performance and that of its constituent Projects. Individuals involved in the delivery of this Project may be required to participate in that review.

7 LESSONS LEARNED AND RECOMMENDATIONSIn anticipation of the formal closure of the Transition Project, the Task and Finish Group met on 14th April 2021 to discuss the lessons learned from the SHA Programme and the workstream’s activities. The discussion focused on three areas, things that went well, things that could have been done differently and any missed opportunities that the project could have delivered on. These have been identified in the table below:

Theme 1 – Things that worked wellThe Group recognised that there was a clear definition of the roles and responsibilities that supported the timely delivery of the project’s activities.The appointment of a single Programme Manager with an oversight of activity across the Programme’s constituent Projects was recognised as an important factor in the delivery of the Programme.Good teamwork and communication across the workstreams played an important part in the delivery of Project activity.Support from senior leadership within NWIS and in Welsh Government helped to drive delivery of the Programme, despite the challenge of the COVID-19 response.Theme 2 – Things that could have been done differentlyThere were several Project areas that were delivered on short timescales. This was in part due to the COVID delay, but an increased awareness and communication of some of the potential reasons for delay could have helped with planning activity in line with the timescales.Appointments of Board members were completed close to the critical path dates, as such there was a limited ‘run-in’ for Board development sessions and associated activity. This contrasted with the approach taken for HEIW, where the Board was in place for shadow running prior to go-live.A colleague in NWSSP was extremely helpful, and critical in the delivery of the ESR transition from Velindre to DHCW. However, there was very little guidance or support from IBM therefore intervention by Service Management may have been beneficial with regards to the relationship and escalation process from DHCW to NWSSP to IBM as a Service.Planning assumptions were that an inaugural Board meeting would not take place until May, in line with the Board cycle of other NHS Wales organisations. There was therefore a lot of resource required in a short space of time to stand up the processes for the first Board meeting on 1st April 2021.Theme 3 – Missed OpportunitiesChanges to policies and procedures were done relatively close to the deadline, had this work started earlier, there may have been more scope for making meaningful changes to the organisation’s policies and procedures. Instead, reviews will be required sooner after go-live.

10/14 280/284

Fuller,Sophie

06/29/2021 12:39:32

11

The creation of an SHA could have been an opportunity to review the full funding model for the new organisation, however, timescales and COVID priorities meant that the funding of DHCW reflected the needs for the Board and governance formation including some legacy issues but excludes functions, capital and Health Board and Trusts SLA funding.Although benchmarking took place where possible to establish resource requirements, some areas were not picked up by the group in the resource planning e.g. emergency planning, and in other areas the resource requirements will become clearer once DHCW has operated as a statutory body for a period of time e.g. Welsh Language translation requirements, once an idea of the volume of Board and Committee papers is better known and understood. Earlier confirmation of the functions and statutory implications of the legislation may have helped to better support the benchmarking activity.The SHA formal Information secondary uses responsibilities from the previous Informatics Services to the new SHA could have been better emphasised as a priority in the setting up of its statutory responsibilities – The complexities were not fully understood up until the last phases of the SHA transition.The SHA responsibilities for the IG Framework, although described in section 6 of the consultation process did not feature in any onwards functions of formal responsibilities of the SHA. Although not critical to its setting up, an opportunity was missed to ensure clarity in this area following the consultation process.

8 APPENDIX A – UPDATED MILESTONE PLANID Objective Owner Description Target DateNA-1

Establishment Project Agreement of name for new SHA 30/04/2020(Complete)

CS-1 Transition Project (Commercial WS)

Contract audit complete 03/08/2020(Complete)

CO-1

Establishment Project Consultation Opens 07/09/2020(Complete)

EN-1

Transition Project (Comms and Engagement WS)

Engagement sessions recommence

05/10/2020(Complete)

EN-2

Transition Project (Comms and Engagement WS)

Engagement Sessions Close 23/10/2020(Complete)

CO-2

Transition Project (All) Formal feedback from NWIS on Consultation

30/10/2020(Completed 13/11/2020)

CO-3

Establishment Project Consultation Closes 30/11/2020(Complete)

AP-1

Establishment Project Appointment of interim SHA Chair for transition

01/12/2020(Completed 16/11/2020)

OR-1

Transition Project(Financial WS)

Creation of Bank Account 07/12/2020(Completed 16/11/2020)

OR-2


Creation of Unique Tax Reference by HMRC


OR-3


Oracle configuration 08/12/2020(Complete)

SI-1 Establishment Project Establishment Order laid 09/12/2020(Complete)

OR-4


Oracle configuration complete (SHA Ledger Built)


WF-1

Transition Project(Workforce WS)

ESR Virtual Private Database (VPD) built


WF-2


TUPE Consultation Commences 04/01/2021(Completed 01/02/2021)

11/14 281/284

Fuller,Sophie

06/29/2021 12:39:32

12

ID Objective Owner Description Target DateCS-2 Transition Project

(Commercial WS)Commercial suppliers notified of Novation via transfer letter

29/01/2021(Completed 01/03/2021)

AP-2

Establishment Project Appointments of SHA Independent Board Members

01/02/2021(Completed 01/03/2021)

AP-3

Transition Project(Workforce and Governance Workstreams)

Initial Board Development commences

01/02/2021(Completed - 17/03/2021)

WF-3


Payroll and ESR set up 26/02/2021(Complete)

WF-4


ESR VPD Populated 01/03/2021(Completed – 25/03/2021)

SI-2 Establishment Workstream Transfer Order laid in Senedd 05/03/2021SS-1 Transition Project

(Governance Workstreams)Specialist Support Arrangement SLA confirmed


SO-1

Transition Project(Governance WS)/Establishment Project

Standing Orders/SFIs Issued 31/03/2021(Complete)

IG-1 Transition Project (IG and Data WS)

Registration of SHA with Information Commissioners Office

01/04/2021(Complete – 01/03/2021)

AP-4

Transition Project(Workforce and Governance Workstreams)

Initial Board Development complete


CS-3 Transition Project(Commercial WS)

Contract Novation to SHA complete

01/04/2021(Completed as part of Transfer Order coming into force)

WF-5


TUPE Complete 01/04/2021(Complete)

OR-5

Transition Project (Finance WS)

Oracle Go-Live 01/04/2021(Complete)

All SHA Go-Live 01/04/2021WF-6


ESR Mass Organisational Change 11/04/2021(Brought forward to 05/04/2021)(Completed – ESR Live 20/04/2021)

12/14 282/284

Fuller,Sophie

06/29/2021 12:39:32

13

9 APPENDIX B – FINAL PROJECT RISK LOGID Description RA Date Controls in place Rating

(current)Risk level (current)

Risk Owner(NWIS)

Approval status

16504 In line with the described functions of Digital Health and Care Wales (DHCW) as laid by

Welsh Government in December 2020 there is a risk that Directions set by Welsh Ministers

will not provide for a sound legal basis for the collection, processing and dissemination of Welsh resident data - Refresh of risk now

closed (NWIS0256)

26/01/2021 Actions set against Welsh Government to

define a set of Directions that will enable DHCW to move forwards on BAU and to provide cover for important functions such

as NDR

12 Significant (Score 8 -

12)

Darren Lloyd Final approval

16505 The is a risk that a national conversation with practitioners and patients will be delayed. In line with the principles of the Well-being of

Future Generations Act (2015) the 'Data Promise' (or other appropriate IG framework) will be significantly curtailed because the legal

basis for the collection, process and dissemination of Welsh resident will not be

properly established via the new Special Health Authority

Stakeholder and data controllers information will not be sufficiently assured that the

proposed controls in place will enable them to meet their own obligations in respect of patient

privacy and confidentiality.For certain use cases when Welsh resident

patient information is required for indirect care uses and research, the COPI 2000 (and as also

defined within s251 of the NHS Act 2006) regulations are set so that an approval body

(which is part of the Health Research Authority)

26/01/2021 WG Policy Leads to establish a timeframe for

the supporting Data Promise


12)

Darren Lloyd Final approval

13/14 283/284

Fuller,Sophie

06/29/2021 12:39:32

14

ID Description RA Date Controls in place Rating (current)

Risk level (current)

Risk Owner(NWIS)

Approval status

gives approval for those proposed uses of data. Wales is not solely responsible for decisions and are reliant on the responses from the Confidentiality Advisory Group in England

The governance model that supports the data promise will need to consider a Wales Policy

position on Welsh resident ability to opt out of very specific uses of identifiable information.

(Refresh of closed risk NWIS 0258)15987 There is a risk that insufficient funding will be

available for Digital Health and Care Wales to discharge its functions effectively.

27/05/2020 Development of clear functions for the new

organisation with corresponding resources.

Extensive engagement with Welsh Government to finalise the financial arrangements for the

new Special Health Authority.


12)

Chief Operating

Officer

Final approval

15785 There is a risk that there will be insufficient skills, expertise and resources to provide

administrative/secretariat support for the new board and committee structures.

16/03/2020 Appointment of the Board Secretary ahead of the new SHA going live.Identify skill shortage within current NWIS

administration establishment.

Identify resources required for Welsh

Government resource request for SHA.

6 Moderate (Score 4 -

6)

Board Secretary

Final approval

14/14 284/284

Fuller,Sophie

06/29/2021 12:39:32

Audit and Assurance Committee - Public Agenda

Documents

Transcript of Audit and Assurance Committee - Public Agenda