Afundamental requirement for effective auditing is to
|
|
- Frederica Murphy
- 7 years ago
- Views:
Transcription
1 FEATURE Information Technology Auditing and Facilitated Control Self-assurance By Ken Doughty, CISA, CBCP, and John O Driscoll, CISA, CIA Afundamental requirement for effective auditing is to provide an opinion to the executive team and the board audit committee on the adequacy of the internal control framework operating within the organisation s information technology and telecommunications (IT&T) environment. This requirement, while ongoing, may have specific meaning at some point, e.g., financial year-end when management is required to sign off on the end of year accounts. IT auditors have used a range of audit methodologies and techniques to support their audit opinions. This paper will outline an approach recently utilised within a financial services organisation to provide an annual assessment of the IT&T internal control framework. The approach used is based on a set of internationally recognised IT service delivery and support process models called ITIL (Information Technology Infrastructure Library) and relies extensively on the use of control self-assurance (CSA) workshops facilitated by IT audit staff. This approach can be applied with equal success to internal and outsourced IT&T environments. CSA is a risk management program where risks and controls are examined and assessed to provide reasonable assurance to management that business objectives will be met. IT management and staff involved in the delivery of services and products to an organisation participate in all phases of the process. For CSA to be effective it must have support from IT&T management and staff. The strengths of this approach are that it: Engages stakeholders in the review process Provides an end-to-end process perspective Increases participants knowledge and understanding of their processes and potential risk exposure Provides process participants with an opportunity to air common concerns and participate in process improvement Preparation Training and ITIL Certification A certified ITIL trainer presents a three-day in-house training program on ITIL. The training participants include all internal IT auditors and representatives from the organisation s external auditors, IT department and IT&T service providers. The training program also incorporates a number of teambuilding activities. At the end of the three-day training program, all the attendees have completed the ITIL Foundation Level Certification examination. The main reason for inviting representatives outside of the organisation s IT audit department is to establish and maintain an open and trusted relationship with all stakeholders. Further, it helps gain acceptance of the new approach being adopted. Senior Buy-in A number of presentations are made to senior management within the organisation and the IT&T service providers to explain the purpose and approach and gain their acceptance. A brochure to aid the communication on the purpose and context of the process is prepared and distributed to all key stakeholders. ITIL Processes The IT&T environment covers a large range of processes that deliver services and products to the organisation. To ensure there is effective coverage of the IT&T environment in using FCSA (facilitated control self-assurance), the auditor utilises a best practice IT framework with defined supporting processes. One such framework with well-defined supporting processes is ITIL ( a series of best practice guidelines in IT management. Developed in the late 1980s when IT professionals gathered to develop a comprehensive life cycle for all areas of IT service management, it created a common set of terminology for the IT team to put services into business terms and align them with key objectives. This nonproprietary framework consists of a number of interrelated processes that provide an end-to-end perspective to IT&T service provision, with the aim to drive continuous improvement. Today, many industry leaders recognise ITIL as the de facto world standard in IT service management. management is defined by ITIL as the process of maintaining and gradually improving business-aligned IT service quality, through the constant cycle of agreeing, monitoring, reporting and reviewing IT service achievements and through instigating actions to eradicate unacceptable levels of service. Since the mid-1990s, ITIL has had a proven track record with corporations and governments worldwide, such as Microsoft, Procter & Gamble, AXA and ABN AMRO. The benefits of using ITIL include: IT services meeting business requirements, i.e., the IT effort is focused on assisting the organisation achieve its strategic objectives Improved efficiency and quality of service delivery Clear understanding of service delivery and support priorities
2 Improved relationship among customers, IT and vendors Improved lines of communication between IT and its customers Monitoring of service delivery which facilitates the identification of areas of process weakness ITIL is particularly effective in an outsourcing environment, where a business relationship between IT&T supplier(s) and customers aims to provide an optimal balance between highquality services and controlled costs. Figure 1 indicates the interrelationships among service delivery, service support, application management, infrastructure management and the business perspective. Delivery The Business Perspective Figure 1 The ITIL Jigsaw Applications Support Infrastructure The ITIL service delivery process model is set out in figure 2 and further description of each component is included in table 1. Figure 2 ITIL Delivery Process Model Table 1 ITIL Component Goal level To maintain and gradually improve businessmanagement aligned IT service quality through a constant cycle of agreeing, monitoring, reporting and reviewing IT service achievements and through instigating actions to eradicate unacceptable levels of service Availability To optimise the capability of IT infrastructure management and supporting organisation to deliver a costeffective and sustained level of availability that enables the business to satisfy its objectives Capacity To understand the future business management requirements (the required service delivery), the organisation s operation (the current serviced delivery), the IT infrastructure (the means of service delivery), and ensure that all current and future capacity and performance aspects of the business requirements are provided cost-effectively Financial To provide cost-effective stewardship of the management IT assets and the financial resources used in for IT services providing IT services IT service To support the overall business continuity continuity management process by ensuring that the required IT technical and services facilities can be recovered within required and agreed business time-scales Figure 3 describes the ITIL service support process model. Each component is broken down in table 2. Figure 3 ITIL Support Process Model The Organisation, Customers and Users The Organisation, Customers and Users Level Availability Capacity Incident Problem Change Financial IT Continuity Release Configuration
3 Table 2 Figure 4 ITIL Component Goal Incident To restore normal service operation as management quickly as possible with minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained Problem To minimise the adverse effect on the business management of incidents and problems caused by errors in the infrastructure, and to proactively prevent the occurrence of incidents, problems and errors Change To ensure that standardised methods and management procedures are used for efficient and prompt handling of all changes, to minimise the impact of any related incidents upon service Release To take a holistic view of change to an IT management service and ensure that all aspects of a release, both technical and nontechnical, are considered together Configuration To provide a logical model of the IT management infrastructure by identifying, controlling, maintaining and verifying the versions of all configuration items in existence There are two other critical supporting processes to the ITIL service management model that the auditor needs to be aware of when using ITIL as the best practice IT management framework: service desk and security (table 3). ITIL Component desk Security Table 3 Goal To act as the central point of contact between the user and IT service management; to handle incidents and requests and provide an interface for other activities such as change, problem, configuration, release service level, and IT service continuity management To manage the defined level of security on information and IT services FCSA s Facilitated CSA workshops are conducted by the auditor to assist IT&T management and staff in identifying risks, assessing the control environment and developing a service improvement plan (SIP) to mitigate the risks. Structure To facilitate workshop participation and outcomes, the participants should receive a handout describing the FCSA process (figure 4) including the tools being used in the WORKSHOP PARTICIPANTS RESPONSE TO STATEMENTS IDENTIFY CONTROL RISKS Overview of FCSA Process DEVELOP PROCESS CONTROL STATEMENTS PROCESS RISK AND CONTROL PROFILE DEVELOP SERVICE IMPROVEMENT PLAN SELF- ASSURANCE CONFIRM CONTROL EFFECTIVENESS REPORT RESULTS workshop. This information is important, as it will assist in alleviating any misconception the workshop participants may have about the workshops and its outcomes. It is important to remember that the workshops should be structured to include: An introduction (overview of workshop process, tools and a clearly defined purpose and context) A description of the IT&T process to be covered A description of the process (e.g., problem management) to capture responses from participants (i.e., information) feedback (i.e., outcomes) The way forward Experience shows that: The workshop duration should not be more than two hours, as it requires a large amount of concentration by participants. The number of workshop participants should be between five and nine. statements should be limited to a maximum of 25. The workshop should be held in a closed room to minimise disruptions. Participants It is important that the appropriate participants are selected to attend all workshops. The participants should include IT&T management and staff, including the IT&T department managers and senior/experienced staff members who are involved in the delivery of services and products to the organisation. It is critical that they know their processes and are empowered to implement the appropriate controls. The IT&T department managers are selected, as they are the process owners. They have the accountability for managing the IT&T risks on a day-to-day basis. They must take ownership of the information technology risk and control processes and proactively manage these over time.
4 Statements and Assessment Criteria One of the critical parts of the FCSA is developing the statements to be asked of the workshop participants for response. The statements are developed using information technology best practice standards for service delivery and support. Up to 25 statements per process form the basis of the FCSA workshops. Individual workshop participants are asked to respond to each statement using the following seven-point scale: Strongly disagree Slightly disagree Neither agree or disagree Slightly agree Strongly agree In particular, the answers from participants should elicit discussion based upon their knowledge of and experience with the processes. An example of a statement in relation to problem management is: There are clear criteria for prioritising a problem. Tool (Optional) In this approach, an anonymous voting tool is used during each workshop. Each participant uses a separate keypad to vote on each statement. A bar chart analysis of all responses is displayed after each statement. This promotes open discussion and drives suggestions for process improvement. The outcome of the discussion, i.e., the process risk and control issues, are clearly identified and recorded. Facilitator It is essential that the workshop facilitator is an experienced IT audit practitioner with strong communication skills. The quality of information collected in the workshops is dependent upon the facilitator gaining the participants confidence in their ability to manage the workshop. Further, the facilitator will be required to clarify and elicit additional information as needed, based upon the participants responses to the statements. Deliverables Documentation Each workshop requires a resource to document the risk and control issues from the discussions based upon the participants responses to the statements. It is important that the resource also is an experienced IT audit practitioner as this person will assist and support the workshop facilitator seeking clarification of responses that may otherwise have been either misunderstood or not clearly enunciated. From the responses collected for each workshop, a detailed worksheet is prepared. The worksheet details the following information: participants names, job titles and contact details (this will facilitate follow-up) Responses to each statement (option finder) Risk and control issues discussed Analysis of responses (detailed information of process control issues) Figure 5 Response Strongly 2 2 Slightly 1 Neither nor Slightly Control Issues Miscategorisation of severity level by help desk staff Severity levels definitions are too broad Severity levels definitions are too loosely applied Customers insist on making all issues a severity level Strongly 0 Details from participants in support of their responses Improvement Help desk staff to receive greater training to meet operational requirements Existing severity level definitions to be reviewed and revised where appropriate Guidelines for the application of severity levels to be developed, documented and training given to staff on application Communications plan to be developed to educate users on severity levels Total No. of Responses 8 Recommendations to address issues
5 Figure 5 is an example of a workshop worksheet with a participant s response to a specific statement in relation to problem management. The statement used for the example is There are clear criteria for prioritising a problem. Audit Testing If evidence is required to support the workshop outcomes, then audit testing may be performed, particularly where the radar map (refer to the section of this article) indicates that the IT&T service provider exceeds the benchmark. The extent and type of testing performed, i.e., compliance and/or substantive, are dependent upon the level of comfort required to support the workshop outcomes. Experience has shown that if the IT&T service provider has failed to meet or exceed the benchmark, then additional evidence to support the workshop outcome is not required. Action Plans Action plans are developed based on the outcome of each workshop. It is essential that these plans are agreed upon and accepted by the appropriate parties. Figure 6 indicates the process model utilised in the FSCA. Audit IT Provider Figure 6 Audit IT Provider Figure 7 Improvement Plan Process Problem Control/ Issue 1. Miscategorisation of severity level by help desk staff 2. Severity level definitions are too broad 3. Severity level definitions are too loosely applied 4. Customers insist on making all issues a severity level 1 Impact H High M Medium L - Low H M H L Improvement Action 1. Help desk staff are to receive additional training to meet operational requirements. 2. Existing severity level definitions are to be reviewed and revised where appropriate. 3. Guidelines for the application of severity levels are to be developed, documented and training given to staff on application. 4. A communications plan is to be developed to educate users on severity levels. Target Date 30 June 1 May 30 June 1 May FCSA & SIP Documentation of control issues Determine if tesing required Prepare recommendations for improvement Review Docs for accuracy & completeness. Response to recommendations Review response, & prepare Improvement Plan (SIP) & Audit Report & SIP Review & approve for issue & SIP Executive & IT Provider Improvement Plan A service improvement plan (SIP) provides the necessary details upon which the IT&T service provider can act. IT provides details of the control issue and the agreed-upon action to be taken to address the issue and names the designate who has responsibility for implementing the agreed action and the target date for implementation (see figure 7). After working through the control issues and responses with the IT&T service provider, a report is prepared. A radar map is used in the executive summary to assist executive management to gain an understanding of the issues without having to read all the detail that supports the auditor s opinion. A radar map provides a high-level overview assessment of the results of FCSA. Figure 8 Audit Rating Scale Rating Description 5 Unsatisfactory The auditable activity was not in compliance with policies, systems and procedures. Major risks were identified that have adversely impacted the auditable activity s contribution to the organisation s strategies. 4 The auditable activity was not always in compliance with Needs improvement policies, systems, and procedures. Major risks were identified which adversely impact or are likely to adversely impact the auditable activity s contribution to the organisation s core strategies. 3 The auditable activity was generally in compliance with Average policies, systems, and procedures. Some control deficiencies were identified that, if not promptly corrected, may lead to major risks adversely impacting the auditable activity s contribution to the organisation s core strategies. 2 The auditable activity was in compliance with Good policies, systems, and procedures. Some control deficiencies were identified but these did not/are not expected to lead to major risks or adversely impact the auditable activities contribution to the organisation s core strategies. 1 The auditable activity has achieved its goals and Commendable objectives. The auditable activity was in compliance with policies, systems, and procedures. No control deficiencies that would hinder the attainment of goals and objectives of the organisation were identified.
6 The workshop results are converted into a standard fivepoint audit scale to provide consistency for all audit reports within the organisation (see figure 8). The following is a hypothetical example of what can be expected from this type of review. An arbitrary audit rating benchmark is set, say 2.5. The radar map indicates where the IT&T service provider s performance is for each ITIL process. Two colours are used to indicate performance. Green means it meets or exceeds benchmark, and red means it failed to meet or achieve the benchmark. Figure 9 indicates that two processes exceeded the benchmark and identifies a number of processes that require further remediation or improvement to achieve or exceed the benchmark. Continuity Security Figure 9 Internal Control Framework Assessment Incident Problem Change Support Processes Everyone involved in the review has been very positive about the approach used, and the value of the outcomes. This approach should be considered as a key strategy in the delivery of IT audit services to an organisation. References IT IT Forum Ltd ISBN Ken Doughty, CISA, CBCP is executive audit manager, IT&T Commonwealth Bank Group. He has more than 20 years IS audit experience with more than 10 years business continuity experience in the public and private sectors. He speaks regularly at seminars and conferences in Australia and internationally. He also has published papers on IS auditing and business continuity in Australia and the US. He can be reached at doughtke@cba.com.au. John O Driscoll, CISA, CIA is executive audit manager, IT&T Commonwealth Bank Group. He has more than 15 years IS audit experience in the public and private sectors. He regularly speaks at security and IS audit seminars and conferences and presents training courses on behalf of ISACA and IIA Sydney chapters. He can be reached at john.odriscoll@cba.com.au. Financial Delivery Processes Release Copyright K. Doughty, J. O Driscoll 2002 Capacity Configuration Level Availability Areas of Risk Exceeded Benchmark Conclusion The use of FCSA workshops with an industry-recognised IT best practice process model provides a valid assessment of the internal control framework of the IT&T environment which meets the demands of the organisation s senior executives. The experience of using FCSA for IT auditing that was documented in this article has resulted in a saving of more than 35 percent in resources and time for this type of audit compared to a traditional approach. While this is impressive, the biggest benefit resulted from the enthusiastic acceptance of the approach by the organisation s IT&T service providers and key stakeholders. Commitment to resolving control deficiencies and implementing process improvement has been outstanding at the workshop participant and senior management level. Some of the comments the organisation has received regarding the use of this approach include: The processes and tools used encouraged transparency, collaboration and contribution from all parts of the organisation involved. The report and related documents are of excellent quality and easily provide a basis for our organisation to progress with improving critical areas and there were many areas identified that span the end-to-end service delivery process.
The ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner.
1. ITIL Defined The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom s Office Of Government Commerce (OGC). The guidance, documented in a set of
More informationThe ITIL Story White Paper
The ITIL Story White Paper Produced By: Pink Elephant Version: 3.3 Date of Publication: September, 2004 Table of Contents 1. ITIL Defined... 3 2. Non-Proprietary... 4 3. Concepts Behind The Library...
More informationThe ITIL v.3. Foundation Examination
The ITIL v.3. Foundation Examination ITIL v. 3 Foundation Examination: Sample Paper 3, version 3.0 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. There are no trick questions.
More informationIS Audit and Assurance Guideline 2202 Risk Assessment in Planning
IS Audit and Assurance Guideline 2202 Risk Assessment in Planning The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
More informationITIL & PROCESSES. Basic Training
ITIL & PROCESSES Basic Training ITIL ITIL = IT Infrastructure Library The ITIL describes the processes that need to be implemented in an organization in the area of management, operations and maintenance
More informationISO 20000-1:2005 Requirements Summary
Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service
More informationI.T. Service Management
I.T. Service Management The ITIL approach to service delivery Gerald O Sullivan Human Sciences Research Council egovernment challenges Measurable egovernment value Lowering service delivery costs Increased
More informationThe Value of ITIL to IT Audit
The Value of ITIL to IT Audit HP Suen Chairman 9 August 2005 IT Infrastructure Library 1 ITIL Best practice in IT Service management, developed by Office of Government Commerce (OGC), UK in the late 1980s.
More informationG13 USE OF RISK ASSESSMENT IN AUDIT PLANNING
IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply
More information2. Encourage the private sector to develop ITIL-related services and products (training, consultancy and tools).
ITIL Primer [ITIL understanding and implementing - A guide] ITIL - The Framework ITIL is the IT Infrastructure Library, a set of publications providing descriptive (i.e., what to do, for what purpose and
More informationITIL applied to Network Operations
ITIL applied to Network Operations ITIL: Information Technology Infrastructure Library A set of specifications to help IT manager and FTE achieve good services delivery to their users ITIL provides a comprehensive
More informationHP Mission Critical Partnership HP Customer Support Contractual Services
HP Mission Critical Partnership HP Customer Support Contractual Services HP Mission Critical Partnership is ideal where any disruption to the IT infrastructure would have an impact on the financial position
More informationCASE STUDY: Oxford University Press SECTOR: Publishing ISO/IEC 20000 a milestone for continued success at OUP
CASE STUDY: Oxford University Press SECTOR: Publishing ISO/IEC 20000 a milestone for continued success at OUP MSM integrated IT Service Management software solutions have been adopted by organisations
More informationLocation of the job: CFO Revenue Assurance
JOB PROFILE Title of position: Manager: Revenue Assurance Operations Number of subordinates: 5-10 Location of the job: CFO Revenue Assurance Level: 3 Position Code: Time span: 2-3 years Key Performance
More informationIT Change Management Policy
Date of effect 24 November 2011 Approval Vice Chancellor Documents replaced by this N/A policy Procedures and/or guidelines supporting this policy A. Introduction Purpose IT Change Management Policy 1.
More informationIT SERVICE MANAGEMENT. An Overview
ITSM White Paper IT SERVICE MANAGEMENT An Overview ISSUE 2 Uncontrolled Document Michael Davies Principal Consultant ProActive Services Pty Ltd Head Office: NSW: New Zealand Level 4, 60 Albert Road South
More informationITSM. Maturity Assessment
ITSM 2012 Maturity Assessment Table of Contents Introduction... 2 What is ITSM?... 2 What is ITIL... 2 Is ITS doing ITSM today?... 3 Where is ITS in relation to ITIL best practices?... 3 Readiness and
More informationRole Description Curator - Digital Assets
Role Description Curator - Digital Assets Cluster Agency Division/Branch/Unit Location Department of Planning & Environment Sydney Living Museums Collections & Access The Mint Classification/Grade/Band
More informationTelstra Service Management Framework. Your assurance of first-class network support
Telstra Service Framework Your assurance of first-class network support The Service Framework delivers comprehensive, integrated support Service Frame work SERVICE IMPROVEMENT & REPORTING Performance &
More informationIs ITIL All Theory and No Practice?
Is ITIL All Theory and No Practice? Carolyn M. Hennings PMP, IT Service Manager ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered
More informationTutorial: Towards better managed Grids. IT Service Management best practices based on ITIL
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
More informationThe ITIL Service Desk. Common Sense Comes To Life. Version : 1.3 Date : August 13, 2003 : Pink Elephant Global Hosting Services www.pinkghost.
The ITIL Service Desk Common Sense Comes To Life Version : 1.3 Date : August 13, 2003 Location : Pink Elephant Global Hosting Services Table Of Contents 1 ITIL DEFINED... 3 2 ITIL S BUSINESS BENEFITS...
More informationPOSITION DESCRIPTION. Role Purpose. Key Challenges. Key Result Areas
POSITION DESCRIPTION Position Title Manager, Technical Services Support Position Number Reports to Manager Technology Services Functional Auth HRM Auth Region IT Services Centre Head Office Date Feb 2011
More informationService Improvement. Part 3 The Strategic View. Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil
Service Improvement Part 3 The Strategic View Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil Service Management House Customers Avail. Mgmt Capacity Mgmt Service Level Mgmt Continuity Mgmt Financial
More informationPINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER DEVELOPING AN IT SERVICE MANAGEMENT TRAINING STRATEGY & PLAN
PINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER DEVELOPING AN IT SERVICE MANAGEMENT TRAINING STRATEGY & PLAN Executive Summary Developing and implementing an overall IT Service Management (ITSM) training
More informationHousing Association Regulatory Assessment
Welsh Government Housing Directorate - Regulation Housing Association Regulatory Assessment Melin Homes Limited Registration number: L110 Date of publication: 20 December 2013 Welsh Government Housing
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationITIL Introducing service transition
ITIL Introducing service transition The goals of service transition Aligning the new or changed service with the organisational requirements and organisational operations Plan and manage the capacity and
More informationOngoing N/A TBC. Baseline
Position Title: Executive General Manager, Core Services Systems Operations Classification: SES Band 2 Position Number: 1018 Position Status (ongoing/nonongoing): Ongoing Division: Core Services Systems
More informationHow To Manage An Ip Telephony Service For A Business
Enabling organisations to focus on core revenue generating activities Your business needs reliable, flexible and secure communication tools to enable better connectivity and collaboration with your employees,
More informationService Improvement. Part 1 The Frontline. Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil
Service Improvement Part 1 The Frontline Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil Programme Overview of Service Management The ITIL Framework Incident Management Coffee Problem Management The
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationHow To Be An Itil Service Desk Manager
Job Description Job Title: Service Desk Manager Location: To be based on any site on which Leeds City College operates Vacancy Ref No: ER035 Salary: Grade LM1(Points 32-35) Commencing 31,006 with progression
More informationJob Description. Applications Analyst (BI) (BISRID_033)
Job Description Job Title: Reports to: Team: Location: Applications Analyst (BI) (BISRID_033) SAP Applications Leader BIS Nelson Job Purpose Responsible for the provision of the overall management of BI
More informationDerbyshire Constabulary
h Derbyshire Constabulary Job Description Closing Date Wednesday 28 October 205 at midday HR Service Centre Contact Rachael Stone Tel int 733 00 Extl 0300 330 330 Role Title Technical Support Manager Grade
More informationMaturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce
Maturity Model March 2006 Version 1.0 P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value Added product which is outside the scope of the HMSO
More informationRole Description Metro Operations, Data Analyst
Role Description Metro Operations, Data Analyst Cluster Agency Division/Branch/Unit Location Transport Transport for NSW Infrastructure & Services / Service Delivery & Performance / Metro Service Delivery
More informationInternal Audit Standards
Internal Audit Standards Department of Public Expenditure & Reform November 2012 Copyright in material supplied by third parties remains with the authors. This includes: - the Definition of Internal Auditing
More informationG-Cloud IV Services Service Definition Accenture Netsuite Cloud Services
G-Cloud IV Services Service Definition Accenture Netsuite Cloud Services 1 Table of contents 1. Scope of our services... 3 2. Methodology & Approach... 4 3. Assets and tools... 5 4. Pricing... 6 5. Contacts...
More information1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects
1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects b) The path to Service Delivery and Service Support for efficient and effective
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationITIL: What is it? How does ITIL link to COBIT and ISO 17799?
ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1 What is ITIL? The IT Infrastructure Library A set of books comprising an IT service management Best Practices framework An industry of products,
More informationPerformance Development Framework. NSW Public Sector
Performance Development Framework NSW Public Sector Contents Foreword 1 What is the Performance Development Framework? 2 Who does the Framework apply to? 4 What frameworks are available for managing for
More information7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers
Contents Page 1 Introduction 2 2 Objectives of the Strategy 2 3 Data Quality Standards 3 4 The National Indicator Set 3 5 Structure of this Strategy 3 5.1 Awareness 4 5.2 Definitions 4 5.3 Recording 4
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
More informationG11 EFFECT OF PERVASIVE IS CONTROLS
IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically
More informationImplementing ISO 9001
If you are faced with implementing ISO 9001, or anticipate it may soon become a requirement for your organization, keep reading. This article identifies reasons to implement the standard, summarizes its
More informationAsset Management Systems Scheme (AMS Scheme)
Joint Accreditation System of Australia and New Zealand Scheme (AMS Scheme) Requirements for bodies providing audit and certification of 13 April 2015 Authority to Issue Dr James Galloway Chief Executive
More informationPerformance Management Rating Scales
Performance Management Rating Scales When looking at Performance Management, a 5 point rating scale is the most common. A CIPD report suggests that: 47% of companies use 5 point scale 28% of companies
More informationClarity Assurance allows operators to monitor and manage the availability and quality of their network and services
Clarity Assurance allows operators to monitor and manage the availability and quality of their network and services clarity.com The only way we can offer World Class Infocomm service is through total automation
More informationFollowing up recommendations/management actions
09 May 2016 Following up recommendations/management actions Chartered Institute of Internal Auditors At the conclusion of an audit, findings and proposed recommendations are discussed with management and
More informationBCS Specialist Certificate in Service Desk & Incident Management Syllabus
BCS Specialist Certificate in Service Desk & Incident Management Syllabus Version 1.8 March 2015 BCS Specialist Certificate in Service Desk & Incident Management Syllabus Contents Change History... 2 Rationale...
More informationUMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY Originator IT Change Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director
More informationA shift in responsibility. More parties involved Integration with other systems. 2
EFFECTIVE SERVICE RELATIONSHIP MANAGEMENT ALSO INCLUES THE FOLLOWING ACTIVITIES: Today, organizations frequently elect to have certain services be provided by service vendors, also referred to as service
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationTAXREP 01/16 (ICAEW REP 02/16)
TAXREP 01/16 (ICAEW REP 02/16) January 2016 ICAEW research survey: HMRC Customer Service Standards 2015 Results of the ICAEW 2015 research survey among ICAEW smaller agents about HMRC service standards.
More informationManagement of Information Systems. Certification of Secure Systems and Processes
Management of Information Systems Certification of Secure Systems and Processes Information Security Management System (ISMS) ISO 27001 Protecting valuable information Information is an asset whose loss,
More informationILM Level 3 Certificate in Using Active Operations Management in the Workplace (QCF)
PAGE 1 ILM Level 3 Certificate in Using Active Operations Management in the Workplace (QCF) CONTENTS Qualification Overview: ILM Level 5 Award, Certificate and Diploma in Management APPENDICES Appendix
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationBCS Specialist Certificate in Change Management Syllabus
BCS Specialist Certificate in Change Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Change Management Syllabus Contents Change History... 2 Rationale... 3 Aims and Objectives...
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationService Support. 2005 Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0
Service Support Configuration Management ITIL Configuration Management - 1 Goals of Configuration Management The goals of Configuration Management are to: Account for all the IT assets and configurations
More informationITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting
ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting Date November 2011 Company UXC Consulting Version Version 1.5 Contact info@uxcconsulting.com.au http://www.uxcconsulting.com.au This summary
More informationProject Knowledge Areas
From Houston S: The Project Manager s Guide to Health Information Technology Implementation. Chicago: HIMSS; 2011; pp 27 39. This book is available on the HIMSS online bookstore at www. himss.org/store.
More informationIS AUDITING PROCEDURE CONTROL RISK SELF-ASSESSMENT (CRSA) DOCUMENT P5
IS AUDITING PROCEDURE CONTROL RISK SELF-ASSESSMENT (CRSA) DOCUMENT P5 Introduction The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards
More informationABC Organisation 360 Feedback Report Andrew Other
ABC Organisation Andrew Other Prepared By: Kiddy International Ltd. www.kiddyinternational.com Tel: +442078638877 Report Purpose This contains the results of questionnaires on the individual, completed
More informationSafety Management Systems (SMS) guidance for organisations
Safety and Airspace Regulation Group Safety Management Systems (SMS) guidance for organisations CAP 795 Published by the Civil Aviation Authority, 2014 Civil Aviation Authority, CAA House, 45-59 Kingsway,
More informationChange Management Practitioner Competencies
1 change-management-institute.com Change Management Institute 2008 Reviewed 2010, 2012 Change Management Practitioner Competencies The Change Management Practitioner competency model sets an independent
More informationDPC - Strategy and Project Delivery Unit Project Management Methodology. Updated April 2010
DPC - Strategy and Project Delivery Unit Project Management Methodology Updated April 2010 This project management methodology is designed to help SPDU staff to plan, manage and measure a successful project
More informationTable of Contents: Chapter 2 Internal Control
Table of Contents: Chapter 2 Chapter 2... 2 2.1 Establishing an Effective System... 2 2.1.1 Sample Plan Elements... 5 2.1.2 Limitations of... 7 2.2 Approvals... 7 2.3 PCard... 7 2.4 Payroll... 7 2.5 Reconciliation
More informationPosition Description
Position Description Job title Group Section Responsible to Responsibility for staff Project Coordinator Natural Resource Operations Rotorua Lakes Protection & Restoration Programme Rotorua Lakes Business
More informationRegulatory Information and Data Quality Assurance Policy
ISSUE 1.0 Page 1 of 7 Regulatory Information and Data Quality Assurance Policy Contents Policy Scope Responsibility for Data Quality and Assurance Reference Documents The Data Quality Assurance Process
More informationBusiness Intelligence Analyst. Business Intelligence Manager (BIM) 1028 Heslerton Road, Dunsandel, Canterbury
Position Reports to Business Intelligence Analyst Business Intelligence Manager (BIM) Company Synlait Milk Ltd Date: February 2013 Location 1028 Heslerton Road, Dunsandel, Canterbury Purpose Support Synlait
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationIntroduction. What is ITIL? Automation Centre. Tracker Suite and ITIL
1 Introduction The Information Technology Infrastructure Library (ITIL) aims to improve the management of IT services within the organization, for lowered costs, improved efficiency and productivity. But
More informationAchieve. Performance objectives
Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationMaster Level Competency Model
Change Manager Master Level Competency Model The Change Manager Master competency model sets an independent industry benchmark for SENIOR level change management practitioners. The model was launched in
More informationPractitioner Certificate Software Asset Management Syllabus. Version 2.0
Practitioner Certificate Software Asset Management Syllabus Version 2.0 June 2010 Practitioner Certificate in Software Asset Management The ISEB Practitioner Certificate in Software Asset Management (SAM)
More informationInternal Audit Manual
Internal Audit Manual Version 1.0 AUDIT AND EVALUATION SECTOR AUDIT AND ASSURANCE SERVICES BRANCH INDIAN AND NORTHERN AFFAIRS CANADA April 25, 2008 #933907 Acknowledgements The Institute of Internal Auditors
More informationFrameworks for IT Management
Frameworks for IT Management Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net 18 ITIL - the IT Infrastructure
More informationCENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT
Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning
More informationService Integration &
This is a DRAFT document, being published for review & comment The content is therefore subject to change & revision This document is part of the XGOV Strategic SIAM reference set Service Integration &
More informationThe integrated leadership system. ILS support tools. Leadership pathway: Individual profile EL1
The integrated leadership system ILS support tools Leadership pathway: Individual profile Executive Level 1 profile Shapes strategic thinking Achieves results Cultivates productive working relationships
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationWith Windows, Web and Mobile clients Richmond SupportDesk is accessible to Service Desk operators wherever they are.
Richmond Systems Richmond Systems is a leading provider of software solutions enabling organisations to implement enterprise wide, best practice, IT Service Management. Richmond SupportDesk is currently
More informationPREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK
MAXIMIZE PERFORMANCE AND REDUCE RISK 1 BROCHURE COMPLEXITIES IN MISSION CRITICAL SYSTEMS CONTINUE TO INCREASE Mission critical communications systems have become increasingly complex as more features and
More informationWHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101
WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101 Prepared by: Phillip Bailey, Service Management Consultant Steve Ingall, Head of Service Management Consultancy 60 Lombard Street London EC3V 9EA
More informationTransition and Transformation. Transitioning services with minimal risk
IBM Global TECHNOLOGY Servicess and Transformation ing services with minimal risk Summary To transition services is a complex process involving many issues. When outsourcing to IBM, you gain the benefit
More informationASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
More informationThe Asset Management Landscape
The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces
More informationIS Audit and Assurance Guideline 2402 Follow-up Activities
IS Audit and Assurance Guideline 2402 Activities The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationHow To Manage A Patch Management Process
PATCH MANAGEMENT: CHANGE, CONFIGURATION AND RELEASE OR SOMETHING MORE? By Grant Adams Principal Consultant Fox IT March 2007 Fox IT 2007 Page 1 of 6 PATCH MANAGEMENT Ask many IT Managers what Patch Management
More informationManaged Services INFRASTRUCTURE DESKTOP SUPPORT DATA SECURITY PROCESS MANAGEMENT CLOUD APPLICATION MANAGEMENT STRATEGIC ADVICE
Managed Services INFRASTRUCTURE DESKTOP SUPPORT DATA SECURITY PROCESS MANAGEMENT CLOUD APPLICATION MANAGEMENT STRATEGIC ADVICE At AVC, we believe ICT has the power to transform the way you do business.
More informationITIL Introducing service design
ITIL Introducing service design The objectives of service design The main objective of the service design stage can be defined as: The design of appropriate and innovative IT services, including their
More informationService Management. A framework for providing worlds class IT services
Service Management A framework for providing worlds class IT services Barry Corless MISM Slide - 1 Copyright Remarc Technologies Ltd, 2007 These course notes were produced by Remarc Service Management,
More informationNOTTINGHAMSHIRE OFFICE OF THE POLICE AND CRIME JOB DESCRIPTION. Project Manager ECINS Development and Implementation 1 year project
NOTTINGHAMSHIRE OFFICE OF THE POLICE AND CRIME JOB DESCRIPTION Job title: Department/Location: Responsible to: Manager Responsible for: Project Manager ECINS Development and Implementation 1 year project
More information-Blue Print- The Quality Approach towards IT Service Management
-Blue Print- The Quality Approach towards IT Service Management The Qualification and Certification Program in IT Service Management according to ISO/IEC 20000 TÜV SÜD Akademie GmbH Certification Body
More information