COI Report – Part II Page 43 of 425 Ivy, its members include all the CEOs and heads of the various public healthcare institutions (“PHIs”) in SingHealth. and its secretariat is the office of the GCIO. The CITC's role is to ensure that IT strategy and investments are aligned with the business strategy and IT architecture of the Cluster, resulting in the effective and efficient use of IT in enabling SingHealth to achieve its goals. Each year, GCIO Benedict, with the assistance of SingHealth PHIs, consolidates the SingHealth cluster IT workplan which will be presented to the CITC (and thereafter the ITC) for approval. An IT workplan would typically include IHiS' direction for implementation of IT initiatives, including IT security initiatives for the financial year. The CITC also meets on a monthly basis to review and endorse SingHealth's Cluster-wide IT projects and initiatives which are presented by IHiS staff and sometimes together with relevant SingHealth staff who provide the user perspective. 12.3 IT security-related risk management 12.3.1 MOHH Audit and Risk Committee (ARC) and Group Internal Audit (“GIA”) 120. MOHH has an Audit and Risk Committee (“ARC”), which is chaired by an MOHH Board member. The MOHH ARC members include the respective Chairmen of the audit committees or audit and risk committees of the three Clusters and IHiS. 121. MOHH’s GIA, which provides internal audit services to the MOHH Group, including the Clusters and IHiS, and helps improve their governance, controls and risk management. The GIA has a specialised IT audit team that conducts IT security audits, led by IT audit head Thng Chiok Meng. The GIA has a direct reporting line to the MOHH ARC, as well as direct reporting lines to the auditor audit and risk committees of the Clusters, IHiS and the Agency for Integrated Care.
