NHS Mersey Internal Audit Agency www.miaa.co.uk
Page Spacer
HOME OUR PEOPLE OUR SERVICES OUR LOCATIONS WHAT'S NEW WORKING FOR US CONTACT  
NHS MIAA Page Spacer

IM & T Assurance


Information Risks management

If information is the lifeblood of an organisation it must be protected approrpriately.  But what is appropriate?  To remove risk means can be layers and layers of control which make systems unworkable making processes, and even the organisation as a whole, ineffective.

The key to "appropriateness" lies the fundamental concept of risk assessment and management and while many organisations now have in place robust assurance frameworks and risk registers the absence of information risks is, in many cases, notable.

If an organisation is to truly understand its information risks in needs to focus on business impacts, allowing IM&T staff to talk to the Board in the Board's language. Techno-babble will not result in senior management buy-in, in fact it will have completely the opposite effective.

In an NHS environement, it is not the fact, for example, that systems are down that should considered the as the focal point, it is the impact that this will have on the core activities of the organisation, i.e. the provision of health care. By focusing on the business rather than looking internally within IT it is possible to fully understand the role that IM&T plays in the delivery of care and the impacts that breaches of confidentiality, data inaccuracy or system downtime can have.

How We Can Help

We have worked with any clients to build risk and assurance frameworks, to integrate these with corprorate reporting and to facilitate the identification and assessment of risks and have extensive experience in facilitating risk workshops at which the risks are identified and, using interactive voting technology, assessed.

We have also used best of breed risk assessment tools such as CRAMM to undertake detailed IM&T risk assessments for clients.

From an audit perspective, we have also provided assurances to clients regarding the IM&T risks management arrangements within their organisations, considering processed, identified risks and management plans.

As with all of our services, however, our solutions are tailored to meet the needs of the client.  We would be happy to discuss your needs in this area and to develop a solution to meet them.

For more information please contact us.
© NHSMIAA 2009