UNIVERSITY OF CALIFORNIA DAVIS INTERNAL AUDIT SERVICES. Information and Educational Technology Data Center and Client Services Project #08-21
|
|
- Benedict Weaver
- 8 years ago
- Views:
Transcription
1 DAVIS INTERNAL AUDIT SERVICES Information and Educational Technology Data Center and Client Services Project #08-21 June 2009 Fieldwork Performed by: Tony Firpo, Principal Auditor Reviewed by: Leslyn Kraus, Associate Director Approved by: Richard Catalano, Director
2 Information and Educational Technology Data Center and Client Services Internal Audit Services Project #08-21 MANAGEMENT SUMMARY Internal Audit Services (IAS) has conducted a review of the campus Data Center and Client Services (Data Center) organization. The Data Center is a division of Information and Educational Technology and is comprised of four units: (1) Data Center Infrastructure Services; (2) Database and Systems Management; (3) Infrastructure Systems Management; and (4) Operations. The scope of this audit was limited to a review of the Data Center s disaster recovery and business continuity planning, and a review of the Data Center s Service Level Agreements (SLAs) with its clients. To conduct the review, IAS reviewed documentation including the Data Center disaster recovery plan and a sample of SLAs; and interviewed Data Center and campus personnel. Fieldwork on this audit was performed intermittently between July 2006 and March 2009 because of interruptions involving (unrelated) IAS investigations. The existing disaster recovery plan for the Data Center was developed in 2003 based on a business impact analysis completed in Since the impact analysis was completed, significant changes have occurred to computing resources provided by the Data Center and required by the campus to meet operational needs. Accordingly, the disaster recovery plan must be updated to ensure there is an effective and systematic response to an event significantly impacting computing services provided by the Data Center. The plan should be updated only after a risk assessment and business impact analysis has been conducted to identify critical functions and impact of loss or disruption to those functions. The proposed risk assessment and business impact analysis is an essential step in providing information to the Chancellor, Provost, Vice Provost Information and Educational Technology and other senior leaders in weighing various options and updating the disaster recovery plan to properly reduce risk to what is determined to be an acceptable level. It will be imperative that the business impact analysis be a collaborative effort of the Data Center and major clients. Accordingly, campus-wide support for the business impact analysis through the formation of committees to lead the project and/or identification of funding for external consultants will be critical to its success. Dedicated client participation will be critical to thoroughly determine the impact to operations if computer resources are not available for various time intervals (i.e., a day, a week, two weeks, a month). In line with efforts to address the disaster recovery plan for the Data Center, there is a need to effectively communicate and coordinate with clients on the respective roles and responsibilities if a disaster should disrupt services covered in existing SLAs. Consistent with the proposed broader impact analysis, clients who are relying on the Data Center for operating and managing computer resources through SLAs need to evaluate their disaster preparedness. i
3 Information and Educational Technology Data Center and Client Services Internal Audit Services Project #08-21 TABLE OF CONTENTS MANAGEMENT SUMMARY... i TABLE OF CONTENTS... ii I. BACKGROUND... 1 II. PURPOSE AND SCOPE... 1 III. CONCLUSION... 2 III. OBSERVATIONS, RECOMMENDATIONS, AND MANAGEMENT CORRECTIVE ACTIONS A. DISASTER RECOVERY AND BUSINESS CONTINUITY. 2 B. SERVICE LEVEL AGREEMENTS.. 4 ii
4 I. BACKGROUND The campus Data Center and Client Services (Data Center) organization is a division of Information and Educational Technology (IET) and is comprised of four units: (1) Data Center Infrastructure Services, which is responsible for providing both the physical infrastructure for the Data Center and services in support of all systems in the Data Center; (2) Database and Systems Management, which provides database expertise to support many of the campus applications critical to the mission of the University; (3) Infrastructure Systems Management, which provides the infrastructure, computer security and client /business system expertise to support many of the campus applications critical to the mission of the University; and (4) Operations, which provides operational support for all services that are housed in the Data Center. The mission of the Data Center is to provide consistent and secure access to the University s mission critical computing services, and to provide the campus community with excellent computer support and consultation services. The Data Center has a staff of approximately 43 administrative personnel and had a current year budget for fiscal year of approximately $4.6 million, including core funds of $3.3 million and recharges of $1.3 million. II. PURPOSE AND SCOPE This audit was originally planned as a full-scope general controls review, however, in 2008 the Data Center engaged an external consulting firm to perform a comprehensive review of its operations as it related to security. IAS obtained a copy of the consultants report and concluded that because of the work performed by the consultants, security /access controls could be excluded from the scope of our review. Additionally, based on discussions with Data Center and campus management, physical and environmental controls were also excluded from the scope of the review, as management is already aware of certain deficiencies with the Data Center site and is working toward short-term and long-term solutions. As a result, the scope of this IAS project was limited to a review of the Data Center s disaster recovery and business continuity planning, and a review of the Data Center s Service Level Agreements (SLAs) with its clients. To conduct the review, IAS reviewed documentation including the consultants report, the Data Center disaster recovery plan, and a sample of SLAs; and interviewed Data Center and campus personnel. Fieldwork on this audit was performed intermittently between July 2006 and March 2009 because of interruptions involving (unrelated) IAS investigations. 1
5 III. CONCLUSION The existing disaster recovery plan for the Data Center was developed in 2003 based on a business impact analysis completed in Since the impact analysis was completed, significant changes have occurred to computing resources provided by the Data Center and required by the campus to meet operational needs. Accordingly, the disaster recovery plan must be updated to ensure there is an effective and systematic response to an event significantly impacting computing services provided by the Data Center. The plan should be updated only after a risk assessment and business impact analysis has been conducted to identify critical functions and impact of loss or disruption to those functions. The proposed risk assessment and business impact analysis will also be significant as the Chancellor, Provost, and other senior UCD leaders weigh various options to reduce risks to what is determined to be an acceptable level. It will be imperative that the business impact analysis be a collaborative effort of the Data Center and major clients. Dedicated client participation will be needed to thoroughly determine the impact to operations if computer resources are not available for various time intervals (i.e., a day, a week, two weeks, a month). The updated plan needs to include periodic testing. In line with efforts to address the disaster recovery plan for the Data Center is the need to effectively communicate and coordinate with clients on the respective roles and responsibilities if a disaster should disrupt services covered in existing SLAs. Consistent with the proposed broader impact analysis, clients who are relying on the Data Center for operating and managing computer resources through SLAs need to evaluate their disaster preparedness. Past communication has been provided to senior management on the need for better guidance and templates to assist departments with this important task. IV. OBSERVATIONS, RECOMMENDATIONS, AND MANAGEMENT CORRECTIVE ACTIONS A. Disaster Recovery and Business Continuity 1. The disaster recovery plan for the Data Center needs to be updated based on a current business impact analysis. The existing disaster recovery plan was prepared in July 2003 based on a business impact analysis performed in Accordingly, plan assumptions and strategies have not been reassessed along with risks and changes in critical computing needs. Over the past fourteen years since the impact analysis was completed and five years since the plan was developed, campus computing resources have significantly expanded, as has the reliance on them to operate the institution. Certain assumptions made in the current plan may no longer be valid. For example, the plan does not provide for a hot or cold site that would allow for alternative computer support in the event of a major loss to the Data Center. The plan states that alternate sites were not considered because of funding limitations. If an updated 2
6 business impact analysis were performed, management would reevaluate this funding decision, especially now with the collaboration occurring with the Health System. The business impact analysis will require collaboration between the Data Center and its major clients. For instance, impact analyses conducted by Data Center clients will be necessary in order to inform the Data Center s overall impact analysis and disaster recovery plan. University of California Business and Finance Bulletin (BFB) IS-12, Continuity Planning and Disaster Recovery, states that disaster recovery plans should be updated to reflect changing environments, processes, technology, or other impacts as appropriate. The failure to have an updated plan document based on a current business impact study could potentially impair the Data Center s effective response to an emergency situation. Recommendations The Data Center disaster recovery plan should be reviewed and updated as considered necessary based on the current university environment and an updated business impact analysis. Also, procedures should be established by the Data Center for periodic updating of the plan as outlined in the plan document. Management Corrective Action By October 31, 2009 a plan will be developed for conducting the business impact analysis and updating the disaster recovery plan. The plan will address the need for the formation of committees and /or external consultants to lead the project, and will include provisions for inclusion of client risk analysis and business impact analysis. The plan will also include an anticipated timeline for completing analysis work, as well as a timeline for revising the Data Center s disaster recovery plan. The plan will be approved by the Vice Provost Information and Educational Technology and the Provost and will be shared with the Chancellor and other senior leadership groups such as the Council of Vice Chancellors and Deans. 2. The Data Center has not fully tested all aspects of the current disaster recovery plan or developed a schedule for conducting periodic exercises of its disaster recovery and business continuity capabilities. Conducting periodic exercises of disaster recovery and business continuity readiness is considered to be a best practice in the information technology environment. BFB IS-12 states that disaster recovery plans should be tested on a periodic basis by various means, such as disaster recovery exercises, testing of alternate sites, or other simulations of potentially predictable 3
7 emergencies. The Data Center has in the past completed certain disaster recovery exercises; however, these exercises have not been comprehensive or performed consistently in adherence to a regularly established schedule. Recommendation The Data Center should establish a schedule for conducting periodic exercises of its disaster recovery /business continuity capabilities. Management Corrective Action By October 1, 2009 management will establish a schedule for conducting periodic exercises of its disaster recovery /business continuity capabilities. In addition, procedures will be developed to document the results of tests performed. B. Service Level Agreements The Service Level Agreements (SLAs) between the Data Center and its clients do not adequately delineate responsibility for disaster recovery and business continuity planning. The Data Center has executed 45 Service Level Agreements (SLAs), which represent a contractual arrangement between the Data Center and a client outlining services to be performed, responsibilities of each party, fees, etc. Below are examples of clients and projects /services that have computer hardware supported by the Data Center through SLAs: Client Mondavi Center Office of Administration Office of Administration Office of Resource Management & Planning Undergraduate Admissions Graduate Studies Project/Service Paciolan Financial Information System Effort Reporting Databases /Cold Fusion E-Recruitments Reporting IAS reviewed a sample of SLAs for fiscal year 2008 and concluded that the contractual language needed to be improved to effectively communicate the responsibility for disaster recovery and business continuity planning. Specifically, disaster recovery and business continuity is a shared responsibility between the Data Center and its clients, and the SLA language should be strengthened to reflect this fact. For example, currently under the Client Responsibilities section of the SLA, certain elements of disaster planning including required maintenance contracts with vendors and escalation procedures are addressed; however, there is no section that specifically addresses disaster recovery per se. Also, the SLAs do not reflect the fact that Data Center clients running mission critical systems would receive priority over other Data Center clients in the event of a 4
8 large-scale disaster. Lastly, IAS found that the Data Center did not have any established policy concerning the level of client management expected to approve SLAs. Because of the significance of SLAs, especially on critical systems such as DaFIS and the Student Information System, senior management should approve SLAs. Recommendations The Data Center, in consultation with its clients, should develop expanded language within the SLAs surrounding responsibility for disaster recovery and business continuity planning. Additionally, the Data Center should inform its clients of the changes to the SLAs in a memo or letter. Also, the Data Center should require that SLAs for department systems be approved by the respective chair or department head, and for campus wide administrative systems the approval level should be at least at the Assistant Vice Chancellor level. Management Corrective Action By October 1, 2009 management will revise the SLAs to include a section addressing disaster recovery, such that by 2010 SLAs will include the updates. Along with the SLAs, a cover letter will be sent to each appropriate level of client management highlighting the disaster recovery additions. The Data Center also has developed a policy that SLAs for department systems be approved by the respective chair or department head and for campus wide administrative systems the approval be at least at the Assistant Vice Chancellor level. * * * 5
PRESENTATION OF INTERNAL AUDIT SERVICES DAVIS CAMPUS. Rick Catalano Director, Internal Audit Services January 2009
PRESENTATION OF INTERNAL AUDIT SERVICES DAVIS CAMPUS Rick Catalano Director, Internal Audit Services January 2009 UC Davis Background Rankings Washington Monthly: 8 th in contributions to society NSF:
More informationContinuity Planning and Disaster Recovery
Responsible Officer: AVP - Information Technology Services & UC Chief Information Officer Responsible Office: IT - Information Technology Services Issuance Date: 7/27/2007 Effective Date: 7/27/2007 Scope:
More informationSubject: Internal Audit of Information Technology Disaster Recovery Plan
RIVERSIDE: AUDIT & ADVISORY SERVICES June 30, 2009 To: Charles Rowley, Associate Vice Chancellor Computing & Communications Subject: Internal Audit of Information Technology Disaster Recovery Plan Ref:
More informationUNIVERSITY OF CALIFORNIA, DAVIS INTERNAL AUDIT SERVICES. University of California Davis Medical Center Electronic Medical Records Project #04-44
, DAVIS INTERNAL AUDIT SERVICES University of California Davis Medical Center Electronic Medical Records Project #04-44 October 2006 Fieldwork Performed by: Tim Bryan, Principal Auditor Reviewed by: Tom
More informationDisaster Recovery and Business Continuity Plan
Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix
More informationOFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationBusiness Continuity Management Review
Office of Internal Audit Business Continuity Management Review November 14, 2014 Internal Audit Team Shannon Henry Chief Audit Officer & Executive Director of Institutional Compliance Stacy Sneed Audit
More informationStorage Area Network (SAN) Services - SLA
1 General Overview This is a Service Level Agreement ( SLA ) between the customer and the Enterprise Storage and Backup Group (SBG) to document: The technology services SBG provides to the customer The
More informationUniversity of California Santa Cruz EMERGENCY RESPONSE PLAN
University of California Santa Cruz EMERGENCY RESPONSE PLAN September 2007 University of California, Santa Cruz Page 2 of 11 I. INTRODUCTION... 3 A. Purpose... 3 B. Scope... 3 C. Authority... 3 D. Mission...
More informationSystems Support - Standard
1 General Overview This is a Service Level Agreement ( SLA ) between document: and Enterprise Windows Services to The technology services Enterprise Windows Services provides to the customer The targets
More informationIT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS. Audit Report 11-30 August 12, 2011
IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, CHANNEL ISLANDS Audit Report 11-30 August 12, 2011 Members, Committee on Audit Henry Mendoza, Chair Melinda Guzman, Vice Chair Margaret Fortune Steven
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationEnterprise UNIX Services - Systems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and Enterprise UNIX Services to document: The technology services Enterprise UNIX Services provides to the customer. The targets for
More informationStrategic Planning Procedure Manual
Strategic Planning Procedure Manual Adopted by the Strategic Planning Committee January 2003; revised December 2007, revised November 2011; revised September 2012; revised October 2014; revised June 2015
More informationHanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness
Issue Date: August 31, 2006 Audit Report Number 2006-DP-0005 TO: Lisa Schlosser, Chief Information Officer, A FROM: Hanh Do, Director, Information System Audit Division, GAA SUBJECT: Review of HUD s Information
More informationInformation Services. Standing Service Level Agreement (SLA) Firewall and VPN Services
Information Services Standing Service Level Agreement (SLA) Firewall and VPN Services Overview This service level agreement (SLA) is between Information Services (IS), and any unit at the University of
More informationOffice of Internal Audit. Activity Report. For the period from August 9, 2014 to October 31, 2014. Internal Audit Team
Activity Report For the period from August 9, 2014 to October 31, 2014 Internal Audit Team Stefanie Powell, CPA, CISA Interim Director Kelly Mintern, CPA, CIA Auditor Cynthia Nickerson, CPA Auditor Taylor
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationInternal Audit Charters
Internal Audit Charters Part of a series of notes to help Centers review their own internal management processes from the point of view of managing risks and promoting good governance and value for money,
More informationPerformance Management Review Process Draft for Management Consultation Review
Draft for Management Consultation Review Policy 505: Performance Management Review Process Policy Category: Professional Development Who Is Covered: All employees whose position is designated to be in
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationFor more information, please visit the IST Service Catalog at http://ist.berkeley.edu/services/is/calweb-iis
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windows Team to document: The technology services the Enterprise Windows Team provides to the customer The targets
More informationOFFICE OF AUDITS & ADVISORY SERVICES SUNGARD TREASURY MANAGEMENT SYSTEM CONTRACT COMPLIANCE FINAL AUDIT REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES SUNGARD TREASURY MANAGEMENT SYSTEM CONTRACT COMPLIANCE FINAL AUDIT REPORT Chief of Audits: Juan R. Perez Senior Audit Manager:
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationJanuary 12, 2016. Dr. Hobson Wildenthal, President ad interim Ms. Lisa Choate, Chair of the Institutional Audit Committee:
THE UNIVERSITY OF TEXAS SYSTEM AT THE UNIVERSITY OF TEXAS AT DALLAS OFFICE OF INTERNAL AUDIT 800 W. CAMPBELL RD. SPN 32 RICHARDSON, TX 75080 PHONE 972-883-4876 FAX 972-883-6846 January 12, 2016 Dr. Hobson
More informationComparing the UNC System Business Continuity Programs Against Other Universities Both Private and Public BUSINESS CONTINUITY QUESTIONNAIRE
Katina Blue, UNC Pembroke MPA candidate, developed the following questionnaire. Katina is conducting research to study business continuity programs across the United States and to compare and contrast
More informationGovernance Processes and Organizational Structures for Information Management
UNIVERSITY BUSINESS EXECUTIVE ROUNDTABLE Governance Processes and Organizational Structures for Information Management Custom Research Brief Research Associate Lauren Edmonds Research Manager Priya Kumar
More informationNAIT Guidelines. Implementation Date: February 15, 2011 Replaces: July 1, 2008. Table of Contents. Section Description Page
Recommended by Emergency Preparedness Committee: January 26, 2011 Recommended by President s Council: February 11, 2011 Approved by Executive Committee: February 14, 2011 NAIT Guidelines CS1.1 Emergency
More informationCONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT
CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT April 16, 2014 INTRODUCTION Purpose The purpose of the audit is to give assurance that the development of the Metropolitan Council s Continuity
More informationAUDIT OF INFORMATION TECHNOLOGY Management (Action Plan) Responses February 2005 # PRIORITY DESCRIPTION MANAGEMENT RESPONSE
AUDIT OF INFORMATION TECHNOLOGY Management (Action Plan) Responses February 2005 # PRIORITY DESCRIPTION MANAGEMENT RESPONSE Ref: Chapter 3.1 GOVERNANCE FRAMEWORK Information Technology Steering Committee
More informationUNIVERSITY OF CALIFORNIA, DAVIS INTERNAL AUDIT SERVICES
, DAVIS INTERNAL AUDIT SERVICES University of California, Davis, Health System Financial Services Payroll Processing Project #09-23 December 2008 Fieldwork Performed by: Amy Holzman, Senior Auditor Dahling
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationPROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management
PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE This Framework has been developed in support of both the Business Continuity and Crisis Management Policy and the Emergency and Fire Evacuation
More informationBUSINESS CONTINUITY PLANNING
Policy 8.3.2 Business Responsible Party: President s Office BUSINESS CONTINUITY PLANNING Overview The UT Health Science Center at San Antonio (Health Science Center) is committed to its employees, students,
More informationDepartment of Information Technology Software Change Control Audit - Mainframe Systems Final Report
Department of Information Technology Software Change Control Audit - Mainframe Systems Final Report March 2007 promoting efficient & effective local government Introduction Software change involves modifications
More informationJanuary 25, 2016. Dr. Hobson Wildenthal, President ad interim Ms. Lisa Choate, Chair of the Institutional Audit Committee:
Office of Internal Audit 800 W. Campbell Rd. SPN 32, Richardson, TX 75080 Phone 972-883-4876 Fax 972-883-6846 January 25, 2016 Dr. Hobson Wildenthal, President ad interim Ms. Lisa Choate, Chair of the
More informationIT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010
IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-34 October 13, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret
More informationREPORT NO. 2010-009 AUGUST 2009 SOUTH FLORIDA COMMUNITY COLLEGE. Operational Audit
REPORT NO. 2010-009 AUGUST 2009 SOUTH FLORIDA COMMUNITY COLLEGE Operational Audit For the Fiscal Year Ended June 30, 2009 BOARD OF TRUSTEES AND PRESIDENT Members of the Board of Trustees and President
More informationUNIVERSITY OF NEVADA, LAS VEGAS COLLEGE OF HOTEL ADMINISTRATION Internal Audit Report July 1, 2010 through March 31, 2011
UNIVERSITY OF NEVADA, LAS VEGAS COLLEGE OF HOTEL ADMINISTRATION Internal Audit Report July 1, 2010 through March 31, 2011 GENERAL OVERVIEW The William F. Harrah College of Hotel Administration offers an
More informationApril 2010. promoting efficient & effective local government
Department of Public Works and Environmental Services Department of Information Technology Fairfax Inspections Database Online (FIDO) Application Audit Final Report April 2010 promoting efficient & effective
More informationPerformance Audit Concurrent Review: ERP Pre-Solicitation
Performance Audit Concurrent Review: ERP Pre-Solicitation April 2002 City Auditor s Office City of Kansas City, Missouri 24-2001 April 10, 2002 Honorable Mayor and Members of the City Council: We conducted
More informationIncident Response Team Responsibilities
Scope Any incidents that originate from, are directed towards, or transit Department of Earth and Planetary Sciences controlled computer or network resources will fall under the purview of this Incident
More information2007 Follow-Up Report on the Audit of Information Technology January 2005
2007 Follow-Up Report on the Audit of Information Technology January 2005 Natural Sciences & Engineering Research Council of Canada & Social Sciences & Humanities Research Council of Canada October 2007
More informationRollins College Strategic Marketing Guidelines
Rollins College Strategic Marketing Guidelines Role of the Strategic Marketing Team The Rollins College Strategic Marketing Initiative was designed to provide a substantial means to increase the visibility
More informationDomain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services
Service Level Agreement Page 1 of 7 Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services 1. Agreement This agreement is to define Domain Name Service (DNS) provided
More informationVendor Management. Outsourcing Technology Services
Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring
More informationJuly 2012 Report No. 12-045. An Audit Report on The ReHabWorks System at the Department of Assistive and Rehabilitative Services
John Keel, CPA State Auditor The ReHabWorks System at the Department of Assistive and Rehabilitative Services Report No. 12-045 The ReHabWorks System at the Department of Assistive and Rehabilitative Services
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationHealthcare Technology Audit Basics. Session Objectives
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More information3/17/2015. Healthcare Technology Audit Basics. Session Objectives. Jennifer McGill, CIA, CISA, CGEIT April 20, 2015
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More informationEPA Non Faculty Salary Structure. Reference Rate Max Job Family Definition
AA 1 Unused ~ Reserved for Future Use I Unused AA 2 Associate Vice Chancellors, Associate Provosts, II $128,100 $204,900 $300,400 Vice Provosts A1 Academic Administration/University Programs I $81,800
More informationIT DISASTER RECOVERY SAN FRANCISCO STATE UNIVERSITY. Audit Report 11-32 August 25, 2011
IT DISASTER RECOVERY SAN FRANCISCO STATE UNIVERSITY Audit Report 11-32 August 25, 2011 Members, Committee on Audit Henry Mendoza, Chair Melinda Guzman, Vice Chair Margaret Fortune Steven M. Glazer William
More informationDisaster Recovery Planning
Mission Statement To improve the quality of life in Phoenix through efficient delivery of outstanding public services. Disaster Recovery Planning Information Technology Services December 11, 2012 Project
More informationThe R ole of Internal Audit in the Control E nvironment
The R ole of Internal Audit in the Control E nvironment Wanda Lynn Riley Chief Audit Executive Audit and Advisory Services University of California, Berkeley Internal auditing is an independent, objective
More informationDATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, CHICO. Audit Report 12-35 October 19, 2012
DATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, CHICO Audit Report 12-35 October 19, 2012 Henry Mendoza, Chair William Hauck, Vice Chair Lupe C. Garcia Steven M. Glazer Hugo N. Morales Glen O. Toney
More informationDistrict Annual Unit Review
District Annual Unit Review Operations & Information Technology Sean James 2014 2100 Chester Avenue, Bakersfield, CA 93301 Definition of a Support Services Department/Unit For purposes of this planning
More informationThe University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1
Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4
More informationColumbus City Schools Office of Internal Audit
Information Technology Disaster Recovery Plan Review Report Date: March 24, 2011 Internal Audit Mission Statement To support the overall mission of the Columbus City Schools by providing quality management
More informationUndergraduate Degree Map for Completion in Four Years
Page 1 of 5 Undergraduate Degree Map for Completion in Four Years College: College of Arts and Humanities Department: Arts and Humanities Dean's Office Name of Program: LIBERAL STUDIES Degree Designation:
More informationFAQs Cal State Online
FAQs Cal State Online 1. What is Cal State Online? Cal State Online is a coordinated systemwide collection of services that not only support the delivery of online programs from systemwide campuses but
More informationISO 20000-1:2005 Requirements Summary
Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service
More informationCURRICULUM CHANGE PROCEDURES FOR THE CSUF CATALOG
CURRICULUM CHANGE PROCEDURES FOR THE CSUF CATALOG COURSE AND CURRICULUM CHANGE PROCEDURES: Request for New Undergraduate Course: A request for a new undergraduate course is made through the submission
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationAcademic Policy Series 1622.30. Centers and Institutes
Introduction Centers and Institutes Centers and institutes are important components of the academic, research, and service mission of the University of Arkansas. Centers 1 can traverse the boundaries of
More informationReview of Information Technology s Data System Backup and Disaster Recovery Process Page 2 of 10 September 30, 2013
Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included
More informationMANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION
MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit
More informationESXi Cluster Services - SLA
1 General Overview This is a Service Level Agreement ( SLA ) between the customer and IST Infrastructure Services (IST-IS) to document: The technology services IST-IS provides to the customer The targets
More informationINSTITUTIONAL QUALITY ASSURANCE POLICY
INSTITUTIONAL QUALITY ASSURANCE POLICY Approval: Responsibility: Contact Office: University Senate; Ontario Universities Council on Quality Assurance (Quality Council) Provost and Vice President Academic
More informationUNIVERSITY OF CALIFORNIA Office of Academic Personnel Academic Personnel Manual (APM) Policy Development Process Guide
Overview The at the University of California Office of the President manages the Academic Personnel Manual (APM) policy development process from inception to issuance on behalf of the Provost and Executive
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationEmergency Management Plan 2 0 1 3-2 0 1 4
Emergency Management Plan 2 0 1 3-2 0 1 4 Bedford Campus Lowell Campus Emergency Management Plan 1 Table of Contents Emergency Management Planning................................2 Emergency Management
More informationAdministrative Procedure
Administrative Procedure Number: 707 Effective: 5/13/2011 Supersedes: INTERIM Page: 1 of 11 Subject: RECORDS RETENTION, MANAGEMENT, AND DISPOSITION PROGRAM 1.0. PURPOSE: 1.1. To establish and administer
More informationFINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001
FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems
More informationUniversity of California Regents Policy 7702 Senior Management Group Performance Management Review Process
Senior Management Group Performance Management Review Process Approved July 17, 2008 Amended September 16, 2010 and March 29, 2012 Responsible Officer: Vice President Human Resources Responsible Office:
More informationAudit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member
City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent
More informationFY16 Annual Risk Assessment and Internal Audit Plan
Internal Audit Program Planning Report FY16 Annual Risk Assessment and Internal Audit Plan May 2014 Approved Barry Long, Director Internal Audit & Advisory Services Table of Contents I. SUMMARY... 2 II.
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationIT Contingency Planning: IT Disaster Recovery Planning
IT Contingency : IT Disaster Recovery Introduction CONTINGENCY PLANNING GUIDELINES FOR TABLE-TOP EXERCISE A tabletop exercise is a focused practice activity that places the participants in a simulated
More information2012 Audit Plan. Finance, Audit and Facilities Committee Board of Regents. November 2011 ATTACHMENT
2012 Audit Plan Finance, Audit and Facilities Committee Board of Regents November 2011 ATTACHMENT Table of Contents Executive Summary...1 2012 Audit Plan...2 Analysis of Coverage of University Auditable
More informationNEW YORK STATE RACING AND WAGERING BOARD QUALITY OF INTERNAL CONTROL CERTIFICATION OFFICE OF THE NEW YORK STATE COMPTROLLER
Thomas P. DiNapoli COMPTROLLER OFFICE OF THE NEW YORK STATE COMPTROLLER DIVISION OF STATE GOVERNMENT ACCOUNTABILITY Audit Objective... 2 Audit Results - Summary... 2 Background... 2 Audit Findings... 3
More informationWHERE IS THE DEPARTMENT RIGHT NOW?
STATEMENT OF PATRICIA A. DALTON DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF LABOR BEFORE THE SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS EDUCATION AND THE WORKFORCE COMMITTEE U.S. HOUSE OF REPRESENTATIVES
More informationPlanning/Administrative. Management & Organization. Application Level Accuracy and Completeness. EDI Systems Audit Program
EDI Systems Audit Program A Planning/Administrative 1 Review the Letter of Understanding and create the APM (Audit Planning Memorandum) accordingly. A-1 DB 02/03 2 Gain a high-level understanding of Auditee
More information2) Marshal and leverage available resources (financial or other) to help advance the unit s and University s mission.
Operations Manager Position Architecture Purpose The purpose of the Operations Manager (OM) is to: 1) Ensure that each assigned unit s faculty, students and staff receive high quality administrative support
More informationEQUIPMENT INVENTORY AUDIT MAY 21, 2013. INTERNAL AUDIT DEPARTMENT BOX 19112 ARLINGTON, TX 76019-0112 817-272-0150 www.uta.
EQUIPMENT INVENTORY AUDIT MAY 21, 2013 INTERNAL AUDIT DEPARTMENT BOX 19112 ARLINGTON, TX 76019-0112 817-272-0150 www.uta.edu/internalaudit MEMORANDUM: June 17, 2013 SUBJECT: cc: Dr. Ronald L. Elsenbaumer,
More informationCommunication Plan. Information Technology Services UC Santa Cruz. Updated November 2010 Version 1.4. Author: Lisa Bono
Communication Plan Information Technology Services UC Santa Cruz Updated November 2010 Version 1.4 Author: Lisa Bono Table of Contents TABLE OF CONTENTS... I 1 PURPOSE... 1 2 GOALS AND OBJECTIVES...2 3
More informationBusiness Continuity Plans
Version Number Issue 2 Business Continuity Policy Date Revision Complete Policy Owner Author Reason for Revision Proof Read April 2016 Business Improvement Manager Emma Earle, Business Services Officer
More informationState University System Market Tuition Proposals. 14.3001 14.0901 43.0302 3 Has the program been approved pursuant to Regulation
Market Tuition Proposals University: Florida International University Proposal 1 Proposal 2 Proposal 3 Online Masters of Science in Online Masters of Science in Master of Arts in Engineering Management
More informationSENSITIVE DATA SECURITY AND PROTECTION CALIFORNIA STATE UNIVERSITY, LOS ANGELES. Audit Report 11-52 January 3, 2012
SENSITIVE DATA SECURITY AND PROTECTION CALIFORNIA STATE UNIVERSITY, LOS ANGELES Audit Report 11-52 January 3, 2012 Henry Mendoza, Chair Melinda Guzman, Vice Chair Margaret Fortune Steven M. Glazer William
More informationTHE UNIVERSITY OF TEXAS AT DALLAS Office of Audit & Compliance 800 West Campbell Rd., ROC 32, RICHARDSON, TX 75080 (972) 883-2233
THE UNIVERSITY OF TEXAS AT DALLAS Office of Audit & Compliance 800 West Campbell Rd., ROC 32, RICHARDSON, TX 75080 (972) 883-2233 April 18, 2014 Dr. Daniel, We have completed an audit over Contracts as
More informationPARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY
PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY CONTENTS INTRODUCTION... 1 PURPOSE... 1 POLICY... 1 DEFINITIONS... 1 RESPONSIBILITY... 1 RELATED DOCUMENTATION...
More informationJacksonville State University All Hazards - Continuity of Operations Plan (COOP)
Jacksonville State University All Hazards - Continuity of Operations Plan (COOP) Instructions: To be better prepared, all JSU departments and units may use this form to complete a Continuity of Operations
More informationAudit Report OFFICE OF INSPECTOR GENERAL. The Farm Credit Administra on s Risk Project A 16 01. Auditor in Charge Tori Kaufman. Issued March 31, 2016
OFFICE OF INSPECTOR GENERAL Audit Report The Farm Credit Administra on s Risk Project A 16 01 Auditor in Charge Tori Kaufman Issued March 31, 2016 FARM CREDIT ADMINISTRATION Farm Credit Administration
More information1.1 Terms of Reference Y P N Comments/Areas for Improvement
1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational
More informationGOALS, ACTION PLANS, ASSESSMENT
2012-13 GOALS, ACTION PLANS, ASSESSMENT Program/Unit/ Area: Information Technology & Institutional Research () Preparer: Bina Isaac Supervisor: Superintendent/President FY 2012/2013 Program Goal Unit Goal
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Corrective Actions to Address the Disaster Recovery Material Weakness Are Being Completed June 27, 2011 Report Number: 2011-20-060 This report has cleared
More informationTHE UNIVERSITY OF TEXAS AT TYLER
THE UNIVERSITY OF TEXAS AT TYLER The University of Texas at Tyler 3900 University Boulevard Tyler, Texas 75799 Table of Contents I. Compliance with House Bill 16.. 2 II. Internal Audit Plan for Fiscal
More informationREPORT TO MANAGEMENT ON REVIEW OF DISASTER RECOVERY PLAN LAMAR INSTITUTE OF TECHNOLOGY
REPORT TO MANAGEMENT ON REVIEW OF DISASTER REOVERY PLAN LAMAR INSTITUTE OF TEHNOLOGY DEEMBER 2002 LAMAR INSTITUTE OF TEHNOLOGY TABLE OF ONTENTS Fiscal Year TABLE OF ONTENTS TRANSMITTAL LETTER...3 EXEUTIVE
More informationCampus Network Planning and Technical Assistance Overview
Campus Network Planning and Technical Assistance Overview WHAT IS THE PURPOSE OF A NETWORK? Networks are part of the California College Pathways (CCP) Initiative s strategy to expand college and career
More information