AUDIT REPORT. Service Desk and Problem Management Audit Opinion: Satisfactory. November 14, Report Number: 2014-IT-04
|
|
- Bernadette Small
- 8 years ago
- Views:
Transcription
1 AUDIT REPORT Service Desk and Problem Management Audit Opinion: Satisfactory November 14, 2014 Report Number: 2014-IT-04
2 Table of Contents: Page Executive Summary Background 1 Audit Objectives and Scope 2 Audit Opinion 3 Appendix Definitions 4 Issue Classifications 5 Distribution 7 Audit Performed By 7
3 Executive Summary Background The Information Technology Infrastructure Library (ITIL) is used by IT Management as a guide for the services provided by IT to the organization. ITIL considers the Service Desk to be the central point of contact between service providers and users/customers on a day-to-day basis. It is also a focal point for reporting Incidents (disruptions or potential disruptions in service availability or quality) and for users making Service Requests (routine requests for services). ITIL defines Problem Management as the process responsible for managing the lifecycle of all Problems, which are the cause of one or more incidents. The primary objectives of problem management are to prevent incidents from happening and to minimize the impact of incidents that cannot be prevented. At Citizens, the Problem Management process is integrated with the Incident Management process. Problem management generally continues after the resolution of the immediate incident by identifying the root cause of the problem ( RCA Root Cause Analysis). RCA is the responsibility of the appropriate Subject Matter Experts within IT. If the RCA determines that a change is required, the normal Change Management process is followed. The Technical Support Center (TSC) provides the Service Desk function within Citizens. The TSC provides first level incident recording, tracking, resolution and escalation primarily by phone for Citizens internal and remote users. Over the past year the TSC has made significant strides in stabilizing and improving the functionality of the software ( ServiceDesk ) which supports the operation of the TSC and the TOC. Additional improvements and functionality are planned for Support and administration of the software is handled by the Software Quality Assurance team. A major current initiative is the development and implementation of standard roles based user access management. The TSC has a staff of 23 persons including a Manager, two Supervisors and twenty support staff, six of which are contractors. As shown below, in a typical month the TSC processes over 2,500 tickets of all types and met its Service Level Agreements approximately 90% of the time for all types of tickets. Technical Support Center (TSC) Tickets P a g e 1
4 Executive Summary The Technical Operations Center (TOC) provides 24/7/365 monitoring of Citizens IT Systems and Services and responding to alerts sent by monitoring systems in real-time. In addition to being responsible for monitoring and responding to system related issues, the TOC provides after-hours and weekend initial handling of TSC Incidents. The TOC is currently located in Tallahassee and is in the process of relocating to Jacksonville as part of the overall relocation of IT. The TOC has a staff of 10 persons including a Supervisor and nine operations staff, six of which are contractors. The relocation recently resulted in the resignation of a supervisor and it is expected that two employees will relocate while all of the contractors will be replaced. As shown below, in a typical month the TOC handles 75 incidents, of which Severity 1 is the most severe and highest priority. There were between two and seven Severity 1 incidents per month. Technical Operations Center (TOC) Incidents Audit Objectives and Scope The objective of this audit was to evaluate the adequacy and effectiveness of Service Desk processes for handling incidents and service requests which impact the business users. In addition, the review was geared to assess the transition of incidents to problems, the use of customer feedback, and the use of performance metrics and reporting. Our scope included a review of the following areas: Service Level Agreements Policies, Procedures and Documentation User Access to ServiceDesk Application Service Desk Operations Escalation Procedures P a g e 2
5 Executive Summary Problem Management Customer Feedback Performance Metrics and Reporting Audit Opinion The overall effectiveness of the processes and controls evaluated during the audit is rated as Satisfactory. Our audit of the Service Desk and Problem Management indicated that the TSC and TOC have competent management and technical personnel. In addition, we noted that adequate service is being provided to the organization and that when comments are made in response to customer satisfaction surveys, they are almost always positive. However, our work also identified seven low risk audit issues which are being addressed by management. In addition, three opportunities for process improvement were noted and discussed with management: Service Level Agreements (SLA's) should be formalized and agreed to by the business. They should be readily accessible by the users through the Citizens Portal. Enhanced reporting should be provided to the business and Service Desk performance should be provided on the Citizens Portal. The History section of ticket screen should include the full text of the appended description and the complete text of the technician notes and resolution. The ITIL Continual Service Improvement (CSI) methodology, which includes trend analysis of performance metrics, benchmarking, and comparison of performance to industry standards, should be applied to the Service Desk. We would like to thank management and staff for their cooperation and professional courtesy throughout the course of this audit. P a g e 3
6 Appendix 1 Definitions Audit Ratings Satisfactory: Critical internal control systems are functioning in an acceptable manner. There may be no or very few minor issues, but their number and severity relative to the size and scope of the operation, entity, or process audited indicate minimal concern. Corrective action to address the issues identified, although not serious, remains an area of focus. Needs Improvement: Internal control systems are not functioning in an acceptable manner and the control environment will require some enhancement before it can be considered as fully effective. The number and severity of issues relative to the size and scope of the operation, entity, or process being audited indicate some significant areas of weakness. Overall exposure (existing or potential) requires corrective action plan with priority. Unsatisfactory: One or more critical control deficiencies exist which would have a significant adverse effect on loss potential, customer satisfaction or management information. Or the number and severity of issues relative to the size and scope of the operation, entity, or process being audited indicate pervasive, systemic, or individually serious weaknesses. As a result the control environment is not considered to be appropriate, or the management of risks reviewed falls outside acceptable parameters, or both. Overall exposure (existing or potential) is unacceptable and requires immediate corrective action plan with highest priority. P a g e 4
7 Appendix 2 Issue Classifications Control Category High Medium Low Financial Controls (Reliability of financial reporting) Operational Controls (Effectiveness and efficiency of operations) Actual or potential financial statement misstatements >USD 5 million Control issue that could have a pervasive impact on control effectiveness in business or financial processes at the business unit level A control issue relating to any fraud committed by any member of senior management or any manager who plays a significant role in the financial reporting process Actual or potential losses >USD 2.5 million Achievement of principal business objectives in jeopardy Customer service failure (e.g., excessive processing backlogs, unit pricing errors, call center non responsiveness for more than a day) impacting 10,000 policyholders or more or negatively impacting a number of key corporate accounts Actual or potential prolonged IT service failure impacts one or more applications and/or one or more business units Actual or potential negative publicity related to an operational control issue An operational control issue relating to any fraud committed by any member of senior management or any manager who plays a significant role in operations Actual or potential financial statement misstatements between USD 2.5 million to 5 million Control issue that could have an important impact on control effectiveness in business or financial processes at the business unit level Actual or potential losses between USD 0.5 to 2.5 million Achievement of principal business objectives may be affected Customer service failure (e.g., processing backlogs, unit pricing errors, call center non responsiveness) impacting 1,000 policyholders to 10,000 or negatively impacting a key corporate account Actual or potential IT service failure impacts more than one application for a short period of time Actual or potential financial statement misstatements below USD 2.5 million Control issue that does not impact on control effectiveness in business or financial processes at the business unit level Actual or potential losses below USD 0.5 million Achievement of principal business objectives not in doubt Customer service failure (e.g., processing backlogs, unit pricing errors, call center non responsiveness) impacting less than 1,000 policyholders Actual or potential IT service failure impacts one application for a short period of time P a g e 5
8 Appendix 2 Control Category High Medium Low Any operational issue leading to death of an employee or customer Any operational issue leading to injury of an employee or customer Compliance Controls (Compliance with applicable laws and regulations) Remediation timeline Actual or potential for public censure, fines or enforcement action (including requirement to take corrective actions) by any regulatory body which could have a significant financial and/or reputational impact on the Group Any risk of loss of license or regulatory approval to do business Areas of non-compliance identified which could ultimately lead to the above outcomes A control issue relating to any fraud committed by any member of senior management which could have an important compliance or regulatory impact Such an issue would be expected to receive immediate attention from senior management, but must not exceed 60 days to remedy. Actual or potential for public censure, fines or enforcement action (including requirement to take corrective action) by any regulatory body Areas of noncompliance identified which could ultimately lead to the above outcomes Such an issue would be expected to receive corrective action from senior management within 1 month, but must be completed within 90 days of final Audit Report date. Actual or potential for non-public action (including routine fines) by any regulatory body Areas of noncompliance identified which could ultimately lead the above outcome Such an issue does not warrant immediate attention but there should be an agreed program for resolution. This would be expected to complete within 3 months, but in every case must not exceed 120 days. P a g e 6
9 Appendix 3 Distribution Addressees Copies Robert Sellers, V.P. - IT Infrastructure and Operations Juan Cocuy, Citizens Audit Committee Chairman Bette Brown, Citizens Audit Committee Member Jim Henderson, Citizens Audit Committee Member Barry Gilway, President/CEO/Executive Director Kelly Booten, Chief - Systems and Operations Curt Overpeck, Chief Information Officer Christine Turner Ashburn, V.P. - Communications, Legislative & External Affairs John Rollins, Chief Risk Officer Dan Sumner, Chief Legal Officer & General Counsel Bruce Meeks, Inspector General Johnson Lambert, LLP (External Auditors) Following Audit Committee Distribution The Honorable Rick Scott, Governor The Honorable Jeff Atwater, Chief Financial Officer The Honorable Pam Bondi, Attorney General The Honorable Adam Putnam, Commissioner of Agriculture The Honorable Andy Gardiner, President of the Senate The Honorable Steve Crisafulli, Speaker of the House of Representatives Audit Performed By Auditor in Charge Audit Director Under the Direction of Gary Sharrock, Senior IT Auditor Karen Wittlinger, Director IT Audit Joe Martins Chief of Internal Audit P a g e 7
AUDIT REPORT. Citizens Insurance Suite Check Printing Audit Opinion: Needs Improvement. June 11, 2015
AUDIT REPORT Citizens Insurance Suite Check Printing Audit Opinion: Needs Improvement June 11, 2015 Citizens Insurance Suite Check Printing Table of Contents: Page Executive Summary Background 1 Objectives
More informationAUDIT REPORT. Cloud Software as a Service (SaaS) Procurement and Governance Audit. June 9, 2016
AUDIT REPORT Cloud Software as a Service (SaaS) Procurement and Governance Audit June 9, 2016 Table of Contents: Page Executive Summary Background 1 Audit Objectives and Scope 1 Management s Assessment
More informationAUDIT REPORT. Corporate Access and Identity Management Project Audit Opinion: Satisfactory. July 31, 2015
AUDIT REPORT Corporate Access and Identity Management Project Audit Opinion: Satisfactory July 31, 2015 Report Number: 2015-IT-02 Corporate Access and Identity Management Project Table of Contents: Page
More informationAUDIT REPORT. Citizens Data Warehouse Audit Opinion: Needs Improvement. Date: June 9, 2014. Report Number: 2014-AUD-IT-01
AUDIT REPORT Citizens Data Warehouse Audit Opinion: Date: June 9, 2014 Report Number: 2014-AUD-IT-01 Report Number: 2014-AUD-IT-01 Citizens Data Warehouse Table of Contents: Page Executive Summary Background
More informationMANAGEMENT ADVISORY SERVICE REPORT
MANAGEMENT ADVISORY SERVICE REPORT 2014 Disaster Recovery Exercise Date: September 8, 2014 Report Number: 2014-MAS-04 Report Number: 2014-MAS-04 Disaster Recovery Exercise Table of Contents: Page Executive
More informationINVESTIGATION REPORT. Secondary Employment Policy Violation. Date: May 23, 2014. Report Number: CPIC 14-03-0002. Report Number: CPIC 14-03-0002
INVESTIGATION REPORT Secondary Employment Policy Violation Date: May 23, 2014 Table of Contents: Page Report Background 1 Allegations 1 Procedures 1 Findings 2 Conclusion 2 Appendix Distribution 3 Audit
More informationAUDIT REPORT. Legal Billing Compliance. July 29, 2015. Report Number: 2015-AUD-09 Legal Billing Compliance
AUDIT REPORT Legal Billing Compliance July 29, 2015 Executive Summary Background In order to thoroughly review and manage legal fee bills received from a large pool of legal firms providing legal services
More informationFORENSIC AUDIT REPORT. Legal Defense Billing Audit Opinion: Unsatisfactory. Date: May 31, 2014. Report Number: 2013-AUD-15
FORENSIC AUDIT REPORT Legal Defense Billing Audit Opinion: Unsatisfactory Date: May 31, 2014 Table of Contents: Page Executive Summary Background 2 Audit Objectives and Scope 3 Audit Procedures 3 Summary
More informationSUMMARY MINUTES OF THE INFORMATION SYSTEMS ADVISORY COMMITTEE MEETING Friday, September 12, 2014
CITIZENS PROPERTY INSURANCE CORPORATION SUMMARY MINUTES OF THE INFORMATION SYSTEMS ADVISORY COMMITTEE MEETING Friday, The Information Systems Advisory Committee (ISAC) of Citizens Property Insurance Corporation
More informationSETTING UP AN ITIL SERVICE DESK BRETTA SLAGLE DOUG AUSTIN
SETTING UP AN ITIL SERVICE DESK BRETTA SLAGLE DOUG AUSTIN AGENDA Introduction Issues with previous processes Why ITIL? What is a Service Desk? Implementing a Service Desk Challenges Critical Success Factors
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationTHE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014
THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014 Since the last Audit Committee meeting, the OIA has focused on finalizing the execution of the 2013 Audit Plan and the development of the
More informationFLORIDA COMMISSION ON OFFENDER REVIEW (formerly Florida Parole Commission)
FLORIDA COMMISSION ON OFFENDER REVIEW (formerly Florida Parole Commission) TENA M. PATE, Chair BERNARD R. COHEN, SR., Vice-Chair MELINDA N. COONROD, Secretary RICK SCOTT, Governor PAM BONDI, Attorney General
More informationIT Service Desk Unit Opportunities for Improving Service and Cost-Effectiveness
AUDITOR GENERAL S REPORT ACTION REQUIRED IT Service Desk Unit Opportunities for Improving Service and Cost-Effectiveness Date: September 18, 2013 To: From: Wards: Audit Committee Auditor General All Reference
More informationAvon & Somerset Police Authority
Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:
More informationREPORT 2016/035 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/035 Audit of the use of consultants and individual contractors in the United Nations Stabilization Mission in Haiti Overall results relating to the effective hiring
More informationCumbria Constabulary. Business Continuity Planning
Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market
More informationRisk Management: Coordinated activities to direct and control an organisation with regard to risk.
POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic
More informationPRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions
PRACTICE GUIDE Formulating and Expressing Internal Audit Opinions 2 of 23 Table of Contents 1. Executive Summary... 1 2. Introduction... 2 3. Planning the Expression of an Opinion... 3 3.1 Expressing an
More informationMARKET CONDUCT ASSESSMENT REPORT
MARKET CONDUCT ASSESSMENT REPORT PART 1 STATUTORY ACCIDENT BENEFITS SCHEDULE (SABS) PART 2 RATE VERIFICATION PROCESS Phase 1 (2012) Financial Services Commission of Ontario (FSCO) Market Regulation Branch
More informationHow To Manage Risk At Atb Financial
Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Regulatory risk is the risk of non-compliance with applicable regulatory requirements. For the
More informationAUDIT REPORT. Federal Energy Regulatory Commission's Fiscal Year 2014 Financial Statement Audit
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Federal Energy Regulatory Commission's Fiscal Year 2014 Financial Statement Audit OAS-FS-15-05 December
More informationISO 20000-1:2005 Requirements Summary
Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service
More informationAll other issues are to be submitted via a request ticket utilizing the Web Helpdesk found at https://helpdesk.tbcdsb.on.ca
Information Technology This Information Technology (ITSLA) establishes the overall support levels for IT supported systems and services within the Thunder Bay Catholic District School Board. Goals of Technology
More informationREPORT 2014/001 INTERNAL AUDIT DIVISION. Audit of information and communications technology help desk operations at United Nations Headquarters
INTERNAL AUDIT DIVISION REPORT 2014/001 Audit of information and communications technology help desk operations at United Nations Headquarters Overall results relating to the adequacy and effectiveness
More informationThe ITIL Foundation Examination
The ITIL Foundation Examination Sample Paper A, version 4.1 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. All answers are to be marked on the answer grid provided. 3. You have
More informationBradley University Credit Card Security Incident Response Team (Response Team)
Credit Card Security Incident Response Plan Bradley University has a thorough data security policy 1. To address credit cardholder security, the major card brands (Visa, MasterCard, American Express, Discover
More informationMay 2012 Report No. 12-030
John Keel, CPA State Auditor Incentive Compensation at the Teacher Retirement System, the Employees Retirement System, and the Permanent School Fund Report No. 12-030 Incentive Compensation at the Teacher
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This
More informationSector-leading support and in-depth expert knowledge
servicedesk on demand Comprehensive, expertly-managed support services from Axonex that provide flexible and reliable solutions tailored to meet any of your IT infrastructure requirements or challenges.
More informationUniversity of New England Compliance Management Framework and Procedures
University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system
More informationCharter of the Audit Committee of the Board of Directors
Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company
More informationUniversity Policy on Management of Health, Safety and the Environment
UNIVERSITY OF CALIFORNIA BERKELEY DAVIS IRVINE LOS ANGELES MERCED RIVERSIDE SAN DIEGO SAN FRANCISCO SANTA BARBARA SANTA CRUZ OFFICE OF THE PRESIDENT Robert C. Dynes President 1111 Franklin Street Oakland,
More informationMental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
More informationWHS Risk Assessment and Control Form
WHS Risk Assessment and Control Form Step 1: Who has conducted the Risk Assessment Risk Assessment completed by (name): Staff / Student Number: Signature: Date: Step 4: Documentation and initial approval
More informationLegislative Audit Division State of Montana. Criminal Justice Information Network (CJIN)
Legislative Audit Division State of Montana November 2004 Report to the Legislature Information System Audit Criminal Justice Information Network (CJIN) Department of Justice This report contains the results
More informationInformation Commissioner's Office
Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft
More informationKPMG LLP Suite 12000 1801 K Street, NW Washington, DC 20006 Independent Auditors Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements
More informationThe Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence
How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................
More informationMarch 2007 Report No. 07-709
John Keel, CPA State Auditor the State s Attorney, Assistant Attorney General, and General Counsel Positions Report No. 07-709 the State s Attorney, Assistant Attorney General, and Positions Overall Conclusion
More informationAudit Plan Update. Percentage of Total Budgeted Hours. Adjusted Budgeted Hours. Actual YTD. Audit & MAS 8,066 8,366 38% 7,085.0 46% 2012 Carry Over
AUDIT COMMITTEE UPDATE DECEMBER 13, 2013 EXECUTIVE SUMMARY Office of the Internal Auditor Update Since the last Audit Committee meeting, the OIA has focused on finalizing the execution of the 2013 Audit
More informationCOMPLIANCE FRAMEWORK AND REPORTING GUIDELINES
COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:
More informationINDEPENDENT ACCOUNTANTS REPORT ON THE PERFORMANCE AUDIT OF FARMINGTON CASUALTY COMPANY
INDEPENDENT ACCOUNTANTS REPORT ON THE PERFORMANCE AUDIT OF FARMINGTON CASUALTY COMPANY Performed by: Cotton & Company LLP Certified Public Accountants 333 North Fairfax Street, Suite 401 Alexandria, Virginia
More informationITIL: Foundation (Revision 1.6) Course Overview. Course Outline
ITIL: Foundation (Revision 1.6) Course Overview The ITIL Foundation Certification Course introduces the new student to the fundamentals of IT Service Management as described in the IT Infrastructure Library
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION
More informationSickness Reporting Audit Final Report
ITEM 7 APPENDIX B(2) Sickness Reporting Audit Report Michael George Auditor Contact Details 07768 635682 Date of Review November 2013 Draft Report Issued 19 December 2013 Report Issued 14 January 2014
More informationUNITED STATES COMMISSION ON CIVIL RIGHTS. Fiscal Year 2012 Federal Information Security Management Act Evaluation
Memorandum UNITED STATES COMMISSION ON CIVIL RIGHTS Date: November 15, 2012 To: From: Subject: The Honorable Commissioners Frances Garcia, Inspector General Fiscal Year 2012 Federal Information Security
More informationConfiguration control ensures that any changes to CIs are authorized and implemented in a controlled manner.
ITIL Intermediate Capability Stream: RELEASE CONTROL AND VALIDATION (RCV) CERTIFICATE SCENARIO BOOKLET Scenario One A global company develops its own applications to support the business. The service transition
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationSenate Bill No. 466 CHAPTER 489
Senate Bill No. 466 CHAPTER 489 An act to amend Sections 2701, 2708, and 2786 of, to add Sections 2718 and 2786.1 to, and to repeal Section 2736.5 of, the Business and Professions Code, relating to nursing.
More informationWhich statement about Emergency Change Advisory Board (ECAB) is CORRECT?
ITIL Foundation mock exam 4 1. Which of the following is NOT a purpose of Service Transition? A) To ensure that a service can be managed, operated and supported B) To provide training and certification
More informationFOLLOW-UP REPORT Change Management Practices
FOLLOW-UP REPORT Change Management Practices May 2016 Office of the Auditor Audit Services Division City and County of Denver Timothy M. O Brien, CPA The Auditor of the City and County of Denver is independently
More informationIBM Tivoli Service Request Manager
Deliver high-quality services while helping to control cost IBM Tivoli Service Request Manager Highlights Streamline incident and problem management processes for more rapid service restoration at an appropriate
More informationIntroduction. What is ITIL? Automation Centre. Tracker Suite and ITIL
1 Introduction The Information Technology Infrastructure Library (ITIL) aims to improve the management of IT services within the organization, for lowered costs, improved efficiency and productivity. But
More informationApplying ITIL v3 Best Practices
white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version
More informationThe University of Texas Southwestern Medical Center TAC 202 Compliance. Internal Audit Report 15:31
Office of Internal Audit The University of Texas Southwestern Medical Center Internal Audit Report 15:31 October 8, 2015 Executive Summary Background Created in 1977 by the Texas Legislature, the Texas
More informationOFFICE OF INSPECTOR GENERAL
OFFICE OF INSPECTOR GENERAL OIG Risk Assessment and Proposed 2015-2016 Work Plan Ken Detzner Secretary June 22, 2015 John L. Greene Inspector General INTRODUCTION We are pleased to present the results
More informationJohn Keel, CPA State Auditor. An Audit Report on The Division of Workers' Compensation at the Department of Insurance. July 2010 Report No.
John Keel, CPA State Auditor An Audit Report on The Division of Workers' Compensation at the Department of Insurance Report No. 10-035 An Audit Report on The Division of Workers' Compensation at the Department
More informationCisco TelePresence Select Operate and Cisco TelePresence Remote Assistance Service
Cisco TelePresence Select Operate and Cisco TelePresence Remote Assistance Service Cisco TelePresence Select Operate allows customers to make full use of the benefits of the Cisco TelePresence solution,
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Improvements Are Needed to the Information Security Program March 11, 2008 Reference Number: 2008-20-076 This report has cleared the Treasury Inspector
More informationSTATE OF ILLINOIS NORTHERN ILLINOIS UNIVERSITY ALUMNI ASSOCIATION REPORT REQUIRED UNDER GOVERNMENT AUDITING STANDARDS Year Ended June 30, 2008
STATE OF ILLINOIS NORTHERN ILLINOIS UNIVERSITY ALUMNI ASSOCIATION REPORT REQUIRED UNDER GOVERNMENT AUDITING STANDARDS Year Ended June 30, 2008 Performed as Special Assistant Auditors for the Auditor General,
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationFebruary 2015. Audit committee performance evaluation
February 2015 Audit committee performance evaluation Audit committee performance evaluation The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an
More informationDacorum Borough Council Final Internal Audit Report
Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service
More informationInformation Technology Infrastructure Library (ITIL )
Information Technology Infrastructure Library (ITIL ) A Case Study on Incident Management February 8, 2006 Tim Shepich Principal, IT Management Consulting, Nouri Associates Inc. itsmf USA San Diego Local
More informationAuxilion Service Desk as a Service. Service Desk as a Service. Date January 2015. www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1
Title Service Desk as a Service Date January 2015 www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1 1. Disclaimer All information contained in this document is provided in confidence to the
More informationMaster Document Audit Program. Business System Deficiency Report Assignment. Version No. 1.3, dated June 2014 B-1 Planning Considerations
Activity Code 11090 B-1 Planning Considerations Business System Deficiency Report Assignment Audit Specific Independence Determination Members of the audit team and internal specialists consulting on this
More informationSALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS. (Revised September 11, 2012)
I. STATEMENT OF POLICY SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS (Revised September 11, 2012) This Charter specifies the scope of the responsibilities of
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationITIL Foundation for IT Service Management 2011 Edition
ITIL Foundation for IT Service Management 2011 Edition ITIL Rev 03.12 3 days Description ITIL (IT Infrastructure Library) provides a practical, no-nonsense framework for identifying, planning, delivering
More informationEMERGENCY MANAGEMENT PERFORMANCE AND STATE HOMELAND SECURITY PROGRAM FEDERAL GRANTS
EMERGENCY MANAGEMENT PERFORMANCE AND STATE HOMELAND SECURITY PROGRAM FEDERAL GRANTS REPORT ON AUDIT FOR THE YEAR ENDED JUNE 30, 2014 Auditor of Public Accounts Martha S. Mavredes, CPA www.apa.virginia.gov
More informationSENSITIVE DATA SECURITY AND PROTECTION CALIFORNIA STATE UNIVERSITY, LOS ANGELES. Audit Report 11-52 January 3, 2012
SENSITIVE DATA SECURITY AND PROTECTION CALIFORNIA STATE UNIVERSITY, LOS ANGELES Audit Report 11-52 January 3, 2012 Henry Mendoza, Chair Melinda Guzman, Vice Chair Margaret Fortune Steven M. Glazer William
More informationBenefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC 20000-1
Benefits to the Quality System in implementing an IT Standard ISO/IEC 20000-1 Presentation to: ASQ North Jersey September 15, 2010 Subrata Guha Director IT s UL DQS Inc. A New Global Alliance for Systems
More informationHow To Manage Your Service Level Management Program
SERVICE LEVEL MANAGEMENT Why Service Level Management is Mission Critical for all IT Service Providers LEN DICOSTANZO Senior Vice President, Community & Business Development Autotask Corporation SERVICE
More informationAudit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance
Audit Report for South Lakeland District Council People and Places Directorate Neighbourhood Services Audit of Grounds Maintenance Cumbria Shared Internal Audit Service: Internal Audit Report 7 th November
More informationCHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033
CHAPTER 2016-138 Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 An act relating to information technology security; amending s. 20.61, F.S.; revising the
More informationThe Devil is in the Details Compliance with the Business Systems Rule
Metropolitan Area Corporate Counsel Association WMACCA Conference on Ethics and Compliance for Government Contractors The Devil is in the Details Compliance with the Business Systems Rule April 1, 2014
More informationDirect Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference
Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference Chair An Independent Non-Executive Director In the absence of the Committee Chairman and an appointed
More informationOVERALL RATING: PARTIALLY SATISFACTORY
INTERNAL AUDIT DIVISION REPORT 2016/059 Audit of the use of consultants and individual contractors in the United Nations Support Office in Somalia Overall results relating to the effective management of
More informationOffice of Inspector General
Audit Report OIG-14-035 OCC Needs to Strengthen Supervison of Trading Activities in Light of the JPMorgan Chase Losses May 14, 2014 Office of Inspector General Department of the Treasury This report has
More informationAegon Global Compliance
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationWHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements
WHITE PAPER Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements TABLE OF CONTENTS Executive Summary 2 Sarbanes-Oxley Section 404 Internal Controls 3 IT Involvement
More information03/14/2013 Compensation Update Citizens Property Insurance Corporation Board of Governors Meeting March 22, 2013
03/14/2013 Compensation Update Citizens Property Insurance Corporation Board of Governors Meeting March 22, 2013 Executive Summary As Florida s no profit provider of property insurance, Citizens is continuously
More informationHuman Resources Departmental Summary FY 2012 Department Budget $ 1,193,745.00 2 Number of Employees 17
Audit Summary The Office of Human Resource Management appears to have an adequate system of internal controls in place. However, the following report details ways by which the department can further enhance
More informationFederal Information Security Management Act: Fiscal Year 2014 Evaluation
Federal Information Security Management Act: Fiscal Year 2014 Evaluation OFFICE OF INSPECTOR GENERAL UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 M E M O R A N D U M TO: FROM:
More informationEllucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant
Ellucian Cloud Services Joe Street Cloud Services, Sr. Solution Consultant Confidentiality Statement The information contained herein is considered proprietary and highly confidential by Ellucian Managed
More informationFAQs about ALTA Best Practices for Real Estate Settlement Attorneys and Title Companies
Why do I need to have ALTA Best Practices policies and procedures in place and have a CPA give assurance on my compliance to mortgage lenders? In accordance with Consumer Financial Protection Bureau (CFPB)
More informationPROPOSAL EVALUATION WORKSHEET (INDIVIDUAL) EVALUATION FACTOR: INFORMATION TECHNOLOGY SERVICES PLAN (RATED) Selection Committee #12
PROPOSER: MBCR Selection Committee #12 DATE: 9/9/2013 OVERALL RATING: Acceptable NARRATIVE SUMMARY: The Proposer has submitted an acceptable Information Technology Services plan in accordance with the
More informationSecurity Incident Management Policy
Security Incident Management Policy January 2015 Document Version 2.4 Document Status Owner Name Owner Job Title Published Martyn Ward Head of ICT Business Delivery Document ref. Approval Date 27/01/2015
More informationAPPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
More informationOFFICE OF FINANCIAL REGULATION COLLECTION AGENCY REGISTRATIONS MORTGAGE-RELATED AND CONSUMER COLLECTION AGENCY COMPLAINTS PRIOR AUDIT FOLLOW-UP
REPORT NO. 2013-031 OCTOBER 2012 OFFICE OF FINANCIAL REGULATION COLLECTION AGENCY REGISTRATIONS MORTGAGE-RELATED AND CONSUMER COLLECTION AGENCY COMPLAINTS PRIOR AUDIT FOLLOW-UP Operational Audit COMMISSIONER
More information5/25/2011. Citizens Property Insurance Corporation:
Citizens Property Insurance Corporation: CAS Spring Meeting May 2011 1 Citizens Overview Citizens is a Florida State created, not for profit, tax exempt government entity established principally to provide
More informationERM Program. Enterprise Risk Management Guideline
ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible
More informationCITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard
CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR
More informationHelpdesk Software: Service Desk Management or Glorified Database? Tweet using #APP6
Helpdesk Software: Service Desk Management or Glorified Database? Tweet using #APP6 Who s Talking Lance Waagner Chief Executive Officer Intelliteach Founded 1998 Over 150 employees Global 24-hour servicedesk
More informationORACLE IT SERVICE MANAGEMENT SUITE
ORACLE IT SERVICE MANAGEMENT SUITE ITIL COMPATIBLE PINKVERIFY ORACLE IT SERVICE MANAGEMENT SUITE HAS BEEN CERTIFIED BY PINK ELEPHANT THROUGH THE PINKVERIFY PROCESS TO BE ITIL COMPATIBLE IN SIX PROCESS
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More information