Audit and Assurance

Expand all | Collapse all

Integrated Healthcare Risk Assessment Questionaire Development

  • 1.  Integrated Healthcare Risk Assessment Questionaire Development

    Posted 30 days ago
    Dear Professionals,
    I am in the process of developing next year Internal Audit Plan for a healthcare (group of hospital) network and was seeking your insights and knowledge on how to come up with the risk assessment tool (Questionnaire) to help me get top and senior management input on operations and business processes risks (existing /emerging). This tool will help in development of the Annual Audit Plan.
    Your insights and field knowledge greatly appreciated.
    Thank you


    ------------------------------
    Alex Kioko
    Auditor-Financial & I.T/Information Systems
    ------------------------------


  • 2.  RE: Integrated Healthcare Risk Assessment Questionaire Development

    Online Forum Topic Leader
    Posted 29 days ago
    Hello Alex,

    When you want to do a risk assessment for Health Care, you may need to consider, risks to patients, risks to staff and risks to the organisation.  There was an ISACA article sometime ago where COBiT 4 framework based maturity assessment was presented. This may be helpful to you.  http://www.isaca.org/Knowledge-Center/cobit/Documents/CF-V4-12-COBIT-Maturity-Assessment-and-Continual-e-Health-Governance-Improvement-at-NHS-Fife.pdf

    Cheers!

    Nalin

    ------------------------------
    Nalin Wijetilleke MBA, CISA, CGEIT, FBCI, PMP, CMC
    2019 Online Forum Topic Leader
    Managing Director, ContinuityNZ Ltd.
    ------------------------------



  • 3.  RE: Integrated Healthcare Risk Assessment Questionaire Development

    Posted 28 days ago
    @Nalin Wijetilleke
    Thank you so much for sharing your great knowledge and reference on the subject. Very insightful!​

    ------------------------------
    Alex Kioko
    Auditor-Financial & I.T/Information Systems
    ------------------------------



  • 4.  RE: Integrated Healthcare Risk Assessment Questionaire Development

    Online Forum Topic Leader
    Posted 28 days ago
    @Alex Kioko,

    See the attached https://www.isaca.org/Journal/archives/2019/Volume-3/Pages/developing-the-it-audit-plan-using-cobit-2019.aspx

    Its not healthcare specific but it and some of the references used may be of help.

    Best Regards,

    Ian​

    ------------------------------
    Ian Cooke
    Audit & Assurance Topic Leader
    ISACA Journal Columnist
    ------------------------------



  • 5.  RE: Integrated Healthcare Risk Assessment Questionaire Development

    Posted 27 days ago
    @Ian Cooke
    This is invaluable.
    Thank you


    ------------------------------
    Alex Kioko
    Auditor-Financial & I.T/Information Systems
    ------------------------------



  • 6.  RE: Integrated Healthcare Risk Assessment Questionaire Development

    Posted 26 days ago
    Edited by Kelly Mack 26 days ago
    Hi Alex,
    I have seen risk assessments developed through spreadsheets too other software tools. I guess my primary question is..... how are they developing and monitoring the enterprise risks? Ideally, you would want to piggyback off this process so it will all merge together. Depending on the location of your healthcare group, US based or other country, you process and/or store credit card information, and depending if you are funded by the government, you will have very different risks to your infrastructure.
    Feel free to contact me privately and I can help walk you through some of my lessons learned.
    I totally agree with the the focus of the articles listed below. They are more of a how-to-do vs. content needs of the different requirements necessary for the healthcare industry. (Which I am hoping someone at the enterprise level identified as being the top industry for malicious attacks.)
    I think one key factor many security and risk professionals do not understand about the healthcare industry is...... if we mess up, people are at risk, not just data. If ransomware affected your hospital, would the electricity to the life-support system be affected type stuff, which stresses me out on the daily every time I hear of a new threat.

    ------------------------------
    Kelly Mack
    Compliance Analyst: Data Privacy & Product Cybersecurity
    ------------------------------