The NHS Operating Framework 2010/2011, through the NHS informatics planning guidance Annex 1 (National expectations) stated that: “An IG audit utilising the centrally provided audit methodology should be included within the work plans of each organisations’ auditors”.
To ensure a common approach to such an audit across the NHS, the Informatics Directorate of the Department of Health commissioned an internal audit assurance framework for IGT self-assessments. The Department asked the Audit Commission to lead on the development, supported by Mersey Internal Audit Agency and South Coast Audit and Consultancy Services.
The internal audit framework comprises:
- A series of audit requirements (matched to the Toolkit requirements): these note the assurance required and the potential sources of evidence across three levels of compliance. They also contain mapping to other parts of the audit framework.
- Evidence review guides: these are generic guides that cover common evidence items such as minutes, strategies, policies, intranet content and job descriptions and are there to support the auditor in reviewing these types of evidence.
- The questions for a staff survey: designed to provide a perspective on the evidence from document review and interviews. The survey should take no longer than 15 minutes to complete.