IT Outsourced Services. Preliminary Survey
|
|
- Lilian Preston
- 8 years ago
- Views:
Transcription
1 IT Outsourced Services Preliminary Survey April 2013
2 TABLE OF CONTENTS 1.0 INTRODUCTION STATEMENT OF CONFORMANCE KEY SURVEY OBSERVATIONS RECOMMENDATIONS AND MANAGEMENT RESPONSE... 5 OVERALL MANAGEMENT RESPONSE CONCLUSION SURVEY OBSERVATIONS APPENDICES Appendix A: Risk Profile
3 1.0 INTRODUCTION The Canada Border Services Agency (CBSA) has historically obtained a number of its information technology (IT) services from outside government departments (OGD) and third parties. In the fiscal year, the Agency spent roughly $180 million on outsourced IT services, which represents about 60% of the Agency s IT budget. The Canada Revenue Agency (CRA) was the major service provider to the CBSA with an allocation of $165 million in After the customs function of the former Canada Customs and Revenue Agency (CCRA) was transferred to the CBSA, the two agencies continued to share a common network and infrastructure. The Agency s other Government of Canada IT service providers include: Shared Services Canada (SSC); Citizenship and Immigration Canada (CIC); Foreign Affairs and International Trade (DFAIT); Public Works and Government Services Canada (PWGSC); and Third party service providers managed by the CBSA. The audit of IT outsourced services was included in the Risk-Based Audit Plan: to and approved by the CBSA Audit Committee. At the time, CBSA management identified several risks associated with the relationships with existing service providers including the inability to maximize value for money, and service providers having competing priorities and not being positioned to meet future CBSA requirements. The initial audit objectives aimed to assess controls within the processes of managing the provision of IT services and measuring the performance of services. The service provision landscape changed significantly for the CBSA due to a major policy decision within the Government of Canada to centralize infrastructure services with the creation of Shared Services Canada (SSC). Created in August of 2011, SSC was established to consolidate, streamline and improve information technology infrastructure services across the federal government. SSC's mandate is to leverage economies of scale to provide all federal organizations with access to reliable, efficient, and secure IT infrastructure services. SSC inherited a number of IT services previously provided by the CRA with the responsibility for data centres, , data and telephony networks. Consequently, the CRA is no longer the main provider of infrastructure services to the CBSA; however the CRA will continue to provide distributed computing services (e.g. desktop support in regions), application and database support, IT security services and IT program management services to the CBSA, at an annual cost of roughly $56 million. These services are presently under review to assess the future of these services with the CRA. 3
4 Based on a series of executive level discussions, it was determined that the best approach for this audit was to complete the planning phase for the audit and return to the Audit Committee to determine the value of moving forward with an audit at this time. This preliminary survey covers the period from February, 2012 to October, It aims to understand the risks associated with services previously provided by the CRA due to the magnitude of costs and importance to the CBSA s operations. A preliminary survey provides an understanding of risks prior to conducting an audit, and offers the following advantages: Helps clarify the objectives and scope of the audit; Helps focus audit resources to significant risks, thereby providing greater value to management; Provides a better understanding of the activity being reviewed; and Determines what needs to be done, how and when. 2.0 STATEMENT OF CONFORMANCE This preliminary survey conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of the quality assurance and improvement program. The approach and methodology for this preliminary survey followed the International Standards for the Professional Practice of Internal Auditing as defined by the Institute of Internal Auditors and the Internal Auditing Standards for the Government of Canada as required by the Treasury Board Internal Audit Policy. This preliminary survey provides a low level of assurance. 3.0 KEY SURVEY OBSERVATIONS Since the establishment of the Canada Border Services Agency in December 2003, both the CBSA and the CRA have worked towards building a mature process for managing shared information technology services. The relationship has evolved and improved from a simple separation of budget to the creation of joint CBSA/CRA committees and the establishment of clearer service definitions and service level agreements. With the creation of Shared Services Canada, the service management processes among the three organizations require clarification and refinement to address the complexity of operations and processes of service management, demand management and financial management. The service arrangement with CRA requires further development of the Client/Service Provider model to advance its maturity. Service definition and service level agreements require further definition. While the service catalogue included service description, features, availability, price and service owner, there were limitations as the information was noted as either pending or generic. With respect to costing information, progress was made, however, the financial framework and processes were not always clear and accessible in a manner that would allow management to sufficiently understand costs and benefits. Preliminary discussions are underway to explore options on the role of the CRA in providing services to 4
5 the CBSA. This is to include an analysis to assess whether the CRA should continue to provide services to the CBSA or whether services will be transitioned to other service providers or back to the CBSA. The service relationship with Shared Services Canada is at its initial stages, where governance within the CBSA and with SSC needs to be defined. The CBSA and SSC have agreed to an operating protocol that lists operating assumptions during the transition period and have established a business continuity framework to ensure the continuity of operations while SSC is being established. However, there are risks that service arrangements, performance and processes are insufficiently specified to meet the CBSA s business needs over time. 4.0 RECOMMENDATIONS AND MANAGEMENT RESPONSE OVERALL MANAGEMENT RESPONSE The Information, Science and Technology Branch (ISTB) agrees that a full audit at the outset of Shared Services Canada s (SSC) mandate for Government of Canada (GC) data centres, e- mail and networks is not appropriate. The ISTB also agrees that the significant amount of change in the GC IT services environment, brought about by the creation of SSC, has impacts beyond the services provided directly by SSC. The relationship of the CBSA to the Canada Revenue Agency (CRA) is also undergoing transformation. Portions of the CRA IT organization that formerly provided services to the CBSA were transferred to SSC. The services that the CRA continues to provide to the CBSA are currently being analysed to determine whether the service model is optimal or if changes should be implemented to ensure value for money and service quality. The transformation agenda currently being pursued in GC IT services generally creates an environment of elevated risk due to the amount of change being implemented. The ISTB is taking appropriate measures to identify and manage risk, and to ensure the continuity and stability of important outsourced IT services. Recommendation 1: The Vice-President of the Information, Science and Technology Branch should develop an action plan to manage and mitigate the risks associated with IT outsourced services from CRA and SSC, including establishing performance measures for these services. 5
6 MANAGEMENT ACTION PLAN The ISTB has initiatives underway that are consistent with the recommendation of this report. With regard to the services provided by the CRA, the ISTB has: Initiated a review of the six service areas provided to the CBSA by the CRA with a view to determining the best sourcing of services based on service alignment, quality and dollar value. It is expected that some services will be repatriated to the CBSA and some will remain outsourced to the CRA or an alternate service provider. Defined service management processes in place for IT services provided by the CRA including a service level agreement that defines service deliverables and performance expectations. These service management processes will continue to be reviewed and adjusted on an ongoing basis to ensure alignment with altered or new service arrangements. Used the Profile of GC IT Services to categorize its operational areas by function to support the transfer of resources to SSC in 2011, as well as to manage the service relationship with the CRA during service management and repatriation discussions that began in As part of the current analysis of the CRA services repatriation, the CRA services are being aligned to the Profile of GC IT service. The analysis is expected to be completed by March Engaged actively with the CRA to clarify the services provided to the CBSA by the CRA and implement a management framework that links those services to costs and performance metrics. Existing quarterly service reports are being updated to include improved service metrics. With regard to SSC, the ISTB has advanced the following initiatives, some of which are completed and others are under development. As the relationship matures and through lessons learned, we will continue to solidify the operating models and engagement strategy over the course of the following year. The ISTB has: DATE March 2014 December 2014 Defined the CBSA Ecosystem, describing the complexities of the multidepartment, multisystem CBSA IT infrastructure, service and interconnection environment 6
7 required to support secure and efficient border management. Defined priority services and established performance expectations particularly related to the monitoring, response and management of the infrastructure and systems contained in the CBSA Ecosystem, irrespective of the lead department. Engaged SSC in the definition of governance processes in multiple streams: e.g. operational governance, joint funding submission and project governance, governance around strategic planning priority setting. With the High Availability Response Team (HART), implemented a systematic, interdepartmental process to monitor the performance of critical IT systems and infrastructure, and provide senior management visibility into IT incident management for critical departmental activities. 5.0 CONCLUSION Given the transition point with SSC, and the implications to the arrangement with the CRA, it is recommended that the audit be deferred at this time. Internal audit will monitor the implementation of the recommendation(s) and conduct an audit in the fiscal year. Future audits are expected to evaluate some or all of the controls over outsourced services including aspects such as the achievement of business requirements, compliance with the contract, relationship management, functionality and controls of provided services, fulfillment of assurance requirements and governance from the CBSA`s perspective. This should be accomplished to advocate the interests of the CBSA, wherein there is a common understanding of the boundaries of audits including the defined audit rights, and the functionality and controls provided by service providers. 6.0 SURVEY OBSERVATIONS 1. The relationship between the CRA and CBSA has evolved and improved since the establishment of the CBSA in Since the establishment of the Canada Border Services Agency in December 2003, both the CBSA and CRA have worked towards building a mature process for managing shared information technology services. There have been improvements in the governance processes that have evolved from a simple separation of budget to the creation of CRA/CBSA joint 7
8 committees and the establishment of clearer service definitions and service level agreements. With the creation of Shared Services Canada, the service management processes among the three organizations require clarification and refinement to address the complexity of operations and processes of service management, demand management and financial management. The CBSA and CRA have established a framework 1 to strengthen collaboration between entities, provide guidance and establish an escalation process. Both parties have defined a governance framework with multiple touch points including defined meetings and fora. The CRA / CBSA joint committees were also established with terms of reference to manage the provision of IT services. Figure 1: CBSA-CRA Relationship CBSA is created in December 2003, sharing a common infrastructure with CRA. The MOU is established to 2005: Incremental costs are added to the initial transfer amounts to 2009: A governance framework is finalized to 2010: A services catalogue is created, and service level agreements are signed to 2011: Improvements are made to the Governance Framework, MOU and SLAs. Governance needs to be revisited after the transition of core infrastructure services to Shared Services Canada : MOU is revised to include improved service definitions. 1 CRA CBSA Governance Framework for the Provision of IT Services (Aug 2011). 8
9 2. The service arrangement with CRA requires further development of the Client / Service Provider model to advance its maturity. The service arrangement between the CRA and CBSA was based on a shared environment and capacity, and initially not on a shared services model. Over the years, the agencies made efforts to move towards a shared service provider relationship with, for example, the definition of a governance structure and a memorandum of understanding (MOU). Given the nature of the relationship that originated based on a shared IT environment, there was no incentive to further define the relationship, including a comprehensive service catalogue or service level agreements. Information on cost drivers such as the number of databases hosted, or switches were largely available but not employed to determine service costs due to the nature of the relationship. Service definition and service level agreements (SLA) require further definition. The Data and Technology Infrastructure Management (DTIM) Core Services Catalogue2 provides documentation of the IT services that DTIM provided to IT clients at the CBSA. The service catalogue included the service description, service features, availability and service level, price and service owner. There were some limitations, where pricing information was not readily provided within the service catalogue; the information was either noted as pending or generic (e.g. this service is priced on a project-by-project basis). Additionally, service levels were not detailed, wherein mostly generic availability indicators were documented (e.g. 24/7 operations). In addition to the limitations of the service catalogue, the service level agreements had certain limits: There were limited service level objectives metrics defined. Generally, availability is employed as the key metric. Aside from work order-driven services, the prices of services were not indicated based on quantity or usage. 3. Progress made within the CRA and CBSA service arrangement does not provide accessible and clear costing information to CBSA management. Progress was made to enhance cost management practices, particularly for work order-driven services, however the financial framework and processes were not always clear and accessible in a manner that would allow management to sufficiently understand costs and benefits
10 The preliminary survey found that although not fully transparent to CBSA management, a costing model was employed for some services. For example, fees associated with a new network connection for a building were subject to a costing formula denoting that costs were assessed based on factors such as resource costs and usage. For a new network connection, the first year would involve the creation of a work order, which would include the costs for resources (salary), bandwidth and equipment. In the second year maintenance costs would be calculated based on administrative charges per month, an asset replacement fee, and usage (e.g. costs for bandwidth). However, the methodology was not always clear or available to CBSA management. At present, service definitions do not clearly reflect cost drivers such as resource and usage costs. 4. The CBSA relationship with Shared Services Canada is in its initial stages, where governance needs to be defined. There are risks that service arrangements and processes are insufficiently specified to meet the CBSA s business needs over time. The CBSA relationship with Shared Services Canada is in its initial stages, and challenges have arisen during the transition to Shared Services Canada, including the level of control that the CBSA can expect over service levels and costs. Risks associated with effective service delivery have increased due to the absence of a formal governance framework and other elements, such as the lack of a tailored service catalogue and formalized agreements such as an MOU and SLAs. The governance framework previously defined between the CRA and CBSA is not present with Shared Services Canada. In addition, SSC provides generic service descriptions based on the Treasury Board definitions. A service catalogue has not been developed that is specific to the CBSA s service needs. Finally, agreements such as MOUs and SLAs have not been established between the CBSA and SSC, who have agreed to an operating protocol that lists operating assumptions during the transition period. Additionally, a business continuity framework is established to ensure the continuity of operations while SSC is being established. Given the government-wide SSC mandate, the establishment of stronger governance arrangements between SSC and the CBSA is not a priority in the near future. Rather SSC plans to address its service standards and relationship to its full client base, which it refers to as partner departments. This does present associated risks for the CBSA to manage, including: SSC s ability to deliver services in a secure and efficient manner while meeting CBSA business standards and complying with legal and regulatory requirements. The CBSA/SSC governance process that includes processes for defining service requirements, service definitions, agreements, and performance expectations and targets. 10
11 5. Preliminary discussions are underway to explore options on the role of the CRA in providing services. This includes an analysis to assess whether the CRA should continue to provide services to the CBSA or whether services will be transitioned to other service providers or back to the CBSA. Shared Services Canada is now responsible for the network, and data centre services. The CRA provides desktop support in the regions, some IT Security, the desktop image, and support of application deployment and other services. The preliminary survey found that there are discussions underway between the CBSA and CRA to evaluate the remaining services with the CRA to determine: whether services will remain with the CRA; whether services will be repatriated to the CBSA; and whether services will be transferred to other service providers such as SSC. The expected outcomes include better definition of service relationships of the CBSA with both SSC and the CRA, to clarify organizational roles and manage complexity. The organizations plan to detail costs for each service to the degree possible as part of this exercise. There are risks that service arrangements and processes are insufficiently specified to meet the CBSA s business needs over time. The governance framework will require revisions along with the service definitions within the service catalogue and the service level agreements for critical IT services. An SLA is one of the primary metrics used to measure performance. 11
12 7.0 APPENDICES Appendix A: Risk Profile 3 The resulting risk profile includes a determination of exposures based on the work performed during the preliminary survey, wherein control practices for areas of higher risk should be further assessed. The risk profile is an aggregate of risk exposures for the CRA and SSC; given the risks associated with a large-scale change of service providers, it is expected that the risk exposures have increased. Control Description Potential Risk Exposure Managing the Provision of IT Services DS1.1 Service Level Management Framework DS2.1 Identification of All Supplier Relationships DS1.2 Definition of Services DS2.2 Supplier Relationship Management Define a framework that provides a formalized service level management process between the customer and service provider. The framework should maintain continuous alignment with business requirements and priorities and facilitate common understanding between the customer and provider(s). Identify all supplier services, and categorize them according to supplier type, significance and criticality. Maintain formal documentation of technical and organizational relationships covering the roles and responsibilities, goals, expected deliverables, and credentials of representatives of these suppliers. Base definitions of IT services on service characteristics and business requirements. Ensure that they are organized and stored centrally via the implementation of a service catalogue portfolio approach. Formalize the supplier relationship management process for each supplier. The relationship owners should liaise on customer and supplier issues and ensure the quality of the relationship based on trust and transparency (e.g., through SLAs). 3 Based on Cobit 4.1, Information Systems Audit and Control Association (ISACA). 12
13 DS2.3 Supplier Risk Management DS1.3 Service Level Agreements PO5.1 Financial Management Framework PO5.4 Cost Management PO5.5 Benefit Management ME1.1 Monitoring Approach DS1.5 Monitoring and Reporting of Service Level Achievements ME4.3 Value Delivery Legend: Risks have increased Risk exposures remain the same Identify and mitigate risks relating to suppliers ability to continue effective service delivery in a secure and efficient manner on a continual basis. Ensure that contracts conform to universal business standards in accordance with legal and regulatory requirements. Define and agree to SLAs for all critical IT services based on customer requirements and IT capabilities. This should cover customer commitments; service support requirements; quantitative and qualitative metrics for measuring the service signed off on by the stakeholders; funding and commercial arrangements. Performance Measurement Establish and maintain a financial framework to manage the investment and cost of IT assets and services through portfolios of IT enabled investments, business cases and IT budgets. Implement a cost management process comparing actual costs to budgets. Costs should be monitored and reported. Where there are deviations, these should be identified in a timely manner and the impact of those deviations on programs should be assessed. Implement a process to monitor the benefits from providing and maintaining appropriate IT capabilities. IT s contribution to the business, either as a component of IT-enabled investment programs or as part of regular operational support, should be identified and documented in a business case, agreed to, monitored and reported. Establish a general monitoring framework and approach to define the scope, methodology and process to be followed for measuring IT s solution and service delivery, and monitor IT s contribution to the Agency. Integrate the framework with the corporate performance management system. Continuously monitor specified service level performance criteria. Reports on achievement of service levels should be provided in a format that is meaningful to the stakeholders. The monitoring statistics should be analysed and acted upon to identify negative and positive trends for individual services as well as for services overall. Manage IT-enabled investment programs and other IT assets and services to ensure that they deliver the greatest possible value in supporting the enterprise s strategy and objectives. 13
IT Infrastructure Audit
IT Infrastructure Audit Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate June 2011 Cette publication est également disponible en français. This publication is
More informationStatus Report of the Auditor General of Canada to the House of Commons
2011 Status Report of the Auditor General of Canada to the House of Commons Chapter 1 Financial Management and Control and Risk Management Office of the Auditor General of Canada The 2011 Status Report
More informationFinal Report. Audit of the Project Management Framework. December 2014
Final Report Audit of the Project Management Framework December 2014 Audit of the Project Management Framework Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationEnterprise IT Portfolio Governance and Management Model
STATE OF MICHIGAN Department of Information Technology Enterprise IT Portfolio Governance and Management Model NASCIO 2007 RECOGNITION AWARDS CATEGORY: IT PROJECT AND PORTFOLIO MANAGEMENT Enterprise IT
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationGOVERNMENT RESPONSE TO THE CHILD INTERVENTION SYSTEM REVIEW
GOVERNMENT RESPONSE TO THE CHILD INTERVENTION SYSTEM REVIEW October 2010 Closing the Gap Between Vision and Reality: Strengthening Accountability, Adaptability and Continuous Improvement in Alberta s Child
More informationOversight of Information Technology Projects. Information Technology Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Oversight of Information Technology Projects Information Technology Audit May 29, 2009 Report 09-19 FINANCIAL
More informationAnatomy of an IT Outsourcing Deal. Bruce Laco Deloitte John Pickett IT World Canada Barry Sookman McCarthy Tetrault
Anatomy of an IT Outsourcing Deal Bruce Laco Deloitte John Pickett IT World Canada Barry Sookman McCarthy Tetrault 3656867 Agenda Key Considerations for IT Outsourcing Decision Anatomy of an Outsourcing
More informationFollow-up of the Audit of Quarantine, Migration and Travel Health and International Health Regulations
Final Audit Report Follow-up of the Audit of Quarantine, Migration and Travel Health and International Health Regulations October 2012 Table of Contents Executive summary... i A - Introduction... 1 1.
More informationAuditor General s Office. Governance and Management of City Computer Software Needs Improvement
Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City
More informationAudit of the Test of Design of Entity-Level Controls
Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationContents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management
More informationIT Security Risk Management: A Lifecycle Approach
Information Technology Security Guidance IT Security Risk Management: A Lifecycle Approach ITSG-33 November 2012 Foreword The of is an unclassified publication issued under the authority of the Chief,
More informationFinal Audit Report. Audit of the Human Resources Management Information System. December 2013. Canada
Final Audit Report Audit of the Human Resources Management Information System December 2013 Canada Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objective...
More informationAudit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationGOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011
APPENDIX 1 GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT January 7, 2011 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS
More informationAudit of the Management of Projects within Employment and Social Development Canada
Unclassified Internal Audit Services Branch Audit of the Management of Projects within Employment and Social Development Canada February 2014 SP-607-03-14E Internal Audit Services Branch (IASB) You can
More informationFinal Report. 2013-709 Audit of Vendor Performance and Corrective Measures. September 18, 2014. Office of Audit and Evaluation
2013-709 Audit of Vendor Performance and Corrective Measures September 18, 2014 Office of Audit and Evaluation TABLE OF CONTENTS MAIN POINTS... i INTRODUCTION... 1 FOCUS OF THE AUDIT... 7 STATEMENT OF
More informationInformation Technology Control Framework in the Federal Government Considerations for an Audit Strategy
Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of
More informationMISSION VALUES. The guide has been printed by:
www.cudgc.sk.ca MISSION We instill public confidence in Saskatchewan credit unions by guaranteeing deposits. As the primary prudential and solvency regulator, we promote responsible governance by credit
More informationTreasury Board of Canada Secretariat (TBS) IT Project Manager s Handbook. Version 1.1
Treasury Board of Canada Secretariat (TBS) IT Project Manager s Handbook Version 1.1 December 12, 1997 Table of Contents Navigating the Handbook Content...1 Introduction...4 About the Handbook...9 Adaptability
More informationAboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Economic Development Programs. Prepared by:
Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Economic Development Programs Prepared by: Audit and Assurance Services Branch Project No. 13-44 February 2014 TABLE OF
More informationDigital government toolkit
Digital Government Strategies: Good Practices Canada: Enterprise IT Governance, Planning, Reporting and Oversight The OECD Council adopted on 15 July 2014 the Recommendation on Digital Government Strategies.
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationPhase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls
Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate November 2013 Cette
More informationPWGSC YOUR SERVICE OUR SERVICES, STANDARDS AND RESULTS 2015 2016
PWGSC YOUR SERVICE OUR SERVICES, STANDARDS AND RESULTS 2015 2016 BUYING AND SELLING A. KEY SERVICES We provide departments and agencies with the expertise needed to acquire complex commercial goods and
More informationIRCA Briefing note ISO/IEC 20000-1: 2011
IRCA Briefing note ISO/IEC 20000-1: 2011 How to apply for and maintain Training Organization Approval and Training Course Certification IRCA 3000 Contents Introduction 3 Summary of the changes within ISO/IEC
More informationInternal Audit Practice Guide
Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional
More informationGuidance on the Governance and Management of Evaluations of Horizontal Initiatives
Guidance on the Governance and Management of Evaluations of Horizontal Initiatives Centre of Excellence for Evaluation Expenditure Management Sector Treasury Board of Canada Secretariat Her Majesty the
More informationCreating and Maturing a Service Catalog
Creating and Maturing a Service Catalog By Wendy Kuhn and Pam Erskine Third Sky, Inc. Introduction Developing a service catalog can seem like a simple marketing and communications activity or a daunting
More informationDigital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager
Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with
More informationPrivate Certification to Inform Regulatory Risk-Based Oversight: Discussion Document
Private Certification to Inform Regulatory Risk-Based Oversight: Discussion Document 1 Table of Contents INTRODUCTION... 3 BACKGROUND... 3 PRIVATE CERTIFICATION SCHEMES VS. REGULATORY STANDARDS... 3 PRIVATE
More informationBC IMMIGRANT INVESTMENT FUND LTD. 2015/16 2017/18 SERVICE PLAN
BC IMMIGRANT INVESTMENT FUND LTD. 2015/16 2017/18 SERVICE PLAN For more information on the BC Immigrant Investment Fund (BCIIF) contact: BCIIF Suite 301 865 Hornby Street Vancouver, BC V6Z 2G3 Shauna Turner,
More informationThe Role of the Board in Enterprise Risk Management
Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance
More informationbuilding and sustaining productive working relationships p u b l i c r e l a t i o n s a n d p r o c u r e m e n t
building and sustaining productive working relationships p u b l i c r e l a t i o n s a n d p r o c u r e m e n t INTRODUCTION 1 1 THE GROWING INFLUENCE OF PROCUREMENT PROFESSIONALS 2 2 GUIDELINES FOR
More informationBusiness Architecture Scenarios
The OMG, Business Architecture Special Interest Group Business Architecture Scenarios Principal Authors William Ulrich, President, TSG, Inc. Co chair, OMG BASIG wmmulrich@baymoon.com Neal McWhorter, Principal,
More informationTable of Contents PERFORMANCE REVIEWS STRATEGIC REVIEWS
SECTION 270 PERFORMANCE AND STRATEGIC REVIEWS Table of Contents 270.1 To which agencies does this section apply? 270.2 What is the purpose of this section? PERFORMANCE REVIEWS 270.3 What is the purpose
More informationOffice of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit
Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit Consumer Financial Protection Bureau September 2012 September 28, 2012 MEMORANDUM TO: FROM: SUBJECT:
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationSummary of Submissions Received on the Consultation on Strengthening Statutory Payment Oversight Powers and the Reserve Bank s Responses
Summary of Submissions Received on the Consultation on Strengthening Statutory Payment Oversight Powers and the Reserve Bank s Responses October 2013 2 SECTION ONE: INTRODUCTION 1. In March 2013, the Reserve
More informationValue to the Mission. FEA Practice Guidance. Federal Enterprise Architecture Program Management Office, OMB
Value to the Mission FEA Practice Guidance Federal Enterprise Program Management Office, OMB November 2007 FEA Practice Guidance Table of Contents Section 1: Overview...1-1 About the FEA Practice Guidance...
More informationAudit of Accounts Receivable. Internal Audit Report
Audit of Accounts Receivable Internal Audit Report July 2011 Table of Contents Executive Summary....3 1.0 Introduction... 5 1.1 Background... 5 1.2 Risk Assessment...6 1.3 Audit Objectives and Scope...
More informationBusiness Plan 2014-2015
Business Plan 2014-2015 Table of Contents RHRA Corporate Overview Profile 1 Vision, Mission, Mandate and Values 1 Strategic Priorities and Business Planning Overview 2 Fiscal Year 2014-15 Activities and
More informationWilhelmenia Ravenell IT Manager Eli Lilly and Company
Wilhelmenia Ravenell IT Manager Eli Lilly and Company Agenda Introductions The Service Management Framework Keys of a successful Service management transformation Why transform? ROI and the customer experience
More informationMGMT 4135 Project Management. Chapter-16. Project Oversight
MGMT 4135 Project Management Chapter-16 Project Oversight Project Oversight: defined as a set of principles and processes to guide and improve the management of projects. Ensures projects meet the needs
More informationAUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL
AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY
More informationEssentials to Building a Winning Business Case for Tax Technology
Essentials to Building a Winning Business Case for Tax Technology The complexity of the tax function continues to evolve beyond manual and time-consuming processes. Technology has been essential in managing
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationCore Monitoring Guide
Core Monitoring Guide April 2005 eta UNITED STATES DEPARTMENT OF LABOR EMPLOYMENT AND TRAINING ADMINISTRATION Core Monitoring Guide April 2005 United States Department of Labor Employment and Training
More informationFinancial Services FINANCIAL SERVICES UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN. CR_2215 Attachment 1
CR_2215 Attachment 1 Financial Services FINANCIAL SERVICES & UTILITIES 57 FINANCIAL SERVICES AND UTILITIES 2016-2018 BUSINESS PLAN Acting Branch Manager: Stacey Padbury Table of Contents INTRODUCTION Our
More informationEnterprise Performance Life Cycle Management. Guideline
Enterprise Performance Life Cycle Management Guideline Version 2.1 PREPARED BY THE ENTERPRISE PROGRAM MANAGEMENT OFFICE MAY 2011 Table of Contents Document Control...i 1. Introduction... 2 1.1 Purpose...
More informationOffice of Information Technology. County of Dallas FY2014 FY2018 Information Technology Strategic Plan
Office of Information Technology County of Dallas Letter from the Office of Information Technology This Information Technology Strategic Plan is the culmination of hard work and collaboration by County
More informationAudit of IT Asset Management Report
Audit of IT Asset Management Report Recommended by the Departmental Audit Committee for approval by the President on Approved by the President on September 4, 2012 e-doc : 3854899 1 Table of Contents EXECUTIVE
More informationAudit of Financial Management Governance. Audit Report
Audit of Financial Management Governance Audit Report March 2015 TABLE OF CONTENTS Executive Summary... 2 What we examined... 2 Why it is important... 2 What we found... 2 Background... 4 Objective...
More informationBeyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist
Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions
More informationWhite Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard
White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard Abstract: This white paper outlines the ITIL industry best practices methodology and discusses the methods in
More informationIT Security Risk Management: A Lifecycle Approach
Information Technology Security Guidance IT Security Risk Management: A Lifecycle Approach Departmental IT Security Risk Management Activities ITSG-33 Annex 1 November 2012 Foreword Annex 1 (Departmental
More informationOFFICE OF THE PRIVACY COMMISSIONER OF CANADA. Audit of Human Resource Management
OFFICE OF THE PRIVACY COMMISSIONER OF CANADA Audit of Human Resource Management May 13, 2010 Prepared by the Centre for Public Management Inc. TABLE OF CONTENTS 1.0 Executive Summary... 2 2.0 Background...
More informationData Communications Company (DCC) price control guidance: process and procedures
Guidance document Contact: Tricia Quinn, Senior Economist Publication date: 27 July 2015 Team: Smarter Metering Email: tricia.quinn@ofgem.gov.uk Overview: The Data and Communications Company (DCC) is required
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationU.S. Nuclear Regulatory Commission
U.S. Nuclear Regulatory Commission 2011 Data Center Consolidation Plan and Progress Report Version 2.0 September 30, 2011 Enclosure Contents 1 Introduction... 2 2 Agency Goals for Data Center Consolidation...
More informationEXECUTIVE SUMMARY...5
Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9
More informationIT Standards & Contract Management
Appendix F IT Standards & Table of Contents Vision of Action... 2 Background... 3 Goals and Objectives... 4 Projects... 5 Metrics and Measures... 6 F IT Standards & Carol Steffanni Director, MDIT Bureau
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationInternal Audit Manual
Internal Audit Manual Version 1.0 AUDIT AND EVALUATION SECTOR AUDIT AND ASSURANCE SERVICES BRANCH INDIAN AND NORTHERN AFFAIRS CANADA April 25, 2008 #933907 Acknowledgements The Institute of Internal Auditors
More informationINVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation
INVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation Treasury Board Secretariat: Mel Thompson : Catherine Ella, P Eng, PMP Speakers Mel Thompson is the Principal Analyst
More informationYour asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.
Asset management Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Data is about more than numbers. It tells
More informationPRINCIPLES FOR PERIODIC DISCLOSURE BY LISTED ENTITIES
PRINCIPLES FOR PERIODIC DISCLOSURE BY LISTED ENTITIES Final Report TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2010 CONTENTS Chapter Page 1 Introduction 3 Uses
More informationCITY OF VAUGHAN EXTRACT FROM COUNCIL MEETING MINUTES OF FEBRUARY 17, 2015
EXTRACT FROM COUNCIL MEETING MINUTES OF FEBRUARY 17, 2015 Item 3, Report No. 5, of the Finance, Administration and Audit Committee, which was adopted without amendment by the Council of the City of Vaughan
More informationSITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre
SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationCombine ITIL and COBIT to Meet Business Challenges
Combine ITIL and COBIT to Meet Business Challenges By Peter Hill, Director, IT Governance Network, and Ken Turbitt, Best Practices Director, BMC Software BEST PRACTICES WHITE PAPER Table of Contents ABSTRACT...
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationENTERPRISE PROJECT MANAGEMENT OFFICE
ENTERPRISE PROJECT MANAGEMENT OFFICE QUALITY MANAGEMENT SYSTEM ISO 9001:2008 STATE CHIEF INFORMATION OFFICER CHRIS ESTES DEPUTY STATE CHIEF INFORMATION OFFICER AARON WIENSHIENK DEPARTMENT MANAGER JAMES
More informationAboriginal Affairs and Northern Development Canada. Internal Audit Report
Aboriginal Affairs and Northern Development Canada Internal Audit Report Management Practices Audit of the Human Resources and Workplace Services Branch Prepared by: Audit and Assurance Services Branch
More informationAudit of the Financial Management Control Framework - Revenue
N A T I O N A L R E S E A R C H C O U N C I L C A N A D A Audit of the Financial Management Control Framework - Revenue I n t e r n a l A u d i t, N R C N O V E M B E R 2011 1.0 Executive Summary and
More informationSkatteudvalget 2014-15 (2. samling) SAU Alm.del Bilag 48 Offentligt. Programme, Project & Service Management Analysis
Skatteudvalget 2014-15 (2. samling) SAU Alm.del Bilag 48 Offentligt Programme, Project & Service Management Analysis Table of Content 1 Executive Summary... 3 1.1 Scope of Work... 3 1.2 Methodology for
More informationBUSINESS PLAN 2013-2016. Library and Archives Canada
BUSINESS PLAN 2013-2016 Library and Archives Canada Catalogue No.: SB1-6/2013E-PDF ISSN: 2292-0021 Business plan (Library and Archives Canada) Aussi offert en français sous le titre : Plan d affaires 2013-2016
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationNew York ehealth Collaborative
New York ehealth Collaborative Policy and Governance Structure January 2012 0 Table of Contents Executive Summary 2-4 Introduction 5-6 Achieving Statewide Interoperability Goals 7-8 SHIN-NY Governance
More informationintegrate 2: Business Process Redesign
Nevada System of Higher Education integrate 2: Business Process Redesign Executive Summary TABLE OF CONTENTS I. BACKGROUND AND OBJECTIVES 2 II. METHODOLOGY AND APPROACH 3 III. PROJECT OUTCOMES 5 IV. MAJOR
More informationAdoption of a PPM Solution Using An Agile Approach. Andy Robinson
Adoption of a PPM Solution Using An Agile Approach Andy Robinson 1 Agenda Drivers for using a Portfolio and Project Management system Organisational maturity Where to start Planning, delivery, realisation
More informationCSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.
Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1
More informationAudit of the UNESCO Data Center. Internal Oversight Service. Contributors: Sameer Pise Prashant Sharma. IOS/AUD/2010/09 Original: English.
Independent auditor report on the result of the UNESCO s Data Center Audit 1 Internal Oversight Service IOS/AUD/2010/09 Original: English Audit of the UNESCO Data Center June 2010 Contributors: Sameer
More informationSmall Business. Leveraging SBA IT resources to support America s small businesses
Small Business Administration Information Technology Strategic Plan ( ITSP) 2012-2016 Leveraging SBA IT resources to support America s small businesses Message from the Chief Information Officer The Small
More informationTransit Asset Management MBTA Initiatives
Transit Asset Management MBTA Initiatives Standing Committee on Audit and Finance March 3, 2015 1 Agenda TAM overview MAP 21 requirements MBTA TAM initiatives: Asset Management Plan Decision Support Tool
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationSTRATEGIC PLAN. Responsible Regulation in a Dynamic Environment
STRATEGIC PLAN Responsible Regulation in a Dynamic Environment Vision Framework MFDA Members and their Approved Persons provide the most accessible advice-driven distribution model to retail investors
More informationInformation Management and Office Systems Advancement
48 11. CASE STUDIES: NATIONAL GOVERNMENTS Information Management and Office Systems Advancement (IMOSA) - An Overview - by John McDonald, Director Information Management Standards and Practices, Government
More informationAudit of Project Management Governance. Audit Report
Audit of Project Management Governance Audit Report March 2015 TABLE OF CONTENTS Executive Summary... 3 What we examined... 3 Why it is important... 3 What we found... 3 Background... 5 Objective... 6
More informationCOMPREHENSIVE ASSET MANAGEMENT STRATEGY
COMPREHENSIVE ASSET MANAGEMENT STRATEGY APPROVED BY SENIOR MANAGEMENT COMMITTEE ON AUGUST 23, 2012 (TO BE FINALIZED AFTER APPROVAL OF CAM POLICY BY COUNCIL) August 2012 Contents CONTENTS EXECUTIVE SUMMARY
More informationInternal Audit of the Sport Canada Hosting Program
Internal Audit of the Sport Canada Hosting Program Office of the Chief Audit and Evaluation Executive November 2009 Table of Contents Executive Summary...i 1. Introduction and Context...1 1.1 Authority
More informationITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu
ITSM 101 Patrick Connelly and Sandeep Narang Gartner 1 IT Service Management 101 Agenda What is IT Service Management? Why is IT Service Management Important? Speaking a Common Language: Overview of Key
More informationSUPPLY CHAIN & PROCUREMENT INSIGHTS REPORT CANADA, ARE WE FALLING BEHIND?
GRAND & TOY 2012 SUPPLY CHAIN & PROCUREMENT INSIGHTS REPORT CANADA, ARE WE FALLING BEHIND? Research conducted by TABLE OF CONTENTS Overview... 3 Procurement Tactically Focused but Evolving...4 Communication
More informationHow To Integrate Hr
Houston Compensation & Benefits Post-Deal Integration Planning for Compensation & Benefits Wednesday, April 22, 2015 Agenda Deal Timeline/Background Integration of Compensation and Benefits Medical/Retirement
More informationDepartment of Finance. Strategic Plan 2011-2014. A vibrant and self-reliant economy and prosperous people.
Department of Finance Strategic Plan 2011-2014 A vibrant and self-reliant economy and prosperous people. Department of Finance 2009-10 Annual Report 1 Department of Finance P.O. Box 8700, Confederation
More information