Avon & Somerset Police Authority

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Avon & Somerset Police Authority"

Transcription

1 Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution: Mark Simmonds Hannah Watts Treasurer, Police Authority Inspections Coordinator, Constabulary Date of Fieldwork: 11 January to 1 February 2010 This report is prepared on the basis of the limitations at Appendix B. This report and the work connected therewith are subject to the Terms and Conditions of the engagement letter dated 29 September 2005 between Avon and Somerset Police Authority and Deloitte & Touche LLP (now known as Deloitte LLP). The report is produced solely for the use of Avon and Somerset Police Authority. Its contents should not be quoted or referred to in whole or in part without our prior written consent except as required by law. Deloitte LLP will accept no responsibility to any third party, as the report has not been prepared, and is not intended for any other purpose.

2 Contents 1. Executive summary 1 Background 1 Key findings 1 Summary evaluation of controls 3 Delivery of scope 3 2. Scope of review 4 3. Recommendations Incident and problem management Incident classification Governance, roles and responsibilities Incident & Problem Closure 18 Appendix A - Definitions of audit opinion 20 Appendix B - Statement of responsibility 21

3 1. Executive summary Background The IT Service Desk provides the first line of support for all incidents and service requests impacting on the organisations use of IT. The Police operate in a highly dynamic environment where the availability and successful operation of key IT Systems underpin business critical processes. An effective service management system is therefore vital to ensure that the required high levels of service and support are sustained at all times. As part of the 2009/10 Internal Audit plan, agreed with the Performance & Audit Committee, we have completed an internal audit of the effectiveness of the IT Service Desk. Further detail of the scope of the audit is included in Section 2 of this report. The Avon & Somerset Police IT Service Desk, which serves both the Police Authority and Constabulary, is run by Southwest One Technology Services. The Service Desk operates 24/7, acting as the first point of call for all IT related issues. Southwest One are contracted to operate the service desk in line with the Information Technology Infrastructure Library (ITIL) best practice framework. There are a number of interdependent components which make up an effective IT Service Management system. Under ITIL, these include, but are not limited to, considerations for the effective management of problems and incidents. Following a directive from the National Police Improvement Agency (NPIA), Southwest One Technology Services recently completed a mandatory self-assessment of its current service management system against core ITIL principles. This assessment identified a number of key areas for improvement particularly in the area of problem, configuration and release management. A full audit by Her Majesty s Inspectorate of Constabulary (HMIC) is to be completed in 2010/11. This design and reporting of Southwest One KPIs have not been assessed during the completion of this audit. These have been reviewed as part of a separate audit of Southwest One KPIs within the 2009/10 Internal Audit Plan. Key findings As a result of our work, we have concluded that a satisfactory level of assurance can be placed on activities in this area. Whilst an operational framework for IT Service Management has been established, there remain weaknesses in the wider system of internal control which put some of the system s overall objectives at risk. Although the existing Service Desk is functional in providing users a designated point of contact for IT queries and incident management, inherent limitations within the HEAT Service Desk tool present a major constraint to embedding ITIL aligned processes across the department. Our audit has verified the impact of these limitations and identified some further areas for improvement to operate within the ITIL framework. Specifically, there is currently no problem management process in operation and the relationships between incidents, problems and changes are not being captured. Potential improvements have also been identified in relation to incident ownership and the absence of formal escalation procedures for open incidents to ensure this operate according to ITIL principles. Our work has also highlighted weaknesses relating to staff training and awareness and the adequacy of performance reporting. We have raised one high, seven medium and three low priority recommendations. Further details of the high and medium priority recommendations are summarised below: Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 1

4 IT Service Management (ITSM) tools do not support ITIL processes (high priority) The current ITSM software, HEAT is not designed to support ITIL processes. Key weaknesses include the absence of integrated modules for Problem and Change Management and limited functionality for robust Service Level Management. The absence of an ITIL compliant Service Desk tool has been identified by management as a key constraint to implementing ITIL aligned processes within the department. Lack of incident ownership by Service Desk (medium priority) Ownership and responsibility for incidents is currently transferred to resolver groups once assigned by the Service Desk. ITIL specifically states Incident Ownership should remain with the Service Desk at all times, regardless of where the incident is referred to during its life. No Incident Manager role (medium priority) There is currently no Incident Manager role in operation. The role of Incident Manager, with overarching responsibility for the Incident Management process, is a key element of an ITIL aligned Service Desk. Formal escalation procedures not in place (medium priority) Formal escalation procedures have not been defined within the IT Service Desk. Furthermore, all automated escalation alerting within the HEAT IT Service Management (ITSM) tool has been switched off. Problem management process not implemented (medium priority) Whilst a documented Problem Management Policy has been in place since September 2008, the process has yet to become embedded within the department. The absence of a dedicated Problem Manager and the inherent limitations of the HEAT tool for supporting this process have been identified as the root causes. No Problem Manager role (medium priority) There is not currently a dedicated Problem Manager with a remit to focus on identifying and managing underlying IT problems. This role is a key element of an ITIL aligned service desk. Incorrect initial classification of incidents (medium priority) The correct prioritisation of Incidents relies on Service Desk staff correctly assessing the Impact and Urgency at the time the incident is logged. Our testing identified a number of instances where Incidents and Support Requests had been wrongly classified by the Service Desk. We also noted an absence of clear guidance over which systems are classed as Business Critical for the purposes of this assessment. User satisfaction surveys (medium priority) Customer satisfaction surveys, generated at call closure, provide a unique means of assessing how the Service Desk is perceived by IT users and therefore focused and timely opportunities for improvement. The results of such surveys are not currently included in monthly performance reporting. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 2

5 Summary evaluation of controls Area Level of Assurance Number of findings identified as: High risk Medium risk Low risk Control objectives reference Governance, roles and responsibilities , 2 Incident classification Incident and problem management , 8, 10, 12, 13, 15, 16 Incident and problem closure OVERALL OPINION The definitions of summary evaluations and categorisation of recommendations are in Appendix A. Delivery of scope We were able to consider all areas indicated in the scope in Section 2 and can confirm that weaknesses have been identified against those objectives referenced above. Details of all of the issues raised in the duration of the audit are summarised on the contents page and full details are provided in Section 3. We would like to take this opportunity to thank all staff involved for their co-operation during the internal audit. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 3

6 2. Scope of review Objective The objectives of our project were to establish whether: Governance, roles and responsibilities 1. Formal, ITIL based policies and procedures exist with regards to the handling of incidents and problems including information on their reporting, response and assessment; 2. Roles and responsibilities have been communicated to all staff, to ensure that incident and problem handlers and managers have received an appropriate level of training to successfully implement and maintain ITIL; 3. Service levels for incident response and resolution are implemented and measured in line with the Southwest One contract; and 4. The Service Desk acts as the primary point of contact for all communications in respect of questions, requests, complaints and feedback. Incident classification 5. Acting as a single point of contact, the service desk logs, monitors and controls all incidents and problems; 6. All incidents and problems are correctly categorised and prioritised before being allocated to appropriate individuals for resolution. Incident and problem management 7. All incidents and problems logged with via the TS Service Desk are assigned an appropriate owner; 8. Incidents and problems are actively and appropriately managed to ensure resolution in line with recognised priority to the business with a focus on restoration of service. 9. Management monitor the status of open incidents to ensure timely resolution; 10. Escalation trigger points have been defined and open calls are escalated to senior management when escalation points are hit; - does not really happen, no formal incident manager or problem manager 11. A Knowledge Management or Known Error database is in place to capture common or recurring issues within the IT environment and make those solutions available to both TS and Force staff, as appropriate; 12. Incidents which cannot be resolved through the Knowledge Management or Known Error database generate problems; 13. Problems are investigated according to their priority to identify an appropriate solution, restore service to users as quickly as possible (if not already done so) and identify the root cause; 14. Short term fixes and long term, solutions to problems are included in the Knowledge Management or Known Error Database; 15. A clear link is in place between problem resolution and the change management process; and 16. The Service Desk Management Software is capable and fully utilised to support ITIL based processes. Incident and problem closure 17. User satisfaction, response time and trend identification reports are generated and reviewed by senior management; and 18. Lessons learned are prepared and reviewed after high priority and statistically significant incidents and problems have been resolved. This audit will did not cover the design and reporting of Southwest One KPIs as these are to be addressed in a separate Southwest One performance audit. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 4

7 Link to risk register Constabulary Risk 4.5: Server disruption could impact on internal systems. Impact of Southwest One This audit was within the scope of Southwest One. Locations / Business Units The work was performed at Avon and Somerset Police Headquarters in Portishead. Work to be done Internal Audit Services performed the following steps: Made contact prior to commencement of the audit to identify key staff, arrange initial meetings and provided details of documentation to which we required access; Recorded how the various systems operate; Tested the systems and procedures that are in operation; Met with responsible management to discuss the conclusions and proposed recommendations; and Produced and issued a draft report, prior to the issue of the final report. Deliverables We will produce a report in the standard Internal Audit format, which summarises the results of the project. Limitation of scope As limited purpose audit testing will be performed, our findings cannot be relied upon to be representative of the operation of control procedures at any time other than the time of observation of these control practices and in relation to the transactions tested. There are inherent limitations in any internal control system and thus errors or irregularities may occur and not be detected in our work. Projection of evaluations to future periods is subject to the risk that the policies and procedures may become inadequate because of changes in conditions, or that the degree of compliance with those policies and procedures may deteriorate. Management s responsibilities Avon & Somerset Police Authority is responsible for establishing and maintaining an effective internal control system. An effective internal control system reduces the likelihood that errors or irregularities will occur and remain undetected; however, it does not eliminate that possibility. There are inherent limitations in any control system and thus errors or irregularities may occur and not be detected. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 5

8 3. Recommendations 3.1 Incident and problem management No. Rationale Priority Recommendation Action Plan, Responsibility and IT Service Management (ITSM) tools do not support ITIL processes The existence of an ITIL aligned IT Service Management Tool is critical in supporting the effective application of standard ITIL processes across the department The HEAT IT Service Desk software does not support the implementation of key ITIL processes. The following weaknesses have been identified with the current solution: No support for integrated problem and change management HEAT is primarily an Incident tracking tool and does not provide support for integrated problem and change management. Under ITIL, separate problem records within the Service Desk tool should be used to document the High Since the limitations of the current tool have been acknowledged by SW1 management and an alternative solution, Maximo ITSM, has been identified as a potential replacement, this tool should be implemented as soon as possible in line with the Service Desk s existing plans. A new Service Desk system is being implemented in 2010 with ITIL workflows built into the system. Target date is July The contractual responsibility for delivery rests with Southwest One Head of ICT, who will be held accountable for delivery by the Retained Head of ICT. SWOne have been unable to meet the originally accepted implementation date of October The current agreed target is 31July Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 6

9 No. Rationale Priority Recommendation Action Plan, Responsibility and root cause analysis and resolution of underlying IT problems. Under this model, incident records are closed once service has been restored, with the underlying problem investigated through a linked problem record. An ITIL aligned Service Desk tool would also include an integrated change management module to ensure that appropriate control procedures and change records are implemented where necessary. Where these processes are not linked in this way, there is an increased risk of changes being implemented in the Live environment without the appropriate change process being followed. Such changes could result in increased system downtime and do not support effective Configuration Management. Automated escalation triggers disabled Although HEAT supports the configuration of automated escalation triggers, this functionality is currently disabled. Under ITIL, the level and timescales for management escalation should be defined with respect to SLA targets and then embedded within the service desk software to ensure consistent application for all ongoing incidents and problems. Basic Service Level Management The priority of all incidents is initially assigned by HEAT using a basic function of impact and urgency as assessed by the service desk operator when the incident is initially logged To ensure the replacement tool delivers the improvements expected of it and all functionality is supported, management should ensure that adequate due diligence is performed prior to its implementation All service delivery staff (including 2 nd and 3 rd line resolver groups) should be provided with adequate training once the new tool has been implemented. SWOne are contracted to seek agreement of the suitability of new service management tools, prior to introduction. The Retained Head of ICT has met with the system developers on several occasions and has accepted that the system is fit for purpose. Retained Head of ICT Implemented Training of staff is an internal issue for SWOne. SWOne have provided positive assurance that training is planned for all relevant staff. Southwest One Head of ICT has contractual responsibility for delivery and will be held to account by the Retained Head of ICT Retained Head of IS will check that training has been completed once new product implemented. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 7

10 No. Rationale Priority Recommendation IT Service Management (ITSM) tools do not support ITIL processes (continued). Where the priority of an incident is subsequently changed, constraints within the HEAT tool make it difficult to assess the performance of the incident response against the revised SLA target time. ITIL specifically states that tools with such constraints should not be selected. The inability to re-open closed incident records within HEAT is also considered to be a weakness. There is a risk that incidents are not correctly reported where system constraints prevent priorities being changed in response to an adjustment of the initial impact assessment. Furthermore, where incident records cannot be re-opened, there is a risk that SLA performance cannot continue to be assessed where the status of the incident has been wrongly changed service restored / closed. High Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 8

11 No. Rationale Priority Recommendation Action Plan, Responsibility and Lack of incident ownership by Service Desk ITIL states that incident ownership should remain with the Service Desk at all times, regardless of where the incident is referred to during its life. Under ITIL, the Service desk should retain responsibility for tracking progress to ensure SLA targets are met, keeping users informed and incident closure. At Avon & Somerset, once cases have been assigned by the Service Desk to a support team, ownership of that incident is deemed to have been transferred to that support team. As such, the Service Desk currently has no ownership of open incidents. Where incident ownership is not retained by the Service Desk, this significantly limits the ability of management to monitor the effectiveness of the incident management process at an operational level. Specifically, there is a risk that: slow-moving incident records are not identified promptly; users are dissatisfied with the service as progress updates are not communicated to them; and incident closure procedures are not adhered to. Medium Incident Management procedures should be revised so that the responsibility for managing all incidents resides with the Service Desk under the supervision of a dedicated Incident Manager The Service Desk should retain overarching responsibility for tracking progress against SLAs, keeping users informed and for incident closure Where it is deemed necessary that only specialist resolver teams liaise with senior users, this should be formalised as part of the local incident management process so that roles and responsibilities are understood. Single accountability for Incident Management has been assigned to the Service Desk Manager (and documented in their Key Focus Areas which will become part of the Job Description over time) from incident receipt to incident closure. This is supported by an organisational design that is fully within the control of the Service Desk Manager and documented in various job descriptions and roles and responsibilities documents as well as process documents Increased detail has been requested in the relevant reported KPIs for Incident Resolution. This detail includes charts of historical data and associated trends. This information will be monitored for positive trends and indications of associated improvements. Southwest One Head of ICT, who is heald to account by Retained Head of ICT The provision of the services will be monitored over the next 6 months, whilst SWOne improves ITIL-related processes. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 9

12 No. Rationale Priority Recommendation Action Plan, Responsibility and No Incident Manager role ITIL identifies the role of Incident Manager as a key element of the Incident Management process. This role does not currently exist within the Service Desk team. The absence of a dedicated Incident Manager with responsibility for co-ordinating the incident management process increases the risk of noncompliance with approved procedures and an increased number of Incident records breaching agreed Service Levels. Medium Management should consider assigning a dedicated Incident Manager within the First Line Service Desk to co-ordinate the incident management process. Their responsibilities may include: The management and tracking of all ongoing incidents (including close co-ordination of major incidents as part of the major incident process) Managing the work of incident management support staff Developing and maintaining incident management procedures; and Producing management information. A new Incident Manager role is being introduced into the Service Desk over the next month target date end June 2010 Southwest One Head of ICT, who will be held to account by Retained Head of ICT To be reviewed July 2010 to establish that the post has been implemented Formal escalation procedures not in place The implementation of robust escalation procedures forms an essential part of the incident management Process. Escalation triggers alert management to the existence of potential SLA breaches, and provide a means for assessing whether additional resources are required. Hierarchal escalation to senior management is also imperative for all critical incidents currently under investigation. Automated escalation alerting Escalation procedures have not been defined within the Service Desk. In particular, automated escalation alerts within HEAT have been disabled due to the unmanageable number of escalation s which it generates. Medium Management should define formal rules governing how problems and incidents are escalated to different levels of management. The agreed target times for escalation and associated escalation paths should then be configured within the Service Desk software. Formal escalation procedures have been written and approved. They will be implemented in line with the Incident Manager role and other Incident Management related processes and functions. Target date end June 2010 Southwest One Head of ICT, who is held to account by Retained Head of ICT To be reviewed by Retained Head of ICT June 2010 Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 10

13 No. Rationale Priority Recommendation Action Plan, Responsibility and cont Senior service management staff confirmed that communication of critical incidents is often informal, with a high level of reliance placed on resolver team managers to inform them of ongoing issues. The root cause of this issue has been attributed to a lack of functionality within HEAT to specify custom escalation rules for different types of incident. Specifically, it has not been possible to restrict the sending of escalation alerts to certain levels of management in line with the type and severity of the incident. The absence of pre-agreed escalation rules for incidents increases the risk that SLAs are breached and that incidents are not resolved in a timely manner Management should ensure that any new Service Desk software includes adequate support for integrated service level management so that the required escalation rules can be implemented As part of these escalation procedures, specific hierarchical escalation rules should be implemented to ensure that senior service delivery staff are notified of all critical incidents being investigated. Under ITIL, users should be routinely informed by the Service Desk once an incident has been escalated. Assurance that this functionality exists with Maximo has already been obtained by the Retained Head of ICT Retained Head of ICT Implemented Assurance that this functionality exists with Maximo has already been obtained by the Retained Head of ICT Retained Head of ICT confirmation of implementation is pending release of Maximo. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 11

14 No. Rationale Priority Recommendation Action Plan, Responsibility and Absence of problem management process ITIL defines a problem as the unknown cause of one or more incidents. The problem management process is used to diagnose the root cause of such incidents, and to determine the resolution to the underlying problem. Whilst a documented Problem Management Policy has been in place since September 2008, the process has yet to become embedded within the department. Key management confirmed that whilst ongoing problems are known locally within the different support teams; these are not routinely documented, and do not follow a standard process. The absence of documented problem records has been largely attributed to a lack of support for Integrated problem management within the HEAT Service Desk tool. Without an operational problem management framework there is a greatly increased risk that underlying IT problems will continue to cause service outages and disruption to users. Medium Management should establish an operational problem management framework which is both appropriately managed and understood by all staff. Management should also ensure that any new IT Service Management (ITSM) tool fully supports ITIL Problem Management Management should review how priorities are assigned to problem records and consider formalising separate SLAs for Problem resolution where necessary. This is a supporting activity to the Incident Management Process which is currently the focus area for attention. Work will begin on implementing problem management in July 2010 and expected to be completed by end August Southwest One Head of ICT who is held to account by Retained Head of ICT 31 August 2010 Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 12

15 No. Rationale Priority Recommendation Action Plan, Responsibility and No Problem Manager role ITIL identifies the role of Problem Manager as a key element of the Problem Management process. Whilst it is acknowledged that this role has recently been allocated, the position has yet to become operational. The absence of a dedicated Problem Manager increases the risk of non-compliance with approved procedures and increased system downtime caused by known problems. Medium The timely introduction of the Problem Manager role will be a key enabler of this process. This individual needs to be the single point of co-ordination and owner of the Problem Management Process. Key responsibilities should include: Liaison with Resolver Groups to ensure the swift resolution of all Problems within SLA targets; Input into the Major Incident Process as appropriate; Responsibility for maintaining the Known Error Database and associated knowledge basis; and Responsibility for Problem record closure and major problem reviews. Roles and responsibilities for a Problem Manager have been defined and approved. A Problem Manager has been recruited into the Service Management team and a refined role is expected to be implemented in line with the process work above. Target date end Aug Southwest One Head of ICT, who is held to account by Retained Head of ICT 31 August Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 13

16 3.2 Incident classification No. Rationale Priority Recommendation Action Plan, Responsibility and Incorrect initial classification of incidents The priority of an incident is automatically assigned by HEAT using a basic function of Impact and Urgency as assessed by the Service Desk Analyst when the incident is initially logged. Service Desk staff have access to a high level support matrix to guide them in performing this assessment. The following issues were noted: 1. The total number of critical incidents per the monthly performance reports for the past 3 months was seen to be significantly less than the reported figures generated directly from HEAT. Testing of a sample of these HEAT records broadly supported the adjusted figures, with the HEAT report containing approximately 60% of incident records which had been wrongly classified by the Service Desk. 2. In assessing the urgency criteria of a reported incident, the guidance in place requires staff to consider whether the affected system is of a business critical nature. The Service Desk does not currently maintain a defined list of systems which have been deemed business critical for the purpose of this assessment. Medium In order to implement a successful ITIL Service Management system, management should ensure that all Service Desk staff have received adequate training both in generic ITIL concepts, as well as specific training to ensure they understand how these concepts are applied locally Specifically, management should ensure Service Desk staff receive adequate training on how to correctly classify incidents. Such training should incorporate practical examples for each priority assignment. The Service Desk Manger has been assigned this task (and documented in their Key Focus Areas which will become part of the Job Description over time). This will be a key area in which their performance will be assessed. This is an on-going task and one that will be supported by a plan to address consistency issues. Southwest One Head of ICT who is held to account by Retained Head of ICT Now in place. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 14

17 No. Rationale Priority Recommendation Action Plan, Responsibility and Incorrect initial classification of incidents (continued) The absence of clear guidance over business critical systems also increases the possibility of errors being made. Furthermore, inaccurate classification of incidents can complicate the reporting process, as specialist resources are then required to analyse and manually adjust for any discrepancies. Medium Assurance will be sought from SW1 that this issues has been resolved. Retained Head of ICT 30 June 2010 Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 15

18 3.3 Governance, roles and responsibilities No. Rationale Priority Recommendation Action Plan, Responsibility and No regular review of policies and procedures Regularly reviewed policies and procedures should be in place to guide the effective operation of the Service Desk. Whilst ITIL aligned policies for Incident, Problem and Change Management have been drafted; these have not been updated since September Furthermore, the Incident Management policy remains in draft form, having yet to be approved by Service Delivery Management. In light of our findings, it has also been confirmed that many of the documented procedures have yet to be implemented within the department (e.g. problem management). Low Management should review all policies and procedures to ensure they accurately reflect how the developing ITIL Strategy is to be rolled out across the department. Specifically, these policies should be revised following the implementation of Maximo ITSM due to the inevitable impact this change will have on local working practices. Going forward, policies should be reviewed on at least an annual basis to ensure ongoing pertinence. This recommendation has been brought to the attention of southwest One Head of ICT and a response is awaited. Southwest One head of ICT, who is held to account by Retained Head of ICT. 31 May Where up to date policies and procedures are not established there is a risk that key elements of the Service Management provision do not operate in line with the expectations of management leading to sub-optimal working practices. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 16

19 No. Rationale Priority Recommendation Action Plan, Responsibility and Lack of ongoing training for Service Desk staff Sufficient staff training is vital to ensuring that approved Service Management processes are consistently followed. Whilst approximately 60% of the current Service Desk team have completed a level of ITIL training, no such training has been provided to staff joining the Service Desk within the past 4 years. This will be of increasing importance with the upcoming transition to Maximo and related amendments to business processes to support the new tool. Low In order to implement a successful ITIL Service Management system, management should ensure that all Service Desk staff have received adequate training both in generic ITIL concepts, as well as specific training to ensure they understand how these concepts are applied locally. Specifically, training needs have been identified in relation to ITIL awareness training for more recent members of the Service Desk Team. Management should also ensure that sufficient training is provided to all Service Delivery staff following the implementation of Maximo ITSM. This recommendation has been brought to the attention of Southwest One Head of ICT and a response is awaited. Southwest One Head of ICT who is held to account by Retained Head of ICT 31 May Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 17

20 3.4 Incident & Problem Closure No. Rationale Priority Recommendation Action Plan, Responsibility and Use of customer satisfaction surveys ITIL identifies the use of customer satisfaction surveys as an important measure of Service Desk performance. Automated feedback requests have historically formed part of the incident closure process, with the results of these surveys being reviewed by Service Desk Management using the Survey Monkey tool. The following issues were noted: 1. User feedback does not feature as a formal Performance Indicator in the monthly reporting packs prepared by Southwest One. 2. No customer satisfaction surveys have been requested since October 2009, when the Survey Monkey tool was disabled. Customer satisfaction surveys provide a unique means of assessing how the Service Desk is perceived by IT users. Where the results of customer feedback do not form part of the performance reporting framework, there is a risk of this important service metric being overlooked. Medium Management should consider the reimplementation of customer satisfaction surveys as a means of capturing user feedback. In order to allow for adequate comparison, the same proportion of calls should be selected for feedback requests in each reporting period, and all instances of low satisfaction levels should be investigated by Service Desk Management Management should also consider designating the results of these surveys as a formal Performance indicator included in the monthly reporting packs presented by Southwest One. The Contract with Southwest One requires periodic customer satisfaction surveys but is not prescriptive. The response of the southwest One Head of ICT to this recommendation is: Providing a survey function is not within the scope of the replacement Service Desk tool; instead we will continue with annual customer surveys, which mirror those carried out within the other partner organisations. Southwest One Head of ICT, who is held to account by Retained Head of ICT 30 June 2010 Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 18

21 No. Rationale Priority Recommendation Action Plan, Responsibility and Service catalogue and self-help The Police intranet provides little information to IT users about the services provided by the Service Desk. Specifically, there is no service catalogue published, and there are no self-help pages available, whereby users can search for common fixes and/or log their own service requests. The absence of a self-help facility via the Service Desk intranet page increases the volume of incidents and service requests which require manual processing by the Service Desk. Low Management should consider publishing a Service Catalogue via the Police Intranet to educate users about the systems and Services supported by the IT Service Desk. This service catalogue should also document the associated support arrangements so that user expectations are appropriately managed. Accepted. Maximo self-help functionality is expected to be the ideal mechanism to provide this information. Southwest One Head of ICT, who is held to account by Retained Head of ICT Implementing a comprehensive service catalogue would also go some way to closing the expectations gap which commonly exists between IT users and the IT Service Desk Pending confirmation of Maximo availability Management should consider publishing self-help information via the Police Intranet to help users identify and fix common IT problems. The implementation of a real-time service Dashboard would also provide users with an up-to-date view of system availability. Accepted. Ideally via Maximo selfhelp but will pursue temporary arrangements via Intranet. Southwest One Head of ICT who is held to account by Retained Head of ICT Pending re-launch of new Constabulary Intranet Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 19

22 Appendix A - Definitions of audit opinion Management should be aware that our internal audit work was performed according to the Institute of Internal Auditors - UK and Ireland standards which are different from audits performed in accordance with International Standards on Auditing (UK and Ireland) issued by the Auditing Practices Board. Similarly, the assurance gradings provided in our internal audit report are not comparable with the International Standard on Assurance Engagements (ISAE 3000) issued by the International Audit and Assurance Standards Board. Definitions of assurance levels Level of Assurance Low Satisfactory Substantial Description The system of internal control does not meet minimum acceptable standards overall because control deficiencies exist, which could allow material losses to take place and not be detected. Whilst there is a basically sound system of internal control, there are weaknesses that put some of the system objectives at risk. The overall system of internal control may meet minimum acceptable standards overall but could be improved. Overall the system of internal control meets acceptable standards and provides reasonable, but not absolute, assurance that the process covered is reliable and material losses will be detected in the normal course of business. Definitions of risk levels Priority High Medium Low Description A critical control deficiency, which could allow material losses to take place and not be detected. Such a risk could lead to an adverse impact on the Police Service and expose the Authority and Senior Officers to criticism. Remedial action must be taken urgently. A control deficiency which could allow losses to take place. A process improvement opportunity that is not indicative of a control weakness but indicative of an opportunity for improvement in the efficiency or effectiveness of a process. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 20

23 Appendix B - Statement of responsibility We take responsibility for this report which is prepared on the basis of the limitations set out below. The matters raised in this report are only those which came to our attention during the course of our internal audit work and are not necessarily a comprehensive statement of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact before they are implemented. The performance of internal audit work is not and should not be taken as a substitute for management s responsibilities for the application of sound management practices. We emphasise that the responsibility for a sound system of internal controls and the prevention and detection of fraud and other irregularities rests with management and work performed by internal audit should not be relied upon to identify all strengths and weaknesses in internal controls, nor relied upon to identify all circumstances of fraud or irregularity. Auditors, in conducting their work, are required to have regards to the possibility of fraud or irregularities. Even sound systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud. Internal audit procedures are designed to focus on areas as identified by management as being of greatest risk and significance and as such we rely on management to provide us full access to their accounting records and transactions for the purposes of our audit work and to ensure the authenticity of these documents. Effective and timely implementation of our recommendations by management is important for the maintenance of a reliable internal control system. Deloitte LLP Bristol May 2010 In this document references to Deloitte are references to Deloitte LLP. Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC A list of members names is available for inspection at 2 New Street Square, London EC4A 3BZ, United Kingdom, the firm s principal place of business and registered office. Tel: +44 (0) Fax: +44 (0) Deloitte LLP is a member firm of Deloitte Touche Tohmatsu ( DTT ). DTT is a Swiss Verein (association), and, as such, neither DTT nor any of its member firms has any liability for each other s acts or omissions. Each member firm is a separate and independent legal entity operating under the names Deloitte, Deloitte & Touche, Deloitte Touche Tohmatsu, or other, related names. The services described herein are provided by the member firms and not by the DTT Verein. Deloitte LLP is authorised and regulated by the Financial Services Authority Deloitte LLP. All rights reserved. Avon and Somerset Police Authority - IT Service Desk - May 2010 Page 21

Dacorum Borough Council Final Internal Audit Report

Dacorum Borough Council Final Internal Audit Report Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service

More information

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set

More information

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader

More information

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 11/31 ICT Capacity Management FINAL REPORT June 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07,

More information

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating: Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management Assurance Rating: Distribution List: Final Report Audit Committee Principal Vice Principal, (Resources and Financial Planning)/Director

More information

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page

More information

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15 Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13

More information

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating: Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Aberdeen City Council IT Disaster Recovery

Aberdeen City Council IT Disaster Recovery Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

ITSM Process Description

ITSM Process Description ITSM Process Description Office of Information Technology Incident Management 1 Table of Contents Table of Contents 1. Introduction 2. Incident Management Goals, Objectives, CSFs and KPIs 3. Incident Management

More information

Internal Audit at the University of Cambridge.

Internal Audit at the University of Cambridge. Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc

More information

Report 6c. Final Internal Audit Report Network and Communications. April 2008

Report 6c. Final Internal Audit Report Network and Communications. April 2008 Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results

More information

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Internal Audit Report () FINAL Risk Management: Follow Up of Previous Internal Audit Recommendations

More information

ISO 20000-1:2005 Requirements Summary

ISO 20000-1:2005 Requirements Summary Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service

More information

Draft Internal Audit Report Software Licensing Audit. December 2009

Draft Internal Audit Report Software Licensing Audit. December 2009 Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

Aberdeen City Council IT Asset Management

Aberdeen City Council IT Asset Management Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

ITIL v3 Incident Management Process

ITIL v3 Incident Management Process ITIL v3 Process...restoring normal service operation as soon as possible Content Key definitions Incident Lifecycle Purpose and Objectives Value to business Incident Priority Incident Priority and Target

More information

Aberdeen City Council IT Governance

Aberdeen City Council IT Governance Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or

More information

Process Description Incident/Request. HUIT Process Description v6.docx February 12, 2013 Version 6

Process Description Incident/Request. HUIT Process Description v6.docx February 12, 2013 Version 6 Process Description Incident/Request HUIT Process Description v6.docx February 12, 2013 Version 6 Document Change Control Version # Date of Issue Author(s) Brief Description 1.0 1/21/2013 J.Worthington

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

South Northamptonshire Council

South Northamptonshire Council South Northamptonshire Council Windows Active Directory Final Internal Audit Report - September Distribution list: Mike Shaw IT & Customer Services Manager David Price Director of Community Engagement

More information

Following up recommendations/management actions

Following up recommendations/management actions 09 May 2016 Following up recommendations/management actions Chartered Institute of Internal Auditors At the conclusion of an audit, findings and proposed recommendations are discussed with management and

More information

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS

IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor

More information

Communicate: Data Service Level Agreement. Author: Service Date: October 13. Communicate: Data Service Level Agreementv1.

Communicate: Data Service Level Agreement. Author: Service Date: October 13. Communicate: Data Service Level Agreementv1. Communicate: Data Service Level Agreement Author: Service Date: October 13 Communicate: Data Service Level Agreementv1.1 Page 1 of 12 Contents 1. Scope 3 2. Service Definitions 3 3. Service Provision 3

More information

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll

Coleg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll Coleg Gwent Internal Audit Report 2012/13 Payroll and HR Assurance Rating: Payroll HR Distribution List: Final Report Audit Committee Principal Vice Principal, (Finance, Estates and Information Services)

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0 ITIL by Test-king Number: ITIL-F Passing Score: 800 Time Limit: 120 min File Version: 15.0 Sections 1. Service Management as a practice 2. The Service Lifecycle 3. Generic concepts and definitions 4. Key

More information

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Processes and Best Practices Guide (Codeless Mode)

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Processes and Best Practices Guide (Codeless Mode) HP Service Manager Software Version: 9.40 For the supported Windows and Linux operating systems Processes and Best Practices Guide (Codeless Mode) Document Release Date: December, 2014 Software Release

More information

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF INCIDENT AND PROBLEM MANAGEMENT

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF INCIDENT AND PROBLEM MANAGEMENT Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF INCIDENT AND PROBLEM MANAGEMENT DISTRIBUTION LIST Audit Team David Esling, Head of Audit Assurance, Risk

More information

Business Planning & Budgetary Control 2012/13

Business Planning & Budgetary Control 2012/13 Cymdeithas Tai Cantref Cyf Final Internal Audit Report Business Planning & Budgetary Control 2012/13 Date of fieldwork: October November 2012 Date of draft report: November 2012 Date of final report: November

More information

Auxilion Service Desk as a Service. Service Desk as a Service. Date January 2015. www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1

Auxilion Service Desk as a Service. Service Desk as a Service. Date January 2015. www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1 Title Service Desk as a Service Date January 2015 www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1 1. Disclaimer All information contained in this document is provided in confidence to the

More information

Problem Management Fermilab Process and Procedure

Problem Management Fermilab Process and Procedure Management Fermilab Process and Procedure Prepared for: Fermi National Laboratory June 12, 2009 Page 1 of 42 GENERAL Description Purpose Applicable to Supersedes This document establishes a Management

More information

INCIDENT MANAGEMENT SCHEDULE

INCIDENT MANAGEMENT SCHEDULE INCIDENT MANAGEMENT SCHEDULE FAULT REPORTING & ESCALATION PUBLIC DE4 LIMITED 15/01/2014 INCIDENT MANAGEMENT SCHEDULE FAULT REPORTING & ESCALATION PROCEDURE In the event that you become aware of any fault

More information

TechExcel. ITIL Process Guide. Sample Project for Incident Management, Change Management, and Problem Management. Certified

TechExcel. ITIL Process Guide. Sample Project for Incident Management, Change Management, and Problem Management. Certified TechExcel ITIL Process Guide Sample Project for Incident Management, Management, and Problem Management. Certified Incident Management Red Arrows indicate that the transition is done automatically using

More information

ITIL Roles Descriptions

ITIL Roles Descriptions ITIL Roles s Role Process Liaison Incident Analyst Operations Assurance Analyst Infrastructure Solution Architect Problem Manager Problem Owner Change Manager Change Owner CAB Member Release Analyst Test

More information

Contact / Escalation Guide. For OPENHIVE Managed Services provided by Capita. Version 6.0

Contact / Escalation Guide. For OPENHIVE Managed Services provided by Capita. Version 6.0 Contact / Escalation Guide For OPENHIVE Managed Services provided by Capita Version 6.0 Contents Document Control...3 Background and Scope...4 Capita contact information...4 Service Desk Team...4 Direct

More information

EXIN.Passguide.EX0-001.v2014-10-25.by.SAM.424q. Exam Code: EX0-001. Exam Name: ITIL Foundation (syllabus 2011) Exam

EXIN.Passguide.EX0-001.v2014-10-25.by.SAM.424q. Exam Code: EX0-001. Exam Name: ITIL Foundation (syllabus 2011) Exam EXIN.Passguide.EX0-001.v2014-10-25.by.SAM.424q Number: EX0-001 Passing Score: 800 Time Limit: 120 min File Version: 24.5 http://www.gratisexam.com/ Exam Code: EX0-001 Exam Name: ITIL Foundation (syllabus

More information

Contact / Escalation Guide. For OPENHIVE Managed Services provided by Capita. Version 3.0

Contact / Escalation Guide. For OPENHIVE Managed Services provided by Capita. Version 3.0 Contact / Escalation Guide For OPENHIVE Managed Services provided by Capita Version 3.0 Contents Document Control...3 Background and Scope...4 Capita contact information...4 Service Desk Team...4 Direct

More information

A Guide to Categories & SLA Management

A Guide to Categories & SLA Management A Guide to Categories & SLA Management 1. Introduction Calls can be logged quickly and efficiently in SupportDesk using selection Categories within the call screen and these categories can match the conditions

More information

Problem Management: A CA Service Management Process Map

Problem Management: A CA Service Management Process Map TECHNOLOGY BRIEF: PROBLEM MANAGEMENT Problem : A CA Service Process Map MARCH 2009 Randal Locke DIRECTOR, TECHNICAL SALES ITIL SERVICE MANAGER Table of Contents Executive Summary 1 SECTION 1: CHALLENGE

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft

More information

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 6 4 Our

More information

IT SERVICE MANAGEMENT POLICY MANUAL

IT SERVICE MANAGEMENT POLICY MANUAL IT SERVICE MANAGEMENT POLICY MANUAL Version - 1.0 SATYAM COMPUTER SERVICES LIMITED Satyam Infocity Unit 12, Plot No. 35/36 Hi-tech City layout Survey No. 64 Madhapur Hyderabad - 500 081 Andhra Pradesh

More information

Cumbria Constabulary. Business Continuity Planning

Cumbria Constabulary. Business Continuity Planning Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market

More information

REVIEW OF THE FIREWALL ARRANGEMENTS

REVIEW OF THE FIREWALL ARRANGEMENTS WEST DORSET DISTRICT COUNCIL REVIEW OF THE FIREWALL ARRANGEMENTS Report issued: December 2007 The matters raised in this report are only those, which came to the attention of the auditor during the course

More information

INS Problem Management Manual

INS Problem Management Manual INS Problem Management Manual Process, Policies & Procedures Version 0.4 Draft Ver 0.4 INS Problem Management Manual.doc Page 1 of 47 Document Control Document Versions Date Version Person Changing Brief

More information

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011

SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07 between South

More information

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning

More information

Growth by acquisition.

Growth by acquisition. Forward thinking Growth by acquisition. A practical guide for owner-managed businesses Acquisitions can be an excellent means of enhancing shareholder value in a privately owned business. However, selecting

More information

SapphireIMS 4.0 Service Desk Feature Specification

SapphireIMS 4.0 Service Desk Feature Specification SapphireIMS 4.0 Service Desk Feature Specification v1.4 All rights reserved. COPYRIGHT NOTICE AND DISCLAIMER No parts of this document may be reproduced in any form without the express written permission

More information

CIIA South West Analytics in Internal Audit - Tackling Fraud

CIIA South West Analytics in Internal Audit - Tackling Fraud CIIA South West Analytics in Internal Audit - Tackling Fraud 10 December 2014 Agenda Intro to Analytics When to use analytics and how to get started Risk Monitoring and Control Automation Common Pitfalls

More information

Infasme Support. Incident Management Process. [Version 1.0]

Infasme Support. Incident Management Process. [Version 1.0] Infasme Support Incident Management Process [Version 1.0] Table of Contents About this document... 1 Who should use this document?... 1 Summary of changes... 1 Chapter 1. Incident Process... 3 1.1. Primary

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

Audit of Business Continuity Planning

Audit of Business Continuity Planning Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),

More information

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:

More information

Problem Management Why and how? Author : George Ritchie, Serio Ltd email: george dot- ritchie at- seriosoft.com

Problem Management Why and how? Author : George Ritchie, Serio Ltd email: george dot- ritchie at- seriosoft.com Problem Management Why and how? Author : George Ritchie, Serio Ltd email: george dot- ritchie at- seriosoft.com Page 1 Copyright, trademarks and disclaimers Serio Limited provides you access to this document

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office IT Procurement Review Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Last updated 18 June 2012 Will Simpson Senior Manager T: 0161 953 6486 E: will.g.simpson@uk.gt.com

More information

IRCA Briefing note ISO/IEC 20000-1: 2011

IRCA Briefing note ISO/IEC 20000-1: 2011 IRCA Briefing note ISO/IEC 20000-1: 2011 How to apply for and maintain Training Organization Approval and Training Course Certification IRCA 3000 Contents Introduction 3 Summary of the changes within ISO/IEC

More information

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee

More information

Customer Guide Helpdesk & Product Support. [Customer Name] www.four.co.uk Page 1 of 13

Customer Guide Helpdesk & Product Support. [Customer Name] www.four.co.uk Page 1 of 13 Customer Guide Helpdesk & Product Support [Customer Name] www.four.co.uk Page 1 of 13 Table of Contents HELP DESK AND PRODUCT SUPPORT SUMMARY... 3 1 FOUR HELP DESK STRUCTURE AND CALL ESCALATION... 6 2

More information

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions SCHEDULE 4 KEY PERFORMANCE INDICATORS, SERVICE LEVELS AND

More information

Managed Desktop Support Services

Managed Desktop Support Services managed enterprise technologies Managed Desktop Support Services MET Managed Desktop Support Service Most organisations spend lots of time and money trying to manage complex desktop environments and worrying

More information

Governance and Audit Committee 23 November 2015

Governance and Audit Committee 23 November 2015 Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on

More information

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Incident Management help topics for printing

HP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Incident Management help topics for printing HP Service Manager Software Version: 9.34 For the supported Windows and UNIX operating systems Incident Management help topics for printing Document Release Date: July 2014 Software Release Date: July

More information

Introduction to ITIL: A Framework for IT Service Management

Introduction to ITIL: A Framework for IT Service Management Introduction to ITIL: A Framework for IT Service Management D O N N A J A C O B S, M B A I T S E N I O R D I R E C T O R C O M P U T E R O P E R A T I O N S I N F O R M A T I O N S Y S T E M S A N D C

More information

Incident Management Policy

Incident Management Policy Incident Management Policy Author: DCC Date: 9th May 2014 Page 1 of 10 Contents 1 Incident Management Policy 3 1.1 Incident Management Policy General Provisions 3 1.2 Pre-requisites to log an Incident

More information

Incident Management Policy

Incident Management Policy Incident Management Policy Draft SEC Subsidiary Document DCC Public 01 July 2015 BASELINED VERSION 1 DEFINITIONS Term Black Start CPNI Code of Connection Crisis Management Disaster HMG Incident Party Interested

More information

ITSM Maturity Model. 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident management process exists

ITSM Maturity Model. 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident management process exists Incident ITSM Maturity Model 1- Ad Hoc 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimizing No standardized incident process exists Incident policies governing incident Incident urgency, impact and priority

More information

Solvency II Data audit report guidance. March 2012

Solvency II Data audit report guidance. March 2012 Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the

More information

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES IN CONFIDENCE TABLE OF CONTENTS 1 CONTACT DETAILS 1 1.1 The Client Contract Management

More information

University of Waikato Change Management Process

University of Waikato Change Management Process 1. Overview Information Technology Services and the Faculty and Division ICT staff have adopted the Information Technology Infrastructure Library (ITIL) systems management framework as its model for best

More information

The Internal Audit fraud challenge Prevention, protection, detection

The Internal Audit fraud challenge Prevention, protection, detection The Internal Audit fraud challenge Prevention, protection, detection Contents Introduction to survey 1 Key findings 2 What are the views of senior management? 3 Adequately resourced? 6 Current trends and

More information

BCS Specialist Certificate in Service Desk & Incident Management Syllabus

BCS Specialist Certificate in Service Desk & Incident Management Syllabus BCS Specialist Certificate in Service Desk & Incident Management Syllabus Version 1.8 March 2015 BCS Specialist Certificate in Service Desk & Incident Management Syllabus Contents Change History... 2 Rationale...

More information

REPORT 2014/001 INTERNAL AUDIT DIVISION. Audit of information and communications technology help desk operations at United Nations Headquarters

REPORT 2014/001 INTERNAL AUDIT DIVISION. Audit of information and communications technology help desk operations at United Nations Headquarters INTERNAL AUDIT DIVISION REPORT 2014/001 Audit of information and communications technology help desk operations at United Nations Headquarters Overall results relating to the adequacy and effectiveness

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Fermilab Computing Division Service Level Management Process & Procedures Document

Fermilab Computing Division Service Level Management Process & Procedures Document BMC Software Consulting Services Fermilab Computing Division Process & Procedures Document Client: Fermilab Date : 07/07/2009 Version : 1.0 1. GENERAL Description Purpose Applicable to Supersedes This

More information

Audit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance

Audit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance Audit Report for South Lakeland District Council People and Places Directorate Neighbourhood Services Audit of Grounds Maintenance Cumbria Shared Internal Audit Service: Internal Audit Report 7 th November

More information

South Northamptonshire Council Contract Assurance: Leisure Contract

South Northamptonshire Council Contract Assurance: Leisure Contract South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013 Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year

More information

The Value of ITIL to IT Audit

The Value of ITIL to IT Audit The Value of ITIL to IT Audit HP Suen Chairman 9 August 2005 IT Infrastructure Library 1 ITIL Best practice in IT Service management, developed by Office of Government Commerce (OGC), UK in the late 1980s.

More information

Keywords: Escalation, Incident, Management, Process

Keywords: Escalation, Incident, Management, Process Escalation Management as the Necessary Form of Incident Management Process Malega Peter Assistant Professor, Technical University of Košice, Faculty of Mechanical Engineering, Department of Mechanical

More information

Bloom Enhanced Performance Monitoring Service Level Agreement

Bloom Enhanced Performance Monitoring Service Level Agreement Bloom Enhanced Performance Monitoring Service Level Agreement 1 SERVICE DESCRIPTION The Enhanced Performance Monitoring Service provides an enterprise-class level of assurance with regards to the performance

More information

West Dunbartonshire Council. Follow-up data protection audit report

West Dunbartonshire Council. Follow-up data protection audit report West Dunbartonshire Council Follow-up data protection audit report Auditors: Lee Taylor (Audit Team Manager) Jonathan Kay (Engagement Lead Auditor) Data controller contacts: Michael Butler (Data Protection/Information

More information

Problem Management ITIL v3 Problem Management Process

Problem Management ITIL v3 Problem Management Process ITIL v3 Process...root cause analysis Content Key definitions Purpose and Objectives Opening problem scenarios Scope Value to business Problem models Reactive and proactive problem management Process Workflow

More information

Applying ITIL v3 Best Practices

Applying ITIL v3 Best Practices white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version

More information

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion

Essex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion Essex Fire Authority Fleet Management Internal Audit Report (4.12/13) 28 February 2013 FINAL Overall Opinion Essex Fire Authority Fleet Management 4.12/13 CONTENTS Section Page Executive Summary 1 Action

More information

ITIL Introducing service operation

ITIL Introducing service operation ITIL Introducing service operation This document is designed to answer many of the questions about IT service management and the ITIL framework, specifically the service operation lifecycle phase. It is

More information

DRAFT Version 1.0 Proposal to Implement the Information Technology Infrastructure Library Framework for IT Service Management

DRAFT Version 1.0 Proposal to Implement the Information Technology Infrastructure Library Framework for IT Service Management Proposal to Implement the Information Technology Infrastructure Library Framework for IT Service Management Prepared for the ITM By Hamish Duff in consultation with the ITIL Implementation Working Party

More information

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10)

Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10) Internal Audit Report 1 June 2010 Business Continuity Plan Test Post Implementation Review (PIR) CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations 5 Debrief meeting 28

More information

Customer Service Charter TEMPLATE. Customer Service Charter Version: 0.1 Issue date :

Customer Service Charter TEMPLATE. Customer Service Charter Version: 0.1 Issue date : Customer Service Charter TEMPLATE Customer Service Charter Version: 0.1 Issue date : Document Information Document Name Document Overview Author Approver Document Owner Document Owner Telephone Document

More information

SCHEDULE 3. Milestones and Deliverables. Redacted Version

SCHEDULE 3. Milestones and Deliverables. Redacted Version SCHEDULE 3 Milestones and Deliverables Redacted Version This Schedule 3 sets out the Service Provider s obligations in respect of the milestones and deliverables relating to the implementation and operation

More information

Internal Audit Report 2010/11 North Norfolk District Council. February 2011

Internal Audit Report 2010/11 North Norfolk District Council. February 2011 Internal Audit Report 2010/11 North Norfolk District Council NN/11/17 Network Infrastructure, Security and Telecommunications February 2011 This report has been prepared on the basis of the limitations

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Link-Connect Service Level Agreement

Link-Connect Service Level Agreement Link-Connect Service Level Agreement (Frequency: Monthly) Link-Connect Services Ltd Frensham House Farnham Business Park Weydon Lane, Farnham Surrey, GU9 8QT T: 01252 740800 W: www.link-connect.com Linking

More information

Yale University Incident Management Process Guide

Yale University Incident Management Process Guide Yale University Management Process Guide Yale University Management Process 1 of 17 Introduction Purpose This document will serve as the official process of Management for Yale University. This document

More information

Incident Management: A CA IT Service Management Process Map

Incident Management: A CA IT Service Management Process Map TECHNOLOGY BRIEF: INCIDENT MANAGEMENT ITSM PROCESS MAP Incident Management: A CA IT Service Management Process Map Peter Doherty CA TECHNICAL SALES Table of Contents Executive Summary SECTION 1: CHALLENGE

More information

Serious Incident Framework 2015/16- frequently asked questions

Serious Incident Framework 2015/16- frequently asked questions Serious Incident Framework 2015/16- frequently asked questions NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning

More information

X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3

X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3 X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3 Date : 09/08/06 Issue: 6 This is an unpublished work the copyright in which vests in X2 Connect Limited. All rights reserved. The

More information