Internal Audit Process in eHealth

A case study


  • Jani Ferreira Lisbon North University Hospital
  • Patrícia Horta Department of Quality, Reditus SA, Portugal
  • Fátima Geada Atlantica Instituto Universitario, Portugal



Telehealth, Internal Audit, Quality, Digital Health, healthcare audit



Internal audit operates within international professional practices established by the Institute of Internal Auditors (IIA). It contains an independent role from the organizational structure and represents the third line of defense in the implemented model of government, risk management, and internal control. Internal audit provides reasonable safety regarding the quality of the processes, including reporting to management about internal control and risk management.


Internal control processes and risk management in the scope of the processing of calls and the charging of the outsourcing company. Formulate recommendations for performance improvement in the ambit of health policies.


For its fulfilment, this work was based on international norms for professional practice in Internal Audit. The risk management methodology – COSO ERM (Enterprise Risk Management – Integrating with Strategy and Performance) and COSO (Internal Control – Integrated Framework) were also used for the analysis of internal control.


There were identified two risks of operational nature and internal origin, two risks of a strategic nature related to the market, and three risks of a technological nature.


The recommendations described in the report are based on the relationship between public and health policies that have gained importance in recent years with the Covid-19 pandemic, since the beginning of 2020, accelerating the digital transition process in Portugal. Contributing to outstanding dissemination of Teleconsultations, technological development and privileging paperless recipes, meeting the guidelines for EU Digitization by 2030.

What is already known on this topic?

The European Commission sees eHealth as a priority and encourages the creation of a global strategy in the countries of the European Union, with the objective of developing the transformation, the Telehealth Contact Center sorting system has been optimized with the introduction of Artificial Intelligence in the branching of the algorithms and in the conclusion diagnosis.

Main contribution to Evidence-Based Practice

In the current context, with the growing tendency to health digitalization and the market potential in telehealth, the role of internal audit has been gaining an indispensable position in the success of a company, fomenting quality and rigor in decision making. In this way, internal audit is capable of significatively contributing to risk reduction and the improvement of management quality, converting itself into lucrative processes for the company.

 Implications for healthcare practice

The relation between the diagnosed risks and the improvement recommendations allowed the correlation of internal policies with public health which sustains the sector.


Ahmad S, Ng C, McManus LA. Enterprise Risk Management (ERM) Implementation: Some Empirical Evidence from Large Australian Companies. Procedia Soc Behav Sci. 2014 Dec; 164:541–7.

Dsouza, B. (2022). On Sustainable Health Systems: A Research Emergency in Pandemic times. International Healthcare Review (online), 1(1).

Inspecção Geral das Actividades Culturais apcer. NP EN ISO 9001:2015 [Internet]. 2015 [cited 2022 Nov 19]. Available from:

International Federation of Accountants. Guia de aplicação das ISA – conceitos fundamentais e orientação prática [Internet]. 4th ed. International Federation of Accountants (IFAC), editor. Vol. Volume 1 and 2. 2018. Available from:

Jacennik, B. (2022). On Digital Health Research Priorities: From Telemedicine to Telehealth. International Healthcare Review (online), 1(1).

Kaya GK, Ward JR, John Clarkson P. A framework to support risk assessment in hospitals. International Journal for Quality in Health Care. 2019 Jun 1;31(5):393–401.

Medical Association A. Telehealth Implementation Playbook Digital Health implementation American Medical Association® [Internet]. 2022. Available from:

Monachino, M. . (2022). On Healthcare Research for Disease Prevention: Critical Knowledge Gaps in European Public Health. International Healthcare Review (online), 1(1).

Niakan Kalhori SR, Bahaadinbeigy K, Deldar K, Gholamzadeh M, Hajesmaeel-Gohari S, Ayyoubzadeh SM. Digital health solutions to control the COVID-19 pandemic in countries with high disease prevalence: Literature review. Vol. 23, Journal of Medical Internet Research. JMIR Publications Inc.; 2021.

Nsw S. Code of practice how to manage work health and safety risks [Internet]. 2019 [cited 2022 Nov 20]. Available from:

Pascarella G, Rossi M, Montella E, Capasso A, de Feo G, Snr GB, et al. Risk analysis in healthcare organizations: Methodological framework and critical variables. Risk Manag Healthc Policy. 2021; 14:2897–911.

Petracca F, Ciani O, Cucciniello M, Tarricone R. Harnessing digital health technologies during and after the COVID-19 Pandemic: Context matters. Vol. 22, Journal of Medical Internet Research. JMIR Publications Inc.; 2020.

Richard M. Steinberg, Frank J. Martens, Miles E.A. Everson, Lucy E. Nottingham. COSO Gerenciamento de Riscos Corporativos-Estrutura Integrada [Internet]. 2007 [cited 2022 Nov 19]. Available from:

Saigí-Rubió F, Borges do Nascimento IJ, Robles N, Ivanovska K, Katz C, Azzopardi-Muscat N, et al. The Current Status of Telemedicine Technology Use Across the World Health Organization European Region: An Overview of Systematic Reviews. Vol. 24, Journal of medical Internet research. NLM (Medline); 2022. p. e40877.

Schandl A, Philip L. Foster. COSO INTERNAL CONTROL – INTEGRATED FRAMEWORK: An Implementation Guide for theHealthcare Provider Industry [Internet]. 2019 [cited 2022 Nov 19]. Available from:

Serviços Partilhados Do Ministério Da Saúde E, Centro Nacional de TeleSaúde. Plano Estratégico Nacional para a Telessaúde [Internet]. 2019 [cited 2022 Nov 17]. Available from:

Society of Corporate Compliance and Ethics & Health Care Compliance Association. Enterprise Risk Management - Compliance Risk Management: Applying the COSO ERM Framework [Internet]. 2020 [cited 2022 Nov 19]. Available from:

Xue, X., Wang, Y., Wang, J., Zhao, J., Tang, Y., Song, X., & Xu, C. (2022). On Monitoring Devices for glucose in critical patients during the COVID-19 pandemic: An update on International Evidence. International Healthcare Review (online).

Zhao, Z., & Niu, M. (2022). On the Treatment and Disposal of Clinical Waste based on Bluetooth and LoRa Wireless IoT: A case study. International Healthcare Review (online).

World Health Organization. Global strategy on digital health 2020-2025 [Internet]. Geneva: Licence: CC BY-NC-SA 3.0 IGO; 2021 [cited 2022 Nov 17]. Available from:

World Health Organization. Implementing telemedicine services during COVID-19: guiding principles and considerations for a stepwise approach [Internet]. Regional Office for the Western Pacific; 2021 [cited 2022 Nov 19]. (CC BY-NC-SA 3.0 IGO). Available from:

World Health Organization. Rapid Risk Assessment of Acute Public Health Events. Geneva; 2012.

digital auditing


10-01-2023 — Updated on 06-02-2023

How to Cite

Ferreira, J., Horta, P., & Geada, F. (2023). Internal Audit Process in eHealth: A case study. International Healthcare Review (online).



Recent Articles