External Audit Reviews. Report by Director of Finance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "External Audit Reviews. Report by Director of Finance"

Transcription

1 THE HIGHLAND COUNCIL AUDIT AND STANDARDS COMMITTEE 4 DECEMBER 2003 Agenda Item Report No External Audit Reviews Report by Director of Finance SUMMARY The pages that follow contain a report from the Council's External Auditors, (Audit Scotland). It informs Members of the recommendations made in the activity reviewed and reported since the date of the last Committee. The Action Plan, agreed by the relevant Service Manager, is included within the report. 1. Reports included: Ref. Service Subject Date Pages 133 Corporate 06/11/03 RECOMMENDATION Members are invited to consider the above report Signature: Designation: Director of Finance Date: 25 November 2003

2 Maggie Bruce CA, Senior Audit Manager Audit Scotland, Ballantyne House, 84 Academy Street, Inverness IV1 1LU Tel no Fax no The Highland Council

3 Contents Contents Section 1 Page Executive summary 1 Section 2 Action plan 3 Section 3 Introduction 7 Section 4 Migration of data to the new payroll system 8 Section 5 ICT controls operating within the new payroll system 10 Audit Services Audit Scotland

4 Section 1 Executive summary Introduction 1.1 The Highland Council employs approximately 18,500 employees at an annual cost of 184 million. The Council processes 23 individual payrolls (including those processed for the Highland and Western Isles Valuation Joint Board and other bodies) with employees allocated to a payroll group on the basis of employing department, payment frequency and conditions of service. 1.2 During 2002/03, the Council and its ICT provider, Fujitsu Services, began to replace its existing in-house payroll system, written in 1975, with Northgate Information Systems integrated payroll and personnel system, ResourceLink. At the time of our audit, nine payrolls had been transferred to the new system. The Council intends to complete the migration of all payrolls by November As part of our 2002/03 we undertook an overview of the new payroll system, including: the arrangements in place for the migration of existing data to the new payroll system; the ICT controls operating within the new payroll system. 1.4 This report summarises the findings from our review and, where appropriate, makes recommendations to address the weaknesses identified. The weaknesses identified are only those which have come to our attention during the course of our normal audit work and are not necessarily, therefore, all the weaknesses which may exist. It is the responsibility of management to decide the extent of the internal control systems appropriate to the Council. We would stress, however, that an effective control system is an essential part of the efficient management of any organisation. Summary of Main Findings 1.5 Our review revealed that the arrangements in place for the migration of existing data to the new payroll system are generally satisfactory, although there is scope for improvement. In particular, the acceptance of the data by the user department and their agreement that the new system should go live is not adequately documented. Our audit identified that all Pensions and Audit staff had access to the Invalid Login screen which displays details of incorrectly keyed passwords and the associated operator ids. This represented a serious security risk to the system as a member of the Pensions staff could potentially use this information to access the system using another officer s operator id and password. We brought our concerns to the attention of the Project Team Leader and are pleased to note that a systems upgrade has now been applied which ensures that incorrectly keyed passwords are no longer displayed on the Invalid Login screen. Areas of Good Practice a project team has been established to oversee the migration to the new integrated payroll/personnel system; a Migration Process Checklist has been developed which records all the expected steps and sign off milestones for the migration of each payroll. An error log is also maintained to record all exceptions and errors identified throughout the process, and the action taken to resolve them; Audit Services - Audit Scotland Page 1

5 Section 1 parallel running is undertaken to ensure that the new system is operating properly prior to going live ; a Systems Administration Manual has been developed which documents control mechanisms, procedures for release management and for back-up and restoration of the new payroll system; a Risk Register is maintained which documents the main risks to the new payroll system and how these are being addressed by the Council and Fujitsu Services. Areas with Scope for Improvement the acceptance of data transferred to the new payroll by the user department is not adequately documented. A senior officer within the user department should complete a pro-forma document to confirm their acceptance of the data and their agreement that the new payroll should go live ; the existing Payroll Service Description, which forms the basis of the relationship between the ICT service provider and the client department, will not be updated until all payrolls have been migrated to the new payroll system. We have been advised that Fujitsu Services have proposed that, in future, Service Descriptions be produced at the start of each project and would support this move towards good practice in project management; the risks of granting SUPERVISOR access, which includes the ability to set up new users on the system, to live payrolls should be assessed as a matter of urgency to ensure that adequate compensatory controls are in place to protect live payroll data; there is no guidance on the setting of the pre-determined period after which the system prompts the user to change their password (password duration) or disables their access due to non-use (account dormancy); control over operator ids requires to be improved. In particular, generic operator ids, which cannot be traced back to individual employees, should be restricted to specific circumstances and their use closely monitored and controlled. Action Plan 1.6 The Action Plan included in Section 2 of this report sets out the agreed actions to be taken in response to the main recommendations, graded to show their relative priority, and the timescales within which the issues are to be addressed. The Action Plan should be read in conjunction with the relevant reference from the main findings (Section 4). 1.7 The factual accuracy of the contents of this report, and the remedial action to be taken, have been agreed in discussion with appropriate officers. Acknowledgements 1.8 The assistance and co-operation received during the course of our audit is gratefully acknowledged. Maggie Bruce, CA Senior Audit Manager Audit Services - Audit Scotland Page 2

6 Section 2 Action Plan Page/ Para Ref Rec. No. Recommendation Responsible Officer Agreed Comments Agreed Completion Date Migration of data to new payroll system 9/ The Project Team Leader should sign (in manuscript) his approval of each stage of the parallel testing process prior to requesting a senior officer within the user department to confirm their acceptance of the data and agreement that the new system should go live. Payroll & Pensions Manager Yes The previous documentation recorded the Team Leader s approval in type but not the Payroll Manager s. Documentation has been amended to include signatures (in manuscript) of each party. Completed 9/ A pro-forma document should be developed for completion by a senior officer within the user department to confirm their acceptance of the data and agreement that the new payroll should go live. Payroll & Pensions Manager Yes See comments re recommendation 1 above. Completed 9/ The reconciliations and reports/payslips retained as supporting evidence of the checks undertaken should be referenced and the file reference included on the Migration Process Checklist to enable them to be easily identified. Payroll & Pensions Manager Yes The Migration/Parallel Run Process Checklist will include the file reference. 30 November 2003 Medium priority Audit Services - Audit Scotland Page 3

7 Section 2 Page/ Para Ref Rec. No. Recommendation Responsible Officer Agreed Comments Agreed Completion Date ICT controls operating within the new payroll system 10/ A Service Description should be prepared for the new payroll system. Head of E- Government Yes The preparation of Service Descriptions will be a product associated with stages 3 and 4 of the project. 31 January / In line with good practice, Service Descriptions should be produced as part of the Product Description or Project Definition for future projects. Head of E- Government Yes This will require a change in the contractual requirements for PD production. The Head of E-Government is currently working with Fujitsu to redesign and agree a new PD format that will include a draft Service Description. 30 April / The Council should review all users with SUPERVISOR access, as a matter of urgency, to assess the risks of granting this access and ensure that adequate compensatory controls are in place to protect live payroll data. Payroll & Pensions Manager Yes A review of users with SUPERVISOR access will be carried out. 31 December 2003 Audit Services - Audit Scotland Page 4

8 Section 2 Page/ Para Ref Rec. No. Recommendation Responsible Officer Agreed Comments Agreed Completion Date 11/ Guidance should be prepared on setting the parameters for the length of time after which a user is prompted to change their password (password duration) or their access is disabled due to non-use (account dormancy). Standard frequencies should be set for each security profile based on an assessment of the risk associated with that level of access to the system. Finance Systems Officer Yes Passwords have been reviewed, and amended where necessary, to ensure that they comply with the guidance in the Council s Information Systems Security Framework. An exercise to consider the risk of different security profiles has been completed and password timeouts set accordingly. Usernames with high levels of access have been granted shorter password expiry periods. Completed Completed 11/ A list of operator ids should be produced regularly from the system and reconciled to the spreadsheet of users maintained by the Finance Systems Team. Medium priority Payroll & Pensions Manager Yes The Finance Systems Team will produce the list from the system and the spreadsheet of users on a quarterly basis. They will be reconciled by someone from the Payroll Section. 31 December / The use of generic operator ids should be restricted to specific circumstances and their use closely monitored and controlled. Payroll & Pensions Manager Yes All generic operator ids have been identified and their use will be monitored. Completed Audit Services - Audit Scotland Page 5

9 Section 2 Page/ Para Ref Rec. No. Recommendation Responsible Officer Agreed Comments Agreed Completion Date 12/ The list of operator ids produced by the system should be regularly reviewed to identify any redundant or duplicate operator ids. Payroll & Pensions Manager Yes This will be done as part of the actions for recommendations 7 and December 2003 Audit Services - Audit Scotland Page 6

10 Section 3 Introduction 3.1 The Highland Council employs approximately 18,500 employees at an annual cost of 184 million. The Council processes 23 individual payrolls (including those processed for Highland and Western Isles Valuation Joint Board and other bodies) with employees allocated to a payroll group on the basis of employing department, payment frequency and conditions of service. 3.2 During 2002/03, the Council and Fujitsu Services, its partner for the provision of ICT services, began to replace the existing in-house payroll system, written in 1975, with Northgate Information Systems integrated payroll and personnel system, ResourceLink. At the time of our audit, nine payrolls had been transferred to the new system. The Council intends to complete the migration of all payrolls by November Audit Scotland s Code of Audit Practice requires us to consider the corporate governance arrangements in place as they relate to the systems of internal control. As part of our 2002/03, therefore, we undertook an overview of the new payroll system, including: the arrangements in place for the migration of existing data to the new payroll system; the ICT controls operating within the new payroll system. 3.4 The aim of our audit was to ensure that: the data transferred to the new payroll system is complete and accurate; the key computer application controls operating within the new payroll system are adequate. 3.5 This report summarises the findings from our review and, where appropriate, makes recommendations to address the weaknesses identified. The weaknesses identified are only those which have come to our attention during the course of our normal audit work and are not necessarily, therefore, all the weaknesses which may exist. It is the responsibility of management to decide the extent of the internal control systems appropriate to the Council. We would stress, however, that an effective control system is an essential part of the efficient management of any organisation. Audit Services - Audit Scotland Page 7

11 Section 4 Migration of data to new payroll system Introduction 4.1 Prior to implementation of a replacement computer system, the data held on the previous system must be transferred to the new system. This process requires to be controlled to ensure that the data held on the new system is complete and accurate. In particular, it is essential that an audit trail is maintained of the process followed; the results of the validation exercise undertaken, including recording any errors identified and the action taken to correct them; and the acceptance of the data by the user department before the system goes live. 4.2 In order to control the migration of data from the old mainframe system to the new ResourceLink system, we would expect the Council to: establish a plan for the transfer of data; reconcile the data held on the old system to the data held on the new system; ensure all data was transferred or otherwise accounted for; ensure the data transferred to the new system was validated and accepted by the user department; maintain an audit trail to evidence that the process has been adequately controlled. 4.3 As part of our 2002/03 audit we reviewed the migration process for the following payrolls: Skye Manual Workers (payroll no. 57); Assessors (payroll no. 39). Audit Findings 4.4 A project team, comprising representatives from the Finance Service, Personnel Services and Fujitsu (the Council s IT provider), is responsible for overseeing the migration of the existing payrolls to the new integrated payroll/personnel system. The project team reports to the Project Board which consists of the Director of Corporate Services and the Director of Finance. 4.5 The Skye Manual Workers payroll (payroll no. 57) was the first to be migrated to the new payroll system. The Payroll Project Team used this payroll as a pilot exercise to develop a Migration Plan and Migration Process Checklist for use in subsequent data migrations. 4.6 Our review of the Migration Process Checklist confirmed that it defines the relative responsibilities of the Highland Council, Fujitsu and Northgate Information Systems and includes all the expected steps and sign off milestones. In addition, an error log was maintained by the Project Team throughout the migration process to record all exceptions and errors identified and the action taken to resolve them. 4.7 We are pleased to note that the Migration Process Checklist was completed for the migration of the Assessors payroll (payroll no. 39) and retrospectively for the Skye Manual Workers (payroll no. 57). Audit Services - Audit Scotland Page 8

12 Section Once all the data had been transferred to the new system, parallel running was undertaken to ensure that the new system was operating properly prior to going live. A number of checks were undertaken by the Project Team as part of this process including agreeing the total number of employees on each system, confirming the cumulative information reported on the new system s summary analysis reports to the P35 data held on the old system, and cross-checking all the information reported on individual payslips. We are pleased to note that these checks were evidenced on the Migration Process Checklist, on the Summary of Parallel Running Testing document and on the summary analysis reports and payslips. 4.9 We are concerned to note, however, that the acceptance of the data by the user department was not adequately documented. Our review of the migration documentation failed to identify any documents signed by a senior officer from the user department to evidence their acceptance of the data and agreement that the payroll should go live on the new system. It is acknowledged that the Summary of Parallel Running Testing document includes a column for the approval of the Project Team Leader and that this has been completed (typed) for both the Skye Manual Workers and Assessors payrolls. In our view, the Project Team Leader should sign (in manuscript) his approval of each stage of the parallel testing process and this should be used as the basis for requesting a senior officer within the user department to confirm their acceptance of the data and agreement that the new system should go live. A pro-forma should be developed for the senior officer s acceptance to ensure that this important control is adequately documented. Refer Action Plan Numbers 1 & Our review of the migration documentation also noted that the audit trail for the results of the parallel running testing could be improved. In particular, we would recommend that the reconciliations and reports/payslips retained as supporting evidence of the checks undertaken be referenced and the file reference included on the Migration Process Checklist to enable them to be easily identified. Refer Action Plan Number 3 Audit Services - Audit Scotland Page 9

13 Section 5 ICT controls operating within the new payroll system Introduction 5.1 The ICT controls operating within any system application are fundamental to the overall system of internal control. As part of our 2002/03 audit, we have undertaken a limited review of the key computer application controls operating within the new payroll system. We examined: the control mechanisms in place to protect the application from environmental, operational and networking risks; the change management and quality procedures in place to ensure that any changes to the application are adequately authorised and controlled; the contingency planning and business continuity arrangements adopted to ensure that there is minimum disturbance to the Council s payroll services in the event of system failure. 5.2 We intend to undertake a full review of the application controls operating within the new system once it has been fully implemented. Audit Findings Service Description 5.3 Service Descriptions form the basis of the relationship between an ICT service provider and the client department. They should define the relative responsibilities of the client and the provider and include a definition of the service to be provided, minimum service levels, availability, support framework, charging arrangements, anticipated growth levels, loading restrictions and change control procedures. 5.4 In line with the Council s current project management practices, the existing Payroll Service Description will not be updated until November 2003 once all payrolls have been migrated to the new payroll system. We have been advised, however, that Fujitsu have proposed that, in future, Service Descriptions be produced at the start of each project as part of the Product Description or Project Definition. We support this move towards good practice in project management. Control Mechanisms Refer Action Plan Numbers 4 & We are pleased to note that the Payroll Project Team have prepared a System Administration Manual which documents the control mechanisms, including access controls and monitoring of security breaches, for the Payroll and Personnel System and clearly defines the responsibilities of the Council and Fujitsu Services for their implementation. Audit Services - Audit Scotland Page 10

14 Section We were concerned to note that, at the time of our audit, members of the Payroll Project Team undertook Systems Administration duties for live payrolls. The Project Board acknowledge that this represented an inadequate segregation of duties and has appointed the Finance Systems Officer as Systems Administrator with effect from 1 July We remain concerned to note, however, that the Payroll Project Team continue to have security profiles which allow them SUPERVISOR access (including the ability to set up new users on the system) for all live payrolls. In addition, we noted a number of other users with SUPERVISOR access where it was not clear why this access is required. Refer Action Plan Number Access to the system is password controlled, with the system automatically prompting users to change their passwords (password duration) and disabling their access due to non-use (account dormancy) after a pre-determined period. We are concerned to note, however, that no guidance has been prepared on setting these parameters. Audit testing revealed inconsistencies between employees with the same security profiles and highlighted a number of employees where the period was set at the default of 999 days (nearly 3 years). Refer Action Plan Number We were also concerned to note that all Pensions and Audit staff had been granted the same security profiles, which give view only access to Systems Administrator information within the system. In particular, we noted that all levels of Pension staff had access to the Invalid Login screen which displays details of incorrectly keyed passwords and the associated operator ids. This represented a serious security risk to the system as a member of the Pensions staff could potentially use this information to access the system using another officer s operator id and password, and was further compounded by the weaknesses identified at paragraphs 5.6 and 5.9. We immediately brought our concerns to the attention of the Project Team Leader and note that a systems upgrade has now been applied which ensures that incorrectly keyed passwords are no longer displayed on the Invalid Login screen. 5.9 Each user is allocated a unique user identity (operator id) which controls their access to the system and enables transactions to be traced back to individual employees. At the time of our review, the Project Team maintained two lists of operator ids, the Register of Users and the Application installation and enabled environments by user list, which described the technical environment for each user. Our review of the operator ids defined on the system noted that neither of these lists was up-to-date. We have been advised that, since the transfer of responsibility for Systems Administration to the Finance Systems Officer, a new spreadsheet of users has been prepared which will be reconciled to the system on a regular basis. Refer Action Plan Number 8 Audit Services - Audit Scotland Page 11

15 Section Our review of the operator ids defined on the system also highlighted the following areas of concern: four generic operator ids which cannot be traced back to individual employees. All of these provide access to all levels of the system and have password duration and account dormancy controls set at very high values (in excess of 500 days). Two of these accounts have not been accessed since 2001/02; two cases where the same employee had two operator ids. We have been advised that the duplicate operator ids have been disabled since we discussed our audit findings with the Payroll Manager; one case where the operator id had not been terminated when the employee left the employment of the Council. We have been advised that this operator id has been disabled since we discussed our audit findings with the Payroll Manager. Change management and quality procedures Refer Action Plan Numbers 9 & We are pleased to note that the System Administration Manual documents procedures for release management (upgrades or customisation of the system software) and that a number of theses procedures were in operation at the time of our review. We examined the Request for Change process as part of our 2001/02 Review of Computer Network Services and concluded that procedures have been established to ensure that changes are properly authorised and controlled. Contingency planning and business continuity 5.12 Audit testing confirmed that the procedures for backup and restoration of the payroll system documented within the System Administration Manual are operating in practice. We are pleased to note that, in line with good practice, a Risk Register is maintained which documents the main risks to the new payroll system and how these are being addressed by the Council and Fujitsu Services. In particular, the operation of a dual server environment ensures that the payroll can continue to be processed in the event of a failure in the system hardware. Audit Services - Audit Scotland Page 12

Internal Audit Report Business Continuity Planning Arrangements

Internal Audit Report Business Continuity Planning Arrangements The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report

More information

Internal Audit Report. Human Resources & Customer Service. Payroll System

Internal Audit Report. Human Resources & Customer Service. Payroll System Internal Audit Report Human Resources & Customer Service Payroll System Issued to: Angela Scott, Acting Director of Corporate Governance Ewan Sutherland, Head of HR and Customer Service Steven Whyte, Head

More information

The Highland Council. Resources Committee 25 February Internal Audit Report Matters Arising from the Statement of Internal Control 2013/14

The Highland Council. Resources Committee 25 February Internal Audit Report Matters Arising from the Statement of Internal Control 2013/14 The Highland Council Resources Committee 25 February 2015 Agenda Item Report No 11(b) RES/ 13/15 Internal Audit Report Matters Arising from the Statement of Internal Control 2013/14 Report by Director

More information

Appendix 1e DIRECTORATE OF AUDIT, RISK AND ASSURANCE INTERNAL AUDIT SERVICE TO THE GLA

Appendix 1e DIRECTORATE OF AUDIT, RISK AND ASSURANCE INTERNAL AUDIT SERVICE TO THE GLA Appendix 1e DIRECTORATE OF AUDIT, RISK AND ASSURANCE INTERNAL AUDIT SERVICE TO THE GLA REVIEW OF PAYROLL February 2012 DISTRIBUTION LIST Audit Team Karen Welsh, Auditor Prakash Gohil, Audit Manager Distribution

More information

Protected. Internal Audit Report Payroll

Protected. Internal Audit Report Payroll Protected Internal Audit Report Payroll Document Details: Reference: 2014/15:1.3 Date: 27 April 2015 This report is not for reproduction publication or disclosure by any means to unauthorised persons.

More information

INTERNAL AUDIT FINAL REPORT CNES FINANCE AND CORPORATE RESOURCES DEPARTMENT CLOUD IT SYSTEMS AND THE CRM SYSTEM OFFICIAL OFFICIAL

INTERNAL AUDIT FINAL REPORT CNES FINANCE AND CORPORATE RESOURCES DEPARTMENT CLOUD IT SYSTEMS AND THE CRM SYSTEM OFFICIAL OFFICIAL INTERNAL AUDIT FINAL REPORT CNES FINANCE AND CORPORATE RESOURCES DEPARTMENT CLOUD IT SYSTEMS AND THE CRM SYSTEM AUTHOR DISTRIBUTION David Beaton Director of Finance and Corporate Resources Internal Audit

More information

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS 11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78

More information

DRAFT. Internal Audit Report. Computer Recycling

DRAFT. Internal Audit Report. Computer Recycling DRAFT Internal Audit Report Computer Recycling Document Details: Reference: 2.7/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement Manager: ext. 6572 Auditor: ext. 6244 Date: 4 th

More information

West Highland College. Internal Audit 2014/15 Annual Report August 2015

West Highland College. Internal Audit 2014/15 Annual Report August 2015 Internal Audit 2014/15 Annual Report August 2015 TABLE OF CONTENTS Section Page 1. Introduction 3 2. Executive Summary 4 5 3. Audit Findings 6 11 4. Benchmarking 12 5. Key Performance Indicators 13 Appendices

More information

Information System Audit Report Office Of The State Comptroller

Information System Audit Report Office Of The State Comptroller STATE OF CONNECTICUT Information System Audit Report Office Of The State Comptroller AUDITORS OF PUBLIC ACCOUNTS KEVIN P. JOHNSTON ROBERT G. JAEKLE TABLE OF CONTENTS EXECUTIVE SUMMARY...1 AUDIT OBJECTIVES,

More information

Guideline on risk management and other aspects of internal control in central securities depository

Guideline on risk management and other aspects of internal control in central securities depository until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph

More information

Guideline on risk management and other aspects of internal control in stock exchange

Guideline on risk management and other aspects of internal control in stock exchange until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial

More information

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information

More information

PART 10 COMPUTER SYSTEMS

PART 10 COMPUTER SYSTEMS PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board

More information

NEW HAMPSHIRE RETIREMENT SYSTEM

NEW HAMPSHIRE RETIREMENT SYSTEM NEW HAMPSHIRE RETIREMENT SYSTEM Auditors Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government

More information

August 2012 Report No. 12-048

August 2012 Report No. 12-048 John Keel, CPA State Auditor An Audit Report on The Texas Windstorm Insurance Association Report No. 12-048 An Audit Report on The Texas Windstorm Insurance Association Overall Conclusion The Texas Windstorm

More information

RS Official Gazette, No 23/2013 and 113/2013

RS Official Gazette, No 23/2013 and 113/2013 RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005

More information

Solihull Metropolitan Borough Council. IT Audit Findings Report September 2015

Solihull Metropolitan Borough Council. IT Audit Findings Report September 2015 Solihull Metropolitan Borough Council IT Audit Findings Report September 2015 Version: Responses v6.0 SMBC Management Response July 2015 Financial Year: 2014/2015 Key to assessment of internal control

More information

FINAL. Internal Audit Report. Data Centre Operations and Security

FINAL. Internal Audit Report. Data Centre Operations and Security FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

Internal Audit Annual Report 2011/12

Internal Audit Annual Report 2011/12 1 Introduction 1.1 In accordance with the Code of Practice for Internal Audit in Local Government in the United Kingdom, the Internal Audit Annual Report 2011/12 for Cheshire East contains the following:

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Allen Independent School District July 21, 2014

Allen Independent School District July 21, 2014 Allen Independent School District July 21, 2014 Table of Contents Internal Audit Process 3 Risk Evaluation Criteria 5 Payroll 6 Information Technology 11 Facilities 18 Finance and Operations 22 Eagle Stadium

More information

Attachment 4. Finance - Information Technology - Computer & Computer Equipment Lease Tracking Audit

Attachment 4. Finance - Information Technology - Computer & Computer Equipment Lease Tracking Audit Attachment 4 Finance - Information Technology - Computer & Computer Equipment Lease Tracking Audit TABLE OF CONTENTS 1.0 MANAGEMENT SUMMARY...1 2.0 INTRODUCTION...2 3.0 OBJECTIVES, METHODOLOGY, SCOPE...3

More information

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) (NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) 1. Approval and Authorisation Completion of the following signature blocks signifies

More information

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:

More information

Internal Control Systems

Internal Control Systems D. INTERNAL CONTROL 1. Internal Control Systems 2. The Use of Internal Control Systems by Auditors 3. Transaction Cycles 4. Tests of Control 5. The Evaluation of Internal Control Component 6. Communication

More information

<INSERT PROJECT NAME> DATA MIGRATION CHECKLIST

<INSERT PROJECT NAME> DATA MIGRATION CHECKLIST DATA MIGRATION CHECKLIST Ensure you always have the latest version of this document. Document Location This document is only valid on the day it was printed. The source of the document

More information

Information Systems and Technology

Information Systems and Technology As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons

More information

Internal Control Guide & Resources

Internal Control Guide & Resources Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

FINAL. Internal Audit Report. Employees Travel and Subsistence Expenses 2014/15

FINAL. Internal Audit Report. Employees Travel and Subsistence Expenses 2014/15 FINAL Internal Audit Report Employees Travel and Subsistence Expenses 2014/15 Document Details: Reference: 2.14/2014.15 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement Manager: Audit Assistant

More information

Internal Audit. Final Report. Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER

Internal Audit. Final Report. Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER Internal Audit Final Report Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER May 2014 G:\2013_14 AUDIT\02 Environment & Economy\01

More information

Interim Audit Report. Borough of Broxbourne Audit 2010/11

Interim Audit Report. Borough of Broxbourne Audit 2010/11 Interim Audit Report Borough of Broxbourne Audit 2010/11 The Audit Commission is an independent watchdog, driving economy, efficiency and effectiveness in local public services to deliver better outcomes

More information

INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION CONTENTS

INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION CONTENTS INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of this

More information

1. Introduction. 2. Performance against service levels 1 THE HIGHLAND COUNCIL. Agenda Item. Resources Committee 26 th March 2003 RES/43/03

1. Introduction. 2. Performance against service levels 1 THE HIGHLAND COUNCIL. Agenda Item. Resources Committee 26 th March 2003 RES/43/03 1 THE HIGHLAND COUNCIL Resources Committee 26 th March 2003 Performance report for January / February 2003 Report by the Information Systems Client Manager Agenda Item Report No 18 RES/43/03 Summary This

More information

April 2010. promoting efficient & effective local government

April 2010. promoting efficient & effective local government Department of Public Works and Environmental Services Department of Information Technology Fairfax Inspections Database Online (FIDO) Application Audit Final Report April 2010 promoting efficient & effective

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions SCHEDULE 12 EXIT AND SERVICE TRANSFER ARRANGEMENTS 1. Introduction

More information

Appendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit

Appendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit Appendix C Accountant in Bankruptcy Annual report on the 2013/14 audit Prepared for Accountant in Bankruptcy and the Auditor General for Scotland 6 August 2014 Audit Scotland is a statutory body set up

More information

City of Unley Internal Audit Report Payroll Process

City of Unley Internal Audit Report Payroll Process City of Unley Internal Audit Report Contact: David Papa, Director Bentleys (SA) Pty Ltd T 08 8372 7900 F 08 8372 7999 E dpapa@adel.bentleys.com.au Level 2, 139 Frome Street Adelaide, South Australia, 5000

More information

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions 1. Change Control Principles Schedule 24: Change Control

More information

Governance & Audit Committee 1 February 2016

Governance & Audit Committee 1 February 2016 Agenda Item 6. Governance & Audit Committee 1 February 2016 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on

More information

Agenda Item No. 8. Joint Audit Committee. Date: 26 June Chief Internal Auditor. Title: Internal Audit Annual Report

Agenda Item No. 8. Joint Audit Committee. Date: 26 June Chief Internal Auditor. Title: Internal Audit Annual Report Agenda Item No. 8 To: Joint Audit Committee Date: 26 June 2013 By: Chief Internal Auditor Title: Internal Audit Annual Report 2012-13 Purpose of Report: The purpose of this report is to give an opinion

More information

Roles & Responsibilities for NHAIS (Exeter) System Key Users

Roles & Responsibilities for NHAIS (Exeter) System Key Users Document filename: NHAIS Key User Roles and Responsibilities.docx Directorate / Programme HSCIC Project SSD Document Reference DOC-00126 Project Manager Sean Walsh Status Approved Owner Norman Raphael

More information

CENTRAL BEDFORDSHIRE COUNCIL SCHOOL S RECORD OF SELF ASSESSMENT OF KEY FINANCIAL CONTROLS

CENTRAL BEDFORDSHIRE COUNCIL SCHOOL S RECORD OF SELF ASSESSMENT OF KEY FINANCIAL CONTROLS 1) REPORTING AND EVIDENCE REVIEW The Responsible Officer should initial and date all documents, reconciliations and reports as evidence of review and record the date of the school visit in this log. If

More information

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date: A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE

SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE Learning objective: explain the use of computer assisted audit techniques in the context of an audit discuss and provide relevant examples of the use of test

More information

Hertsmere Borough Council. Data Quality Strategy. December 2009 1

Hertsmere Borough Council. Data Quality Strategy. December 2009 1 Hertsmere Borough Council Data Quality Strategy December 2009 1 INTRODUCTION Public services need reliable, accurate and timely information with which to manage services, inform users and account for performance.

More information

Skills for Victoria Contract Compliance Audit Report. Strategic Training and Employment Placement Services (STEPS) Pty Ltd 7110

Skills for Victoria Contract Compliance Audit Report. Strategic Training and Employment Placement Services (STEPS) Pty Ltd 7110 Skills for Victoria Contract Compliance Audit Report Strategic Training and Employment Placement Services (STEPS) Pty Ltd 7110 Version FINAL Date 15/12/11 Circulation Skills Victoria Peter Clark, Director,

More information

Audit and Governance Committee Report. 4 July 2011. quarter. Internal audit activity report. one 2011/2012 1/2012. Purpose of Report. Report No.

Audit and Governance Committee Report. 4 July 2011. quarter. Internal audit activity report. one 2011/2012 1/2012. Purpose of Report. Report No. Audit and Governance Committee Report 4 July 2011 Report of Audit Manager Author: Adrianna Partridge Telephone: 01235 547615 Telephone: 01491 823544 E-mail: adrianna.partridge@southandvale.gov.uk Cabinet

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

Appendix 1C. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA PAYROLL CONTROL FRAMEWORK

Appendix 1C. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA PAYROLL CONTROL FRAMEWORK Appendix 1C DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA PAYROLL CONTROL FRAMEWORK DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Karen Walker, Risk and Assurance

More information

@ HONG KONG MONETARY AUTHORITY

@ HONG KONG MONETARY AUTHORITY ., wm~i!l1f~nu CR G 3 Credit Administration, Measurement V. 1-19.01.01 This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations

More information

Appendix 1. Shared Payroll Services. Business Case

Appendix 1. Shared Payroll Services. Business Case Shared Payroll Services Business Case Page 1 03/04/2013 Table of Contents Background... 3 Objective... 3 Options appraisal... 3 Cost Analysis Summary... 4 Benefit Analysis... 7 Risk Analysis... 8 Information

More information

MANAGEMENT LETTER. Nassau Health Care Corporation and Subsidiaries

MANAGEMENT LETTER. Nassau Health Care Corporation and Subsidiaries MANAGEMENT LETTER Nassau Health Care Corporation and Subsidiaries Year ended December 31, 2012 Ernst & Young LLP 5 Times Square New York, New York 10036 Tel: +1 212 773 3000 Fax: +1 212 773 6530 ey.com

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.

Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control. Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter 12 12-1 12-2 How Information Technologies Enhance Internal Control Learning

More information

Commercial Crime Insurance Application Form

Commercial Crime Insurance Application Form Commercial Crime Insurance Application Form Please answer all questions fully, and including all subsidiaries. If there is insufficient space, please provide further details as appropriate. Copies of the

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

WESTERN NEVADA COLLEGE THEATER DEPARTMENT Internal Audit Report July 1, 2009 through January 31, 2011

WESTERN NEVADA COLLEGE THEATER DEPARTMENT Internal Audit Report July 1, 2009 through January 31, 2011 WESTERN NEVADA COLLEGE THEATER DEPARTMENT Internal Audit Report July 1, 2009 through January 31, 2011 GENERAL OVERVIEW The Western Nevada College (WNC) Theater Department falls administratively under the

More information

Payroll Review. Internal Audit Final Report 09_10 1.4. Assurance rating this review. Moderate. Distribution List. Chief Executive - Peter Sloman

Payroll Review. Internal Audit Final Report 09_10 1.4. Assurance rating this review. Moderate. Distribution List. Chief Executive - Peter Sloman Review Internal Audit Final Report 09_10 1.4 Assurance rating this review Moderate Distribution List Chief Executive - Peter Sloman Interim Executive Finance Director Nigel Pursey Heads of Finance - Penny

More information

Depute Chief Executive (Resources & People Services) Internal Audit Report Housing Allocations

Depute Chief Executive (Resources & People Services) Internal Audit Report Housing Allocations REPORT TO: Audit and Governance Committee MEETING DATE: 18 March 2014 BY: SUBJECT: Depute Chief Executive (Resources & People Services) Internal Audit Report Allocations 1 PURPOSE 1.1 To inform the Audit

More information

EAST RENFREWSHIRE COUNCIL AUDIT AND SCRUTINY COMMITTEE. 18 August Report by Chief Auditor REVIEW OF INTERNAL AUDIT CHARTER

EAST RENFREWSHIRE COUNCIL AUDIT AND SCRUTINY COMMITTEE. 18 August Report by Chief Auditor REVIEW OF INTERNAL AUDIT CHARTER AGENDA ITEM No. 10 EAST RENFREWSHIRE COUNCIL AUDIT AND SCRUTINY COMMITTEE 18 August 2016 Report by Chief Auditor REVIEW OF INTERNAL AUDIT CHARTER 1 PURPOSE OF REPORT To submit to members for approval the

More information

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES First Edition July 2005 Hong Kong Contents Glossary...2 Introduction to Standards...4 Interpretation Section...6

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Recognition of Prior Learning (RPL) BSB40515 Certificate IV in Business Administration

Recognition of Prior Learning (RPL) BSB40515 Certificate IV in Business Administration Recognition of Prior Learning (RPL) BSB40515 Certificate IV in Business Administration What is RPL? RPL recognises that you may already have the skills and knowledge needed to meet national competency

More information

Mille Lacs Band of Ojibwe Indians Gaming Regulatory Authority Detailed Gaming Regulations

Mille Lacs Band of Ojibwe Indians Gaming Regulatory Authority Detailed Gaming Regulations I. SCOPE. This document includes the for Information Technology to be regulated and played in compliance with Title 15 of the Mille Lacs Band Statutes Annotated. II. REGULATIONS APPLICABLE TO INFORMATION

More information

The Scrutiny Panel heard from Fiona Kordiak, Audit Scotland, the Council s auditors and the Director of Finance.

The Scrutiny Panel heard from Fiona Kordiak, Audit Scotland, the Council s auditors and the Director of Finance. + ED I N BVRG H + THE CITY OF EDINBURGH COUNCIL Item no \8 External Audit Reports Received Executive of the Council 16 December 2003 Purpose of report 1 To refer a recommendation arising from consideration

More information

ESKIDMS3 Database management software

ESKIDMS3 Database management software Overview This is the ability to use a software application designed to store and retrieve data needed for a variety of business functions. It also includes an understanding of the features and facilities

More information

Internal Audit Monitoring Report. Audit Report status Assurance. Payroll Final Limited

Internal Audit Monitoring Report. Audit Report status Assurance. Payroll Final Limited Appendix 1 Internal Audit Monitoring Report Audit Report status Assurance Payroll Final Limited The Payroll system was reviewed to seek assurance that processes and procedures are operating effectively

More information

Quality Assurance Systems websites - 1 st April 2015 update on the progress of the development review for:

Quality Assurance Systems websites - 1 st April 2015 update on the progress of the development review for: Quality Assurance Systems websites - 1 st April 2015 update on the progress of the development review for: Practice Placement Quality Assurance (PPQA) Clinical Skills and Simulation Quality Assurance (CSSQA)

More information

Checklist. Internal financial controls for charities. Contents. 1. Self-assessment checklist

Checklist. Internal financial controls for charities. Contents. 1. Self-assessment checklist 1 of 9 Internal financial controls for charities Checklist Contents 1. Self-assessment checklist 1 2. Some key issues, monitoring arrangements and risk of fraud 2 3. Income 3 4. Purchases and payments

More information

Perth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01

Perth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01 Perth & Kinross Council Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08 External Audit Report No: 2008/01 Draft Issued: 11 February 2008 Final Issued: 29 February 2008 Contents Page Page

More information

Document Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0

Document Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0 Standard Operating Procedures (SOPs) Research and Development Office Title of SOP: Computerised Systems for Clinical Trials SOP Number: 7 Version Number: 2.0 Supercedes: 1.0 Effective date: August 2013

More information

Internal Audit Publication Date: September Legislation Guidance Internal audit function... 3

Internal Audit Publication Date: September Legislation Guidance Internal audit function... 3 INTERNAL AUDIT Contents 1. Legislation... 2 2. Guidance... 3 2.1 Internal audit function... 3 2.2 Outsourcing and sharing arrangements... 5 2.3 Relationship with the auditor... 5 2.4 Internal audit charter...

More information

SCHEDULE PART 9 BUSINESS CONTINUITY AND DISASTER RECOVERY

SCHEDULE PART 9 BUSINESS CONTINUITY AND DISASTER RECOVERY SCHEDULE PART 9 BUSINESS CONTINUITY AND DISASTER RECOVERY In this Part 9 of the Schedule (Business Continuity and Disaster Recovery), the following terms shall (unless the context requires otherwise) have

More information

DETAIL AUDIT PROGRAM Information Systems General Controls Review

DETAIL AUDIT PROGRAM Information Systems General Controls Review Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,

More information

General IT Controls Audit Program

General IT Controls Audit Program Contributed February 5, 2002 by Paul P Shotter General IT Controls Audit Program Purpose / Scope Perform a General Controls review of Information Technology (IT). The reviews

More information

Internal Audit Final Report Strategic Finance Accounts Receivable March 2014

Internal Audit Final Report Strategic Finance Accounts Receivable March 2014 Internal Audit Final Report Strategic Finance Accounts Receivable March 2014 Page 1 of 23 CONTENTS EXECUTIVE SUMMARY 3-4 Overview 3 Summary of Significant Risks 4 Summary of Significant Findings 4 Conclusion

More information

Depute Chief Executive Resources & People Services. Internal Audit Report Insurance and Claims

Depute Chief Executive Resources & People Services. Internal Audit Report Insurance and Claims REPORT TO: Audit and Governance Committee MEETING DATE: 19 November 2013 BY: SUBJECT: Depute Chief Executive Resources & People Services Internal Audit Report Insurance and Claims 1 PURPOSE 1.1 To inform

More information

Appendix VIII SAS 70 Examinations of EBT Service Organizations

Appendix VIII SAS 70 Examinations of EBT Service Organizations Appendix VIII SAS 70 Examinations of EBT Service Organizations Background States must obtain an examination by an independent auditor of the State electronic benefits transfer (EBT) service providers (service

More information

Corporate Health and Safety Policy

Corporate Health and Safety Policy Corporate Health and Safety Policy Publication code: ED-1111-003 Contents Foreword 2 Health and Safety at Work Statement 3 1. Organisation and Responsibilities 5 1.1 The Board 5 1.2 Chief Executive 5 1.3

More information

Joseph Leckie Academy Business Manager Job Description

Joseph Leckie Academy Business Manager Job Description Joseph Leckie Academy Business Manager Job Description Job Title: Academy Business Manager Work Location: Academy Based Reports To: Principal Grade: 10 /11 Salary Range: 35093 43387 Dependent on qualifications

More information

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07 between South

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

FINANCIAL ADMINISTRATION MANUAL

FINANCIAL ADMINISTRATION MANUAL Issue Date: September 2009 Effective Date: Immediate Chapter: Accounting for Expenditures Responsible Agency: Office of the Comptroller General Directive No: 706-3 Directive Title: ACCOUNTING CONTROLS

More information

Circular to All Licensed Corporations on Information Technology Management

Circular to All Licensed Corporations on Information Technology Management Circular 16 March 2010 Circular to All Licensed Corporations on Information Technology Management In the course of our supervision, it has recently come to our attention that certain deficiencies in information

More information

JOB DESCRIPTION CONTRACTUAL POSITION

JOB DESCRIPTION CONTRACTUAL POSITION Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical

More information

The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable

The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable Year ended 31 March 2015 October 2015 John Gregory Director and Engagement Lead T +44 (0)121 232 5333 E john.gregory@uk.gt.com

More information

INTERNAL AUDIT SERVICES Glenorchy City Council Internal audit report of Derwent Entertainment Centre financial business and operating systems

INTERNAL AUDIT SERVICES Glenorchy City Council Internal audit report of Derwent Entertainment Centre financial business and operating systems INTERNAL AUDIT SERVICES Internal audit report of Derwent Entertainment Centre financial business and operating systems ADVISORY Contents Executive summary...2 Internal audit findings...4 Summary of other

More information

We would like to extend our appreciation to the staff that assisted us throughout this audit. Attachment

We would like to extend our appreciation to the staff that assisted us throughout this audit. Attachment Date: June 25, 2014 To: Brenda S. Fischer, City Manager From: Candace MacLeod, City Auditor Subject: Audit of Glendale Fire Department s Payroll Process The City Auditor s Office has completed an audit

More information

INFORMATION TECHNOLOGY CONTROLS

INFORMATION TECHNOLOGY CONTROLS CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,

More information

Employee Self-Service Training Manual

Employee Self-Service Training Manual Employee Self-Service Training Manual Introduction 1 Contents Introduction... 4 Purpose of the Training Manual... 4 Contacts... 4 Introduction to Oracle Self-Service... 5 How to Sign on to sun-e-hr...

More information

Final. Internal Audit Report. Creditors System

Final. Internal Audit Report. Creditors System Final Internal Audit Report Creditors System Document Details: Reference: 1.2 / 2014-15 Senior Manager, Internal Audit & Assurance: David Jenkins ext 6567 Date: 7 th January 2015 This report is not for

More information

Electronic Trading Information Template

Electronic Trading Information Template Electronic Trading Information Template Preface This Electronic Trading Information Template (the "Template") has been created through the collaborative efforts of the professional associations listed

More information

IMMANUEL COLLEGE JOB DESCRIPTION. Classification: Grade 3 Lutheran Schools Enterprise Agreement 2012

IMMANUEL COLLEGE JOB DESCRIPTION. Classification: Grade 3 Lutheran Schools Enterprise Agreement 2012 IMMANUEL COLLEGE JOB DESCRIPTION Title: Finance Officer Payroll & Accounting Classification: Grade 3 Lutheran Schools Enterprise Agreement 2012 Tenure: Ongoing, full-time 1. Summary of the broad purpose

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information