The Christie Foundation Trust Annual Report and Accounts 2021-22

Annual Governance Statement

Information governance Our data security risks are informed through both internal and external reviews and advice. They are managed through compliance with the data security and protection toolkit which is mandated by NHS Digital. Data security and information governance incidents are managed in accordance with internal procedures and notified to the ICO in the Data Security Incident Reporting Tool where required; for the year 2021–22 the trust reported no data breaches via the reporting tool. Information governance risks are managed as part of the risk management systems and processes and assessed using the data security and protection toolkit. The Trust’s risk register is updated with currently identified information risks including data quality and data security which are reviewed by the Risk and Quality Governance Committee. We are compliant with GDPR legislation which came into effect on 25 th May 2018. Compliance is monitored through our risk management systems and the data security and protection toolkit. In addition, independent assurance is provided as part of the NHS Improvement coding and costing assurance audit process, and the data security and protection toolkit self-assessment review undertaken by internal audit. The Trust’s 2021/22 submission against the data security and protection toolkit was confirmed by internal auditors as ‘Standards met’.

deliver improvements and efficiencies to patient cancer care pathways across the city. My review is also informed by comments made by the external auditors in their management letter and other reports. I have been advised on the implications of the result of my review of the effectiveness of the system of internal control by the board, audit, quality assurance, risk and clinical governance committees and a plan to address weaknesses and ensure continuous improvement of the system is in place. The overall Head of Internal Audit opinion for the period 1 st April 2021 to 31 st March 2022 provides Substantial Assurance; that there is a good system of internal control designed to meet the organisation’s objectives, and that controls are generally being applied consistently. The Trust has examined the assurances provided over key contractual relationships with third party providers upon which the Trust places reliance. NHS Shared Business Services (SBS) provides the Trust’s payroll service and the Trust receives an independent “Service Quality Report” in relation to SBS’s operations. The report provides an unqualified opinion in respect of 10 of the 14 control objectives. An explanation has been provided against the 4 control objectives where qualifications have been identified. The Trust has reviewed the report and the issues identified and assured itself that sufficient mitigations exist that assurance can still be gained from the report.

145