Dacorum Borough Council Final Internal Audit Report

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Dacorum Borough Council Final Internal Audit Report"

Transcription

1 Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service Support Manager Key dates: Date of fieldwork: December 2010 Date of draft report: March 2011 Receipt of responses: April 2011 Date of final report: April 2011 This report has been prepared on the basis of the limitations set out in Appendix C. This report and the work connected therewith are subject to the Terms and Conditions of the Contract between Dacorum Borough Council and Deloitte & Touche Public Sector Internal Audit Limited. The report is produced solely for the use of Dacorum Borough Council. Its contents should not be quoted or referred to in whole or in part without our prior written consent except as required by law. Deloitte & Touche Public Sector Internal Audit Limited will accept no responsibility to any third party, as the report has not been prepared, and is not intended for any other purpose. 1

2 Contents 1. EXECUTIVE SUMMARY 3 2. SCOPE OF ASSIGNMENT 5 3. ASSESSMENT OF CONTROL ENVIRONMENT 6 4. OBSERVATIONS AND RECOMMENDATIONS 7 Recommendation 1: Change Management Procedures (Priority 2) 7 Recommendation 2: Documentation of Changes (Priority 2) 8 Recommendation 3: User Requirements Analysis (Priority 2) 9 Recommendation 4: Compatibility of Systems (Priority 2) 10 Recommendation 5: Roll Back and Fault Logging Procedures (Priority 2) 11 Recommendation 6: System Testing (Priority 2) 12 Recommendation 7: Third Party Access (Priority 2) 13 Recommendation 8: Hardware Changes (Priority 2) 14 Recommendation 9: Hardware Inventory (Priority 2) 15 APPENDIX A REPORTING DEFINITIONS 16 APPENDIX B STAFF INTERVIEWED 17 APPENDIX C - STATEMENT OF RESPONSIBILITY 18 2

3 1. Executive summary 1.1. Background This audit forms part of the agreed 2010/11 Internal Audit Plan with Dacorum Borough Council. ICT Change Management is the controlled process for managing system changes within ICT to help ensure that changes are formally evaluated, tested and implemented in a controlled manner to assist in changes being applied in a consistent manner across IT systems. This helps to ensure that risks relating to system changes are mitigated to avoid conflict occurring with the existing IT environment. The Support Works system is currently used by ICT to log and manage changes to systems within the Council, this can include routine patch updates to changes in functionality of key Council service applications. The system has recently been implemented and has been used since June 2010 and replaced the previous system called Magic. The Information, Security and Standards Officer and the Service Support Manager have the responsibility for managing and approving any changes that are requested Objectives and Scope The overall objective of this audit was to assess whether the Council s systems of internal control over ICT Change Management support the control objectives set out in section 2.3. In summary, the scope covered Change Management Processes, Software Changes, Hardware Changes, Asset Management and User Management. Further detail on the scope of the audit is provided in Section 2 of the report Summary assessment Our audit of DBC s internal controls operating over ICT Change Management found that whilst there are weaknesses in design which may place some of the system objectives at risk. Our assessment in terms of the design of, and compliance with, the system of internal control covered is set out below. Evaluation Assessment Limited Testing Assessment Limited Management should be aware that our internal audit work was performed according to UK Government Internal Audit Standards which are different from audits performed in accordance with International Standards on Auditing (UK and Ireland) issued by the Auditing Practices Board. Similarly, the assessment gradings provided in our internal audit report are not comparable with the International Standard on Assurance Engagements (ISAE 3000) issued by the International Audit and Assurance Standards Board. The classifications of our audit assessments and priority ratings definitions for our recommendations are set out in more detail in Appendix A, whilst further analysis of the control environment for Data Protection and Freedom of Information is shown in Section 3. 3

4 1.4. Key findings We have raised nine priority 2 recommendations where we believe there is scope for improvement within the control environment. These are summarised below: Comprehensive change management procedures covering the management of all ICT changes have not been established. Sample audit testing identified that not all changes are documented, authorised and appropriately prioritised. A formal review of all changes that have been performed is also not carried out. Not all software changes are supported by documentation pertaining to the user requirements of the change or a business case. System compatibility is not always checked prior to implementing changes to systems. Although system snap shots are taken before changes are implemented, the need for formal Rollback Plans are not always documented and the snap shots of systems are not always retained. Audit testing identified that fault logs for system changes are not always documented. There was no evidence to confirm that system testing is undertaken prior to a change being fully implemented and closed on the system. There are currently no processes for third parties to obtain access to Council systems. Remote access requests are not always formally completed and approved. Hardware compatibility and installation is not formally checked as part of the change management process. Although hardware performance is logged, it is not always reported and monitored within the quarterly performance reports. There was no evidence to confirm that adequate support arrangements are in place to govern the support and maintenance of hardware assets. Although a PC and Server inventory is maintained, other items of hardware are not recorded on the inventory. Full details of the audit findings and recommendations are shown in Section 4 of the report Management Response We have included a summary of the management responses in our Final report. We would like to take this opportunity to thank all staff involved for their time and co-operation during the course of this audit. 4

5 2. Scope of assignment 2.1 Objective The overall objective of this audit was to assess whether DBC s systems of internal control over ICT Change Management support the control objectives set out in section Approach and methodology The following procedures were adopted to identify and assess risks and controls and thus enable us to recommend control improvements: discussions with key members of staff to ascertain the nature of the systems in operation; evaluation of the current systems of internal control through walk-through and other non statistical sample testing; identification of control weaknesses and potential process improvement opportunities; discussion of our findings with management and further development of our recommendations; and preparation and agreement of a draft report with the process owner. 2.3 Areas covered In accordance with our agreed terms of reference, our work was undertaken to cover the following system control objectives: Change Management Processes Change management procedures have been documented and the changes are handled appropriately. Software Changes Controls are in place over software change management environment. Hardware Changes Controls are in place over hardware change management environment. Asset Management Council assets are managed appropriately and unwanted hardware is disposed securely. User Management Council users are managed appropriately and are subject to the change management protocol. 5

6 3. Assessment of Control Environment The following table sets out in summary the control objectives we have covered as part of this audit, our assessment of risk based on the adequacy of controls in place, the effectiveness of the controls tested and any resultant recommendations. Control Objectives Assessed Design of Controls Operation of Controls Recommendations Raised Change Management Processes Software Changes Recommendation 1 and 2 Recommendation 3 Hardware Changes Recommendation 4, 5 and 6 Asset Management Recommendation 8 and 9 User Management Recommendation 7 The classifications of our assessment of risk for the design and operation of controls are set out in more detail in Appendix A. 6

7 4. Observations and Recommendations Recommendation 1: Change Management Procedures (Priority 2) Recommendation Management should ensure that a comprehensive change management procedure is documented to outline all stages of the change management process. The procedure should contain information regarding the processes and responsibilities for change identification, the approval process and the emergency change process. Observation Creating comprehensive change management procedures helps to ensure that staff are fully aware of the change management process. This also provides guidance on how change management should be implemented within the Council and defines the expected standards on how IT change should be implemented. A change management flow chart and user guide were provided which shows some of the steps required to be followed for managing ICT changes, however, they did not contain details about how changes are identified, who can approve changes, the staff that have overall responsibility for change management and how emergency changes are managed and approved. Where change management procedures are not in place, there is an increased risk that changes to the ICT Infrastructure is not managed according to a specified process and that changes may not be adequately tested or authorised prior to implementation. Responsibility Change Process owner Management response / deadline Accepted: We will review the documentation currently in place on the Change Management Process. Changes to the documentation will be made in line with this recommendation, ensuring responsibilities and approval process are clear as well as how the emergency change process will work and when the emergency process can be used. This will be completed in July

8 Recommendation 2: Documentation of Changes (Priority 2) Recommendation Management should ensure all changes are appropriately documented, authorised and prioritised. A formal review of all changes should also take place before the change is closed on the system. This should be documented and retained for future reference. Observation Documenting, approving and prioritising changes helps to ensure that the change has followed established practices, is valid and is adequately handled. Management review of the change helps to confirm that this has been completed as required. From a sample of 10 hardware and software changes tested, it was identified that three out of 10 changes had been documented; Seven out of 10 changes had been approved; and eight of out 10 had a priority assigned. Out of the 10 changes, three required dual key approval due to the new process introduced, however, it was not evident that the three changes had been approved by two officers. Audit were informed that changes are reviewed before they are closed, however, there was no evidence to confirm this had been undertaken for the sample of 10 changes tested. Where changes are not documented, approved, prioritised and reviewed, there is an increased risk that inappropriate changes are implemented. There is also a risk of ineffective implementation leading to the need for further changes to rectify initially poorly specified changes. Responsibility ICT Service Manager Management response / deadline Accepted: During the review of the Change Management process a new way of working will be implemented ensuring more control around authorisation and prioritisation will. All Changes will also require clear documentation. Formal reviews will be made on all medium and large scale changes. On small scale changes reviews will be made on more business critical changes only. July

9 Recommendation 3: User Requirements Analysis (Priority 2) Recommendation Management should ensure a user requirements analysis is performed prior to the development of or procurement of a system or software. This should be documented and retained as part of the change management process. Observation Undertaking a requirements analysis helps to ensure user needs are identified prior to the change being implemented. Audit could not obtain evidence that a user requirements analysis or a reason for the change was submitted for the sample of 10 changes tested. Where user requirements are not identified there is an increased risk that the changes implemented do not fulfil user requirements and their business needs. Responsibility ICT Service Managers Management response / deadline Accepted: All projects or significant changes involving ICT will need to have clear business cases stating the reason for change and the expected outcome. If the business case is progressed this document will be made as part of the Change Documentation. June

10 Recommendation 4: Compatibility of Systems (Priority 2) Recommendation Management should ensure that the compatibility of new systems and software is formally documented with the Council s existing IT environment prior to a change being approved for implementation. This should form a standard check on the change control template to ensure conflicting changes with the existing environment are not implemented. Observation Checking the compatibility of systems helps to ensure the software is able to operate effectively within the Council s IT environment. Audit were informed that the compatibility of systems is checked prior to approving a change, however, we could not obtain any formal evidence to confirm that this was the case. Where compatibility of a change with existing systems is not checked, there is an increased risk that inappropriate system changes or purchases are made. Where this is not tested or evaluated, it could lead to changes that are implemented having a detrimental effect on the Council s existing IT infrastructure. Responsibility ICT Service Managers Management response / deadline Accepted: Although I have not been aware that we implement products that are incompatible a formal documentation of this will be made as part of the Change Control. June

11 Recommendation 5: Roll Back and Fault Logging Procedures (Priority 2) Recommendation Management should ensure that roll back plans are documented for all approved changes. These should be supported by before and after images of changes to master data. Additionally, processes should be in place and communicated to all users to log faults that have been identified within a system with the Helpdesk. Observation Documenting of roll back plans helps to ensure that changes that do not achieve the anticipated benefits in the live environment can be reversed to restore the IT environment back to its original state. The retention of before and after images helps to provide assurance that the requested change has been performed as requested. The logging and monitoring of faults assists in the identification of areas where changes may be needed to existing implemented changes. Audit were informed that snap shots are taken before changes are implemented to help ensure the application can be rolled back if required. However, formal roll back plans are not documented and the snap shots are not retained. Additionally, procedures to log faults were not provided and it could not be confirmed if they were tracked over the long term. Where roll back plans are not documented and before and after images are not retained, there is an increased risk that the IT environment cannot be restored if the result of the change is not as intended. Failure to log and monitor faults, increases the risk that any unanticipated affects of the change on the ICT environment are not identified, which could result in an increase of incidents logged at a later stage. Responsibility Change Manager Management response / deadline Accepted: Roll back plans will be clearly documented to the satisfaction of the Change Manager and approval of changes will depend on this field being completed. In addition a communication plan will also be part of the new change process. June

12 Recommendation 6: System Testing (Priority 2) Recommendation Management should ensure system testing is performed prior to the change being marked as complete. Documented evidence of the testing should be retained for future reference. Observation Undertaking formal testing of the change before it is closed helps to provide assurance that the change is working as required before it is transferred to the live environment. Audit were informed that system testing is performed when a software change is implemented. However, there was no evidence of these tests and documentation relating to tests are not stored on the system. Where system testing is not performed, there is an increased risk that errors may not be identified prior to full implementation leading to poor system performance or system downtime. Responsibility ICT Service Manager Management response / deadline Accepted: A test plan will be implemented as part of the Change Process documentation. In addition all changes before the Manager signs it off should also have been through the test in the plan. July

13 Recommendation 7: Third Party Access (Priority 2) Recommendation Third party access to the Council s live IT environment should be controlled through access requests which should be authorised and retained to provide accountability over the reason for the remote access. The reason for access should be noted and the length of time the access is required indicated. This should be removed when no longer required. Observation Documented formal processes for remote access support helps to ensure unauthorised changes are not made to software and systems which could place the integrity of the ICT environment and system data at risk. Reviewing remote access logs helps to ensure that suppliers only access Council systems following their access being approved. Audit were informed that third party access is only enabled when required and disabled once the work has been undertaken. This is not raised as part of the change management system and it is raised as a service request. However, no further evidence was received of the procedure or service requests raised. Where suppliers have unlimited and unrestricted access to the Council s infrastructure there is a risk that ICT has no record of the work undertaken by suppliers on the network. There is also no record of instances where the supplier has accessed the Council s systems for development work. Responsibility ICT Service Manager Management response / deadline Accepted: Service requests will be followed up with enablement and disablement to be documented through the ICT help desk. July

14 Recommendation 8: Hardware Changes (Priority 2) Recommendation Management should ensure that for all hardware and hardware changes: The compatibility of hardware is assessed prior to making a hardware change or purchase; Processes should also be in place to ensure that checks are undertaken to ensure hardware is correctly installed; Evidence of the compatibility and installation checks should be retained for future reference; Responsibility for reporting hardware performance should be determined and performance should be reported on a regular basis; and Adequate support arrangements should be in place to govern the support and maintenance of hardware assets. Observation Checking the compatibility of hardware helps to ensure the hardware is able to operate effectively in the IT environment. Checking the installation of the hardware helps to confirm the change process has been successfully completed prior to formal closure of the change. The early recognition of potential hardware problems can assist in avoiding longer system disruptions. Ensuring support arrangements are in place would help to provide a level of assurance that the potential risk of hardware related failures is mitigated. Hardware compatibility and installation is not formally checked as part of the change management process. Though Key Performance Indicators have been established for hardware performance and were reported for Quarter 2, they were not reported on the Council s performance management system (Corvu) and therefore were not included in the Council s Quarterly performance reports for Quarter 1 in June Furthermore, no evidence was provided to confirm that support arrangements are in place with the supplier Dell. Where hardware compatibility and installation are not checked, there is an increased risk of system conflicts and poor hardware performance. Failure to monitor hardware performance on a regular basis increases the risk of hardware failure which could render it unstable. Responsibility Change Manager Management response / deadline Accepted: While checks are made they are not clearly documented. The checks will make up the documentation process. July

15 Recommendation 9: Hardware Inventory (Priority 2) Recommendation Management should ensure that the hardware inventory is updated to include all items of hardware including (but not limited to) peripherals and items such as printers, switches and routers. The inventory should be updated in the event of a change and reviewed regularly. Management should also consider implementing elements of Configuration Management to assist in the timely identification of IT asset configuration. Observation Maintaining a comprehensive hardware inventory helps to ensure all items of hardware are tracked and the inventory is updated following a change. It was identified that a PC and Server inventory is maintained, however, other items of hardware are not recorded. Where a comprehensive hardware inventory is not maintained, there is an increased risk that hardware items cannot be traced in the event of loss or theft. It also makes it difficult to identify if there have been any changes to hardware. Responsibility Change Manager Management response / deadline Accepted: All ICT hardware assets will be placed on an inventory. August

16 Appendix A Reporting definitions Audit assessment In order to provide management with an assessment of the adequacy and effectiveness of their systems of internal control, the following definitions are used: Level Symbol Evaluation Assessment Testing Assessment Full Substantial Limited Nil There is a sound system of internal control designed to achieve the system objectives. Whilst there is a basically sound system of internal control design, there are weaknesses in design which may place some of the system objectives at risk. Weaknesses in the system of internal control design are such as to put the system objectives at risk. Control is generally weak leaving the system open to significant error or abuse. The controls are being consistently applied. There is evidence that the level of non-compliance with some of the controls may put some of the system objectives at risk. The level of non-compliance puts the system objectives at risk. Significant non-compliance with basic controls leaves the system open to error or abuse. The assessment gradings provided here are not comparable with the International Standard on Assurance Engagements (ISAE 3000) issued by the International Audit and Assurance Standards Board and as such the grading of Full does not imply that there are no risks to the stated control objectives. 16

17 Grading of recommendations In order to assist management in using our reports, we categorise our recommendations according to their level of priority as follows: Level Priority 1 Priority 2 Priority 3 System Improvement Opportunity Definition Recommendations which are fundamental to the system and upon which the organisation should take immediate action. Recommendations which, although not fundamental to the system, provide scope for improvements to be made. Recommendations concerning issues which are considered to be of a minor nature, but which nevertheless need to be addressed. Issues concerning potential opportunities for management to improve the operational efficiency and/or effectiveness of the system. Appendix B Staff interviewed The following personnel were consulted: Neil Telkman Information, Security and Standards Officer Gary Osler Service Support Manager John Worts - Service Support Manager We would like to thank the staff involved for their co-operation during the audit. 17

18 Appendix C - Statement of responsibility We take responsibility for this report which is prepared on the basis of the limitations set out below. The matters raised in this report are only those which came to our attention during the course of our internal audit work and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact before they are implemented. The performance of internal audit work is not and should not be taken as a substitute for management s responsibilities for the application of sound management practices. We emphasise that the responsibility for a sound system of internal controls and the prevention and detection of fraud and other irregularities rests with management and work performed by internal audit should not be relied upon to identify all strengths and weaknesses in internal controls, nor relied upon to identify all circumstances of fraud or irregularity. Auditors, in conducting their work, are required to have regards to the possibility of fraud or irregularities. Even sound systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud. Internal audit procedures are designed to focus on areas as identified by management as being of greatest risk and significance and as such we rely on management to provide us full access to their accounting records and transactions for the purposes of our audit work and to ensure the authenticity of these documents. Effective and timely implementation of our recommendations by management is important for the maintenance of a reliable internal control system. The assurance level awarded in our internal audit report is not comparable with the International Standard on Assurance Engagements (ISAE 3000) issued by the International Audit and Assurance Standards Board. Deloitte & Touche Public Sector Internal Audit Limited London April 2011 In this document references to Deloitte are references to Deloitte & Touche Public Sector Internal Audit Limited. Registered office: Hill House, 1 Little New Street, London EC4A 3TR, United Kingdom. Registered in England and Wales No Deloitte & Touche Public Sector Internal Audit Limited is a subsidiary of Deloitte LLP, the United Kingdom member firm of Deloitte Touche Tohmatsu Limited ( DTTL ), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see for a detailed description of the legal structure of DTTL and its member firms. Member of Deloitte Touche Tohmatsu Limited 18

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

Dacorum Borough Council - Internal Audit Report

Dacorum Borough Council - Internal Audit Report Dacorum Borough Council - Internal Audit Report Licensing Distribution list: Rita McGinlay - Regulatory Services Group Manager Steve Baker Assistant Director (Legal, Democratic and Regulatory) Sally Marshall

More information

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 11/31 ICT Capacity Management FINAL REPORT June 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07,

More information

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating: Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation

More information

South Northamptonshire Council

South Northamptonshire Council South Northamptonshire Council Windows Active Directory Final Internal Audit Report - September Distribution list: Mike Shaw IT & Customer Services Manager David Price Director of Community Engagement

More information

Draft Internal Audit Report Software Licensing Audit. December 2009

Draft Internal Audit Report Software Licensing Audit. December 2009 Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement

More information

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating: Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management Assurance Rating: Distribution List: Final Report Audit Committee Principal Vice Principal, (Resources and Financial Planning)/Director

More information

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07 between South

More information

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set

More information

Business Planning & Budgetary Control 2012/13

Business Planning & Budgetary Control 2012/13 Cymdeithas Tai Cantref Cyf Final Internal Audit Report Business Planning & Budgetary Control 2012/13 Date of fieldwork: October November 2012 Date of draft report: November 2012 Date of final report: November

More information

Report 6c. Final Internal Audit Report Network and Communications. April 2008

Report 6c. Final Internal Audit Report Network and Communications. April 2008 Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results

More information

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15 Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13

More information

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page

More information

Avon & Somerset Police Authority

Avon & Somerset Police Authority Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:

More information

Internal Audit at the University of Cambridge.

Internal Audit at the University of Cambridge. Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc

More information

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll Coleg Gwent Internal Audit Report 2012/13 Payroll and HR Assurance Rating: Payroll HR Distribution List: Final Report Audit Committee Principal Vice Principal, (Finance, Estates and Information Services)

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Internal Audit Report 2010/11 North Norfolk District Council. February 2011

Internal Audit Report 2010/11 North Norfolk District Council. February 2011 Internal Audit Report 2010/11 North Norfolk District Council NN/11/17 Network Infrastructure, Security and Telecommunications February 2011 This report has been prepared on the basis of the limitations

More information

Aberdeen City Council IT Asset Management

Aberdeen City Council IT Asset Management Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

DBC 999 Incident Reporting Procedure

DBC 999 Incident Reporting Procedure DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible

More information

Ipswich Building Society

Ipswich Building Society Ipswich Building Society Internal Audit Charter Approved by Audit and Compliance Committee on 22 October 2015 1. Mission 1. Mission The primary role of Internal Audit is to help protect the assets, reputation

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

REVIEW OF THE FIREWALL ARRANGEMENTS

REVIEW OF THE FIREWALL ARRANGEMENTS WEST DORSET DISTRICT COUNCIL REVIEW OF THE FIREWALL ARRANGEMENTS Report issued: December 2007 The matters raised in this report are only those, which came to the attention of the auditor during the course

More information

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion Essex Fire Authority Fleet Management Internal Audit Report (4.12/13) 28 February 2013 FINAL Overall Opinion Essex Fire Authority Fleet Management 4.12/13 CONTENTS Section Page Executive Summary 1 Action

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10)

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10) Internal Audit Report 1 June 2010 Business Continuity Plan Test Post Implementation Review (PIR) CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations 5 Debrief meeting 28

More information

Interim Audit Report. Borough of Broxbourne Audit 2010/11

Interim Audit Report. Borough of Broxbourne Audit 2010/11 Interim Audit Report Borough of Broxbourne Audit 2010/11 The Audit Commission is an independent watchdog, driving economy, efficiency and effectiveness in local public services to deliver better outcomes

More information

APPENDIX 4 GREATER LONDON AUTHORITY SUN ACCOUNTS UNIX REVIEW FINAL AUDIT REPORT. Auditor: Chris Power & Michael Lacey Date: April 2003 Reference: 320

APPENDIX 4 GREATER LONDON AUTHORITY SUN ACCOUNTS UNIX REVIEW FINAL AUDIT REPORT. Auditor: Chris Power & Michael Lacey Date: April 2003 Reference: 320 APPENDIX 4 GREATER LONDON AUTHORITY SUN ACCOUNTS UNIX REVIEW FINAL AUDIT REPORT Auditor: Chris Power & Michael Lacey Date: April Reference: 320 Table of Contents 1 INTRODUCTION 2 Page 2 OBJECTIVES AND

More information

X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3

X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3 X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3 Date : 09/08/06 Issue: 6 This is an unpublished work the copyright in which vests in X2 Connect Limited. All rights reserved. The

More information

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION

More information

Aberdeen City Council IT Disaster Recovery

Aberdeen City Council IT Disaster Recovery Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

A guide to investing. Appendix 10 Choice of business entity

A guide to investing. Appendix 10 Choice of business entity A guide to investing in Wales Appendix 10 Choice of business entity August 2013 Appendix 10 Choice of business entity 1. Principal forms of doing business Business organisations in the UK usually take

More information

National Assembly for Wales Internal Audit Charter

National Assembly for Wales Internal Audit Charter National Assembly for Wales Internal Audit Charter Purpose 1.1 This charter is a high level statement of how internal audit will be delivered and developed and formally defines the purpose, authority and

More information

Essex Fire Authority

Essex Fire Authority Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013

More information

Audit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction

Audit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction Audit Committee, 13 March 2013 Internal Audit Report Project Management Executive summary and recommendations Introduction Mazars has undertaken a review of the arrangements for project management in accordance

More information

Governance and Audit Committee 23 November 2015

Governance and Audit Committee 23 November 2015 Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on

More information

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

Charity Audit Committee performance evaluation Self assessment checklist. October 2014 Charity Audit Committee performance evaluation Self assessment checklist October 2014 With increasing responsibilities and complexities, being a member of the Audit Committee has never been more challenging

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15

Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15 Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery Final Report FU18 14/15 27 th May 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS

More information

DRAFT. Internal Audit Report. Computer Recycling

DRAFT. Internal Audit Report. Computer Recycling DRAFT Internal Audit Report Computer Recycling Document Details: Reference: 2.7/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement Manager: ext. 6572 Auditor: ext. 6244 Date: 4 th

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office IT Procurement Review Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Last updated 18 June 2012 Will Simpson Senior Manager T: 0161 953 6486 E: will.g.simpson@uk.gt.com

More information

NHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015

NHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015 Internal Audit Annual Report 2014/15 May 2015 Internal Audit Annual Report INTRODUCTION This is the 2014/15 Annual Report by TIAA on the internal control environment at Dorset Clinical Commissioning Group.

More information

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Internal Audit Report () FINAL Risk Management: Follow Up of Previous Internal Audit Recommendations

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft

More information

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015 Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud

More information

Auditing data protection a guide to ICO data protection audits

Auditing data protection a guide to ICO data protection audits Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit

More information

ESSEX FIRE AUTHORITY. Internal Audit Progress Report. Audit Sub-Committee Meeting: April 2012

ESSEX FIRE AUTHORITY. Internal Audit Progress Report. Audit Sub-Committee Meeting: April 2012 ESSEX FIRE AUTHORITY Internal Audit Progress Report Audit Sub-Committee Meeting: April Essex Fire Authority CONTENTS Section Page 1 Introduction 1 2 Final reports 1 3 Key Findings from Internal Audit Work

More information

Northumberland National Park Authority Report on the audit for the year ended 31 March 2012

Northumberland National Park Authority Report on the audit for the year ended 31 March 2012 Northumberland National Park Authority Report on the audit for the year ended 31 March 2012 September 2012 Dear Sirs We have pleasure in setting out in this document our report to the Northumberland National

More information

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 6 4 Our

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management. Final Report FU01 14/15

Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management. Final Report FU01 14/15 Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management Final Report FU01 14/15 11 November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 4 SECTION 2 - DETAILED FINDINGS AND

More information

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY Originator IT Change Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

Internal Audit Annual Report 2014/2015

Internal Audit Annual Report 2014/2015 www.pwc.co.uk Internal Audit Annual Report 2014/2015 DRAFT Oxford City Council June 2015 Annual Report 2014/2015 Contents 1. Executive summary 1 2. Summary of findings 3 3. Internal Audit work conducted

More information

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013 Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council This version of the report is a draft. Its contents and subject matter remain under review and its contents

More information

Aberdeen City Council IT Governance

Aberdeen City Council IT Governance Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13

Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13 Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing Final Report FU16 12/13 09 October 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 2 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS

More information

The Internal Audit fraud challenge Prevention, protection, detection

The Internal Audit fraud challenge Prevention, protection, detection The Internal Audit fraud challenge Prevention, protection, detection Contents Introduction to survey 1 Key findings 2 What are the views of senior management? 3 Adequately resourced? 6 Current trends and

More information

CHIEF INTERNAL AUDITOR S ANNUAL REPORT AND OPINION

CHIEF INTERNAL AUDITOR S ANNUAL REPORT AND OPINION CHIEF INTERNAL AUDITOR S ANNUAL REPORT AND OPINION 2012-2013 Neil Pitman Chief Internal Auditor 24 June 2013 1. INTERNAL CONTROL AND THE ROLE OF INTERNAL AUDIT 1.1. Under the Accounts and Audit (England)

More information

Internal audit report Information Security / Data Protection review

Internal audit report Information Security / Data Protection review Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security

More information

The Learning Zone - Project Management Arrangements

The Learning Zone - Project Management Arrangements Coleg Gwent Internal Audit Report () 6 June 2012 Overall Opinion The Learning Zone - Project Management Arrangements CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Level 3 Customer support provision for the IT professional (7540-030/7630-323)

Level 3 Customer support provision for the IT professional (7540-030/7630-323) Level 3 Customer support provision for the IT professional (7540-030/7630-323) Systems and Principles (QCF) Assignment guide for Candidates Assignment A www.cityandguilds.com September 2012 Version 7.0

More information

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES IN CONFIDENCE TABLE OF CONTENTS 1 CONTACT DETAILS 1 1.1 The Client Contract Management

More information

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective. Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Incident Response Policy Reference Number Title CSD-012 Information Security Incident Response Policy Version Number 1.2 Document Status Document Classification

More information

LONDON BOROUGH OF HARROW. Overview & Scrutiny Committee

LONDON BOROUGH OF HARROW. Overview & Scrutiny Committee LONDON BOROUGH OF HARROW Meeting: Overview & Scrutiny Committee Date: 27 April 2004 Subject: Internal Audit Plan 2004/05 Key Decision: Responsible Chief Officer: No Executive Director, Business Connections

More information

Exposure Draft Statement of Recommended Practice: Financial Statements of Investment Trust Companies and Venture Capital Trusts

Exposure Draft Statement of Recommended Practice: Financial Statements of Investment Trust Companies and Venture Capital Trusts Deloitte LLP 2 New Street Square London EC4A 3BZ Tel: +44 (0) 20 7936 3000 Fax: +44 (0) 20 7583 1198 www.deloitte.co.uk Direct: 0207 007 0884 Direct fax: 020 7007 0158 vepoole@deloitte.co.uk John Stevens

More information

Ref: Issue Raised Recommendation Priority Management Response Implementation Network and ABS E-Financials 1. Account security settings

Ref: Issue Raised Recommendation Priority Management Response Implementation Network and ABS E-Financials 1. Account security settings Appendix A Hertsmere Borough Council - Review of information technology controls 2011-12 Ref: Issue Raised Recommendation Priority Management Response Implementation Network and ABS E-Financials 1. Account

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Current issues and trends in the Aerospace supply chain

Current issues and trends in the Aerospace supply chain Current issues and trends in the Aerospace supply chain Iain Subtitle Kirwan runs here 1 line max Director Supply Chain Consulting Global A&D insights and trends Overall global A&D industry expected to

More information

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938

More information

Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements. Final Report FU01 13/14

Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements. Final Report FU01 13/14 Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements Final Report FU01 13/14 INTERNAL AUDIT FOLLOW UP REPORT CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3

More information

RS Official Gazette, No 23/2013 and 113/2013

RS Official Gazette, No 23/2013 and 113/2013 RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005

More information

Governance in brief BIS and the FRC consult on options for UK implementation of the EU Audit Directive & Regulation

Governance in brief BIS and the FRC consult on options for UK implementation of the EU Audit Directive & Regulation January 2015 Governance in brief BIS and the FRC consult on options for UK implementation of the EU Audit Directive & Regulation Headlines The UK will take the option to extend the mandatory auditor rotation

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

AUDIT COMMITTEE 3 December 2013

AUDIT COMMITTEE 3 December 2013 AUDIT COMMITTEE 3 December 2013 Subject Heading: Report Author and contact details: Policy context: Financial summary: Internal Audit School Final Report Summaries, 29 June 2013 to 31 September 2013 Kate

More information

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

IT control environment Caerphilly County Borough Council

IT control environment Caerphilly County Borough Council Audit 2008/2009 November 2009 Author: PricewaterhouseCoopers LLP Ref: C09366 IT control environment Caerphilly County Borough Council We found the overall IT control environment at Caerphilly County Borough

More information

1. To be the principal point of contact and have responsibility for IT support incidents.

1. To be the principal point of contact and have responsibility for IT support incidents. JOB TITLE: RESPONSIBLE TO: RESPONSIBLE FOR: Service Desk Engineer Service Desk Supervisor N/A JOB OUTLINE The Service Desk Engineer will be responsible for providing an effective first-line support service

More information

The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable

The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable The Annual Audit Letter for West Mercia Police and Crime Commissioner and Chief Constable Year ended 31 March 2015 October 2015 John Gregory Director and Engagement Lead T +44 (0)121 232 5333 E john.gregory@uk.gt.com

More information

The benefits anticipated from the project can be summarised as follows:

The benefits anticipated from the project can be summarised as follows: UNO Benefits Realisation Plan Background The aim of the UNO project was to create an up to date ICT system to enable the Assembly to work independently of the Welsh Government, to improve business continuity

More information

Audit Committee, 20 March 2014. Internal Audit Report Project Management. Executive summary and recommendations. Introduction

Audit Committee, 20 March 2014. Internal Audit Report Project Management. Executive summary and recommendations. Introduction Audit Committee, 20 Internal Audit Report Project Management Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14 Mazars have undertaken a review of arrangements

More information

AUDIT COMMITTEE 10 DECEMBER 2014

AUDIT COMMITTEE 10 DECEMBER 2014 AUDIT COMMITTEE 10 DECEMBER 2014 AGENDA ITEM 8 Subject Report by MANAGEMENT OF INFORMATION RISKS DIRECTOR OF CORPORATE SERVICES Enquiries contact: Tony Preston, Ext 6541, email tony.preston@chelmsford.gov.uk

More information

APPENDIX 2 GENERIC OPERATIONAL RISKS RISK TABLES & ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006

APPENDIX 2 GENERIC OPERATIONAL RISKS RISK TABLES & ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006 APPENDIX 2 GENERIC OPERATIONAL S TABLES ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006 GENERIC S AFFECTING MOST OR ALL SERVICES OPERATIONAL S OF HYNDBURN BOROUGH COUNCIL PROFESSIONAL LIKELI- HOOD

More information

Cheshire Fire Authority

Cheshire Fire Authority Cheshire Fire Authority Internal Plan 2013/2014 Presented at the Cheshire Fire Authority meeting of: 17 April 2013 Lisa Randall Head of Internal 1 INTRODUCTION This document sets out the approach we have

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

The Annual Audit Letter for Torbay Council

The Annual Audit Letter for Torbay Council The Annual Audit Letter for Torbay Council Year ended 31 March 2014 October 2014 Alex Walling Engagement Lead T 0117 305 7804 E alex.j.walling@uk.gt.com Mark Bartlett Manager T 0117 305 7896 E mark.bartlett@uk.gt.com

More information

Audit Quality Thematic Review

Audit Quality Thematic Review Thematic Review Professional discipline Financial Reporting Council 201 Audit Quality Thematic Review Firms audit quality monitoring The FRC is responsible for promoting high quality corporate governance

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

The Audit Findings for London Borough of Richmond upon Thames

The Audit Findings for London Borough of Richmond upon Thames The Audit Findings for London Borough of Richmond upon Thames. Year ended 31 March 2013 September 2013 Page 13 Paul Grady Director T 020 7728 2681 E paul.d.grady@uk.gt.com Sarah Ironmonger Manager T 07880

More information

Building the intelligent client PPM is the new ERP

Building the intelligent client PPM is the new ERP Building the intelligent client PPM is the new ERP Louisa Arundale (Deloitte), David Judge (Oracle) and Hayley Speller (Deloitte) Infrastructure and Capital Projects 1 October 2014 $46 trillion By 2030

More information

Audit Quality Thematic Review

Audit Quality Thematic Review Thematic Review Professional discipline Financial Reporting Council January 2014 Audit Quality Thematic Review Fraud risks and laws and regulations The FRC is responsible for promoting high quality corporate

More information

Internal Audit Report Disaster Recovery / Business Continuity Planning

Internal Audit Report Disaster Recovery / Business Continuity Planning Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,

More information

Internal Audit Strategic and Annual Plans 2015/16

Internal Audit Strategic and Annual Plans 2015/16 Internal Audit Strategic and Annual Plans 2015/16 Financial Scrutiny and Audit Committee 10 February 2015 Agenda Item No 8 Summary: This report provides an overview of the stages followed prior to the

More information

POST DESCRIPTION AND PERSON SPECIFICATION

POST DESCRIPTION AND PERSON SPECIFICATION POST SALARY HOURS OF DUTY LOCATION REPORTING TO RESPONSIBLE FOR NETWORK ENGINEER 21,506-27,184 (subject to review) 35 Hours per Week TO BE ADVISED Network Development Manager N/A KEY RESPONSIBILITIES 1.

More information