Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management. Final Report FU01 14/15
|
|
- Polly York
- 8 years ago
- Views:
Transcription
1 Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management Final Report FU01 14/15 11 November 2014
2 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 4 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 5 10 APPENDIX RESPECTIVE RESPONSIBILITIES OF MANAGEMENT AND 11 INTERNAL AUDIT 11 November 2014
3 SECTION 1 EXECUTIVE SUMMARY Introduction 1.01 This follow up report has been prepared for the Comhairle s Audit & Scrutiny Committee. The original report advised of a number of recommendations made in Document Management report which was issued on 10 th December The follow up review was undertaken in accordance with the operational annual internal audit plan for 2014/15. Internal audit objective 1.02 Following up internal audit reports and assessing the level of compliance with recommendations made is an important part of the internal audit function In accordance with the remit detailed in the operational annual internal audit plan for 2014/15, our internal audit work was designed to obtain assurance that the original recommendations have been implemented. We obtained this assurance through internal audit testing and undertaking discussions with key personnel The main recommendations in the original report were: - The Public Records (Scotland) Act 2011(PRSA) came into force on the 1 st January The PRSA requires the Comhairle to prepare and submit a five year Records Management Plan (RMP) to the Keeper for approval. Although work has started on this task, the Keeper will invite each named authority to submit a plan within a period of 6 month from date of notice; A comprehensive document management policy be updated outlining the key requirement of applicability, roles and responsibilities, regulatory environment and monitoring; and Appropriate storage facilities are used by departments which reflect the level of security and water/fire proofing that may be required. 11 November
4 SECTION 1 EXECUTIVE SUMMARY (CONTINUED) Detailed findings 1.05 The current status of progress against the original recommendations can be summarised as follows:- Key to status Fully implemented;, although further work is required to meet the objective of the recommendation; or Insufficient progress to date. Recommendation Action to Date Status A comprehensive document management policy be updated outlining the key requirement of applicability, roles and responsibilities, regulatory environment and monitoring. This policy should flow from the findings of the current crossdepartment review taking place. Any Records Management Policy implemented should cover paper, faxes, internet and intranet information. A Records Management Policy be introduced which covers training requirements for new and existing staff. All existing staff should receive appropriate information security and data management training. Training in information security and data management should take place as part of the induction training for all new staff. Regular information updates should be advised to staff on a regular basis and where significant changes are identified specific training is rolled out to all staff. 11 November
5 SECTION 1 EXECUTIVE SUMMARY (CONTINUED) Recommendation Action to Date Status The Comhairle s Management Team need to take forward policies and procedures which provide consistency of approach, and are implemented within departments and monitored to assess compliance. Fully implemented A statement in relation to third party operatives who could access data be covered in a document management policy. The document management policy outlines security requirements, prohibited activities and the requirement to sign up to this requirement either within a contract or a declaration in short term instances. A communications classification system (Protective Marking) be introduced which complies with best practice. Insufficient progress to date Appropriate training and advice is given to all staff in the use of classification frameworks. A corporate approach covering document management must be progressed as a matter of priority given that sufficient notice was given to all public bodies of their statutory duties to comply. Insufficient progress to date A RMP be produced which meets the 14 best practice areas as defined by the Keeper and is implemented and lodged as per the Act. A standard is set in terms of data security and disposal of waste through shredding and confidential waste disposal throughout the Comhairle and which meet BS15713 (The secure destruction of confidential material). Any such guidance should also identify the minimum security grade of office shredders. A corporate process and associated procedures be implemented which take bulk confidential waste off site for disposal. 11 November
6 SECTION 1 EXECUTIVE SUMMARY (CONTINUED) Recommendation Action to Date Status Corporate protocols and instructions should be agreed which covers manual records and security of files when not in use or are visible to nonauthorised staff and visitors. A comprehensive IT asset register be maintained and reviewed periodically in terms of update to identify that all assets that should be held are still within the control of the Comhairle or have been disposed off using the approved method. Appropriate storage facilities are used by departments which reflect the level of security and water/fire proofing that may be required. Insufficient progress to date Insufficient progress to date Concluding remarks 1.06 From our follow up testing, we note that out of the 18 follow up recommendations made in the original follow up report 1 appears to have been fully implemented, and management have confirmed that the remaining recommendations will be implemented by June For Comhairle nan Eilean Siar Internal Audit Services Internal Audit Comhairle nan Eilean Siar Council s Sandwick Road Stornoway 11 November November
7 SECTION 2 DETAILED FINDINGS 2.1 A comprehensive document management policy be updated outlining the key requirement of applicability, roles and responsibilities, regulatory environment and monitoring. This policy should flow from the findings of the current crossdepartment review taking place. This has been drafted to reflect terms of the Act; still in progress. To be finalised and approved. Review March 2015 Any Records Management Policy implemented should cover paper, faxes, internet and intranet information. As above As above 11 November
8 SECTION 2 DETAILED FINDINGS (CONTINUED) 2.2 A Records Management Policy be introduced which covers training requirements for new and existing staff. All existing staff should receive appropriate information security and data management training. Training in information security and data management should take place as part of the induction training for all new staff. / HR (all) Once Policy documentation has been finalised and approved, then roll out of training will follow to all relevant staff. We are advised by the Business Development Manager that information security and Data Protection training is included in all induction training and Data Protection training is available as an in-house training course for all employees. In addition, the IT and Customer Services purchased an e-learning training course in Information Security for all employees. Review in June 2015 Regular information updates should be advised to staff on a regular basis and where significant changes are identified specific training is rolled out to all staff. 11 November
9 SECTION 2 DETAILED FINDINGS (CONTINUED) 2.3 The Comhairle s Management Team need to take forward policies and procedures which provide consistency of approach, and are implemented within departments and monitored to assess compliance. Chief & CMT January 14 Management Team have approved reports from the former archivist at Working Group. Done and ongoing. 2.4 A statement in relation to third party operatives who could access data be covered in a document management policy. Draft policy in progress. Completion and approval of policy Review March 2015 The document management policy outlines security requirements, prohibited activities and the requirement to sign up to this requirement either within a contract or a declaration in short term instances. As above. As above. 11 November
10 SECTION 2 DETAILED FINDINGS (CONTINUED) A communications classification system (Protective Marking) be introduced which complies with best practice. Appropriate training and advice is given to all staff in the use of classification frameworks. IT and Customer Services July14 IT and Customer Services/ Head of HR July 14 A report was approved by CMT in April this year recommending that: a) a tender exercise be undertaken to determine the most cost effective option that meets the Comhairle s requirements and; b) the proposed classification categories are approved for use in the Comhairle. Nothing further has been done as resources were redirected to PSN compliance. Revised target will be end June Implementation of the recommendations. A corporate approach covering document management must be progressed as a matter of priority given that sufficient notice was given to all public bodies of their statutory duties to comply. A RMP be produced which meets the 14 best practice areas as defined by the Keeper and is implemented and lodged as per the Act. The working group will take forward archivists recommendations. Records Management Policy in progress. Completion and approval of policy Review March As above. 11 November
11 SECTION 2 DETAILED FINDINGS (CONTINUED) 2.7 A standard is set in terms of data security and disposal of waste through shredding and confidential waste disposal throughout the Comhairle and which meet BS15713 (The secure destruction of confidential material). Any such guidance should also identify the minimum security grade of office shredders. (All) Documentation in draft form and will be progressed shortly. Completion and approval of policy Review March A corporate process and associated procedures be implemented which take bulk confidential waste off site for disposal. As above. As Above. 2.8 Corporate protocols and instructions should be agreed which covers manual records and security of files when not in use or are visible to non-authorised staff and visitors. Documentation in draft form and will be progressed shortly. Completion and approval of policy Review March November
12 SECTION 2 DETAILED FINDINGS (CONTINUED) 2.9 A comprehensive IT asset register be maintained and reviewed periodically in terms of update to identify that all assets that should be held are still within the control of the Comhairle or have been disposed off using the approved method. IT and Customer Services July14 Nothing further has been done as resources were redirected to PSN compliance. Revised target will be end June Implementation of the recommendations Appropriate storage facilities are used by departments which reflect the level of security and water/fire proofing that may be required. Assets & Infrastructure Enhanced storage facilities have been made available to Departments at Marybank Depot. These include secure and general storage. Procedures have been put in place to ensure that documents are stored in appropriate containers and labelled correctly. The enhanced facilities do not necessarily provide the highest level of fire security as the existing building has limitations, however are a practicable step towards more appropriate storage facilities. Develop a corporate strategy and understanding of storage requirements which will provide direction to future asset provision. 11 November
13 APPENDIX: RESPECTIVE RESPONSIBILITIES OF MANAGEMENT AND INTERNAL AUDIT Internal controls It is the responsibility of Comhairle management to maintain adequate and effective financial systems and to arrange for a system of internal controls. Our responsibility as internal auditors is to evaluate significant financial systems and associated internal controls and to report to the Audit Committee on the appropriateness of such systems and controls. In practice, we cannot examine every financial activity and accounting procedure and we cannot substitute for management s responsibility to maintain adequate systems of internal controls over financial systems. We therefore may not identify all the weaknesses that exist in that regard. Fraud and corruption The prime responsibility for the prevention and detection of fraud and irregularities rests with Comhairle management. They also have a duty to take reasonable steps to limit the opportunity for corrupt practices. It is our responsibility to review the adequacy of these arrangements, but our work does not remove the possibility that fraud, corruption or irregularity may have occurred and remained undetected. We nevertheless endeavour to plan our audit so that we have a reasonable expectation of detecting material fraud, but our examination should not be relied upon to disclose all such material frauds as may exist. 11 November
Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13
Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing Final Report FU16 12/13 09 October 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 2 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review PERFORMANCE MANAGEMENT & MONITORING. Final Report FU17 12/13
Comhairle nan Eilean Siar Internal Audit Follow Up Review Final Report FU17 12/13 30 th May 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4 7 30
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements. Final Report FU01 13/14
Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements Final Report FU01 13/14 INTERNAL AUDIT FOLLOW UP REPORT CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators. Final Report FU20 11/12
Comhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators Final Report FU20 11/12 14 th August 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15
Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery Final Report FU18 14/15 27 th May 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationComhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06
Comhairle nan Eilean Siar Internal Audit Review Information Technology Final Report 2014/15-06 3 rd November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationComhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY. Final Report 12/13-20
Comhairle nan Eilean Siar Internal Audit Review Final Report 12/13-20 8 th January 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4-9 SECTION 3 -
More informationComhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department. Final Report 2014/15-21
Comhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department Final Report 2014/15-21 4 th November 2014 PROJECT MANAGEMENT & PROJECT DELIVERY CONTENTS
More informationComhairle nan Eilean Siar Internal Audit Review MANAGEMENT OF SICKNESS ABSENCES. Final Report 2013/14-18
Comhairle nan Eilean Siar Internal Audit Review Final Report 2013/14-18 01 st July 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-8 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 9-27 SECTION 3
More informationComhairle nan Eilean Siar Internal Audit Review School Transport Policy Final Report 15/16-22
Comhairle nan Eilean Siar Internal Audit Review School Transport Policy Final Report 15/16-22 3 rd June 2015 3 rd June 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS
More informationPublic Records (Scotland) Act 2011. Healthcare Improvement Scotland and Scottish Health Council Assessment Report
Public Records (Scotland) Act 2011 Healthcare Improvement Scotland and Scottish Health Council Assessment Report The Keeper of the Records of Scotland 30 October 2015 Contents 1. Public Records (Scotland)
More informationRecords Management plan
Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland
More informationGovernance and Audit Committee 23 November 2015
Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on
More informationPublic Records (Scotland) Act 2011. Fife NHS Board Assessment Report. The Keeper of the Records of Scotland. 27 September 2013.
Public Records (Scotland) Act 2011 Fife NHS Board Assessment Report The Keeper of the Records of Scotland 27 September 2013 Contents 1. Public Records (Scotland) Act 2011... 3 2. Executive Summary... 3
More informationColeg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:
Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management Assurance Rating: Distribution List: Final Report Audit Committee Principal Vice Principal, (Resources and Financial Planning)/Director
More informationColeg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:
Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation
More informationDraft Internal Audit Report Software Licensing Audit. December 2009
Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement
More informationDacorum Borough Council Final Internal Audit Report
Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service
More informationAnnual Report of Internal Audit 2012/13
Open Decision Item 4 Audit & Governance Committee 19 th June 2013 Annual Report of Internal Audit 2012/13 SYNOPSIS To report on Internal Audit s opinion of the overall adequacy and effectiveness of the
More informationCHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT
CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives
More information1.1 Terms of Reference Y P N Comments/Areas for Improvement
1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational
More informationFood Standards Agency in Scotland
in Scotland Report on the Audit of Local Authority Assessment of Regulation (EC) No 852/2004 on the Hygiene of Foodstuffs in Food Business Establishments Comhairle nan Eilean Siar 21-23 November 2011 Foreword
More informationPractice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM
October 2010 Practice Note 10 (Revised) AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM The Auditing Practices Board (APB) is one of the operating bodies of the Financial Reporting
More informationPublic Records (Scotland) Act 2011. City of Edinburgh Council and Licensing Board Assessment Report. The Keeper of the Records of Scotland
Public Records (Scotland) Act 2011 City of Edinburgh Council and Licensing Board Assessment Report The Keeper of the Records of Scotland 23 June 2016 Contents 1. Public Records (Scotland) Act 2011... 3
More informationInforming the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013
Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council This version of the report is a draft. Its contents and subject matter remain under review and its contents
More informationAgency Board Meeting 28 July 2015
SEPA 22/15 Agency Board Meeting 28 July 2015 Report Number: SEPA 22/15 Audit Committee Annual Performance Report 2014-2015 Summary: Risks: Resource and Staffing Implications Equalities: Environmental and
More informationAudit and Performance Committee Report
Audit and Performance Committee Report Date: 3 February 2016 Classification: Title: Wards Affected: Financial Summary: Report of: Author: General Release Maintaining High Ethical Standards at the City
More informationHow To Write A Criminal Justice Plan For The Western Ireland
Comhairle nan Eilean Siar Social Work Department Criminal Justice Service Plan 2008-11 1 INTRODUCTION Comhairle nan Eilean Siar Criminal Justice Service provides services, such as, Supervision of offenders
More informationStates of Jersey Comptroller & Auditor General
States of Jersey Comptroller & Auditor General Code of Audit Practice (Prepared under Article 18 of the Comptroller and Auditor General (Jersey) Law 2014) 28 November 2014 Foreword Independent external
More informationInternal Audit Charter. Version 1 (7 November 2013)
Version 1 (7 November 2013) CONTENTS Details Page EXECUTIVE SUMMARY... 2 1. BACKGROUND... 3 10. PSIAS REQUIREMENTS... 3 12. DEFINITION OF THE CHIEF AUDIT EXECUTIVE (CAE)... 4 14. DEFINITION OF THE BOARD...
More informationRecords Management & Data Quality in the Contact Centre. Internal Audit Report 2013/14
Records Management & Data Quality in the Report 2013/14 Records Management & Data Quality in the Ann Kirk & Julie Ball 19 May 2014 Contents Audit: Auditor: Records Management & Data Quality in the Ann
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationAnnual Governance Statement
Annual Governance Statement 2014/15 1 Fareham Borough Council Civic Offices, Civic Way, Fareham PO16 7AZ Scope of Responsibility Fareham Borough Council is responsible for ensuring that its business is
More informationSchedule 13 - NHS Counter Fraud and Security
1. In this Schedule 13: Schedule 13 - NHS Counter Fraud and Security 1.1 CFSMS means the Special Health Authority established by the Counter Fraud and Security Management Service (Establishment and Constitution
More informationAberdeen City Council IT Asset Management
Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationStatement of responsibilities of auditors and audited bodies: Local authorities, NHS bodies and small authorities.
Statement of responsibilities of auditors and audited bodies: Local authorities, NHS bodies and small authorities. 1. This statement serves as the formal terms of engagement between appointed auditors
More informationInformation Governance Incorporating the Records Management Plan
Information Governance Incorporating the Records Management Plan Information governance, or IG, is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to
More informationCorporate Records Management Policy
Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management
More informationLONDON BOROUGH OF HARROW. Overview & Scrutiny Committee
LONDON BOROUGH OF HARROW Meeting: Overview & Scrutiny Committee Date: 27 April 2004 Subject: Internal Audit Plan 2004/05 Key Decision: Responsible Chief Officer: No Executive Director, Business Connections
More informationInternal audit report Information Security / Data Protection review
Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security
More informationArgyll, Bute and Dunbartonshires Criminal Justice Social Work Partnership Joint Committee
INFRASTRUCTURE, GOVERNMENT & HEALTHCARE Argyll, Bute and Dunbartonshires Criminal Justice Social Work Partnership Joint Committee Annual audit report to the members of the Joint Committee and the Controller
More informationChildren & Families Services Plan
Comhairle nan Eilean Siar Social Work Department Children & Families Services Plan 2008-11 1 INTRODUCTION Comhairle nan Eilean Siar Children & Families Services provide services to children, young people
More informationHEALTH SERVICE EXECUTIVE NATIONAL FINANCIAL REGULATION LEASE AND RENTAL ARRANGEMENTS NFR-30
HEALTH SERVICE EXECUTIVE NATIONAL FINANCIAL REGULATION LEASE AND RENTAL ARRANGEMENTS NFR-30 Ver 2.0 20/12/2013 1 NFR-30 LEASE AND RENTAL ARRANGEMENTS 30.1 Introduction on page 3 30.2 Purpose on page 3
More informationReview of housing benefit overpayments 2008/09 to 2011/12
Review of housing benefit overpayments 2008/09 to 2011/12 Prepared by Audit Scotland January 2013 Audit Scotland is a statutory body set up in April 2000 under the Public Finance and Accountability (Scotland)
More informationAudit, Business Risk and Compliance Committee Charter. Spotless Group Holdings Limited ACN 154 229 562
Audit, Business Risk and Compliance Committee Charter Spotless Group Holdings Limited ACN 154 229 562 Adopted by the Company board on 26 March 2014 Contents Page 1 Role and authority of the Audit, Business
More informationStatement of responsibilities of auditors and audited small bodies
Statement of responsibilities of auditors and audited small bodies The Audit Commission is a public corporation set up in 1983 to protect the public purse. The Commission appoints auditors to councils,
More informationRolls Royce s Corporate Governance ADOPTED BY RESOLUTION OF THE BOARD OF ROLLS ROYCE HOLDINGS PLC ON 16 JANUARY 2015
Rolls Royce s Corporate Governance ADOPTED BY RESOLUTION OF THE BOARD OF ROLLS ROYCE HOLDINGS PLC ON 16 JANUARY 2015 Contents INTRODUCTION 2 THE BOARD 3 ROLE OF THE BOARD 5 TERMS OF REFERENCE OF THE NOMINATIONS
More informationCambridgeshire and Peterborough Fire Authority. Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014
Cambridgeshire and Peterborough Fire Authority Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014 Cambridgeshire & Peterborough Fire Authority 1 Introduction This report
More informationFinancial Management Framework >> Overview Diagram
June 2012 The State of Queensland (Queensland Treasury) June 2012 Except where otherwise noted you are free to copy, communicate and adapt this work, as long as you attribute the authors. This document
More informationRecords Management Plan. April 2015
Records Management Plan April 2015 Prepared in accordance with the Public Records (Scotland) Act 2011 and submitted to the Keeper of the Records of Scotland for their agreement on 28 April 2015 (Revised
More informationCardiff Council. Data protection audit report. Executive summary June 2014
Cardiff Council Data protection audit report Executive summary June 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998
More informationPerth & Kinross Council. Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08. External Audit Report No: 2008/01
Perth & Kinross Council Risk Assessment, Annual Audit Plan and Fee Proposal for 2007/08 External Audit Report No: 2008/01 Draft Issued: 11 February 2008 Final Issued: 29 February 2008 Contents Page Page
More informationThe Scrutiny Panel heard from Fiona Kordiak, Audit Scotland, the Council s auditors and the Director of Finance.
+ ED I N BVRG H + THE CITY OF EDINBURGH COUNCIL Item no \8 External Audit Reports Received Executive of the Council 16 December 2003 Purpose of report 1 To refer a recommendation arising from consideration
More informationInternal Audit Report Business Continuity Planning Arrangements
The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report
More informationAppendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit
Appendix C Accountant in Bankruptcy Annual report on the 2013/14 audit Prepared for Accountant in Bankruptcy and the Auditor General for Scotland 6 August 2014 Audit Scotland is a statutory body set up
More informationCOMPLIANCE FRAMEWORK AND REPORTING GUIDELINES
COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:
More informationAnnual Governance Statement 2013/14
31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money
More informationSenate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University
SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee
More informationItem 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010
Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page
More informationWest Dunbartonshire Council. Follow-up data protection audit report
West Dunbartonshire Council Follow-up data protection audit report Auditors: Lee Taylor (Audit Team Manager) Jonathan Kay (Engagement Lead Auditor) Data controller contacts: Michael Butler (Data Protection/Information
More informationDepute Chief Executive Resources & People Services. Internal Audit Report Fleet Management
REPORT TO: Audit and Governance Committee MEETING DATE: 20 January 2015 BY: SUBJECT: Depute Chief Executive Resources & People s Internal Audit Report Fleet Management 1 PURPOSE 1.1 To inform the Audit
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 21/09/2015 HSCIC Audit of Data Sharing
More informationAberdeen City Council IT Governance
Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or
More informationFREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT
FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT November 2003 Laid before the Scottish Parliament on 10th November 2003 pursuant to section 61(6) of the Freedom of Information
More informationCouncil Policy. Records & Information Management
Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant
More informationNHS COUNTER-FRAUD AND SECURITY MANAGEMENT
Restricted Appendix 17 Adult and Community Services County Hall, Colliton Park Dorchester Dorset DT1 1XJ Direct Line: 01305 22 Fax: 01305 224325 Minicom: 01305 267933 We welcome calls via text Relay NHS
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationCentral London Community Healthcare NHS Trust. Data protection audit report
Central London Community Healthcare NHS Trust Data protection audit report Executive Summary July 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationInternal Audit Strategic and Annual Plans 2015/16
Internal Audit Strategic and Annual Plans 2015/16 Financial Scrutiny and Audit Committee 10 February 2015 Agenda Item No 8 Summary: This report provides an overview of the stages followed prior to the
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationWEST LOTHIAN COLLEGE
WEST LOTHIAN COLLEGE ANNUAL REPORT TO THE BOARD OF GOVERNORS AND THE AUDITOR GENERAL FOR SCOTLAND ON THE EXTERNAL AUDIT FOR THE YEAR ENDED 31 JULY 2006 DECEMBER 2006 Wylie & Bisset Date of commencement
More informationSTATEMENT OF HEALTH AND SAFETY POLICY
STATEMENT OF HEALTH AND SAFETY POLICY The University of Cambridge is committed to the highest standards of excellence in education and research. This commitment to excellence applies equally to the way
More informationAppendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15
Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13
More informationData Quality Action Plan
Data Quality Action Plan Contents Data Quality Action Plan... 1 Action Plan Objectives... 1 Action Plan Mapped to KLOE Level 3 Requirements... 2 1. GOVERNANCE AND LEADERSHIP... 2 2. POLICIES... 5 3. SYSTEMS
More informationBoard Charter. May 2014
May 2014 Document History and Version Control Document History Document Title: Board Charter Document Type: Charter Owner: Board [Company Secretary] Description of content: Corporate Governance practices
More informationInternal Audit (policy & procedure)
Internal Audit (policy & procedure) Objective (purpose) The purpose of this document is to ensure the Crime and Corruption Commission s (CCC) internal audit function operates efficiently and effectively
More informationFRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance
FRAMEWORK FOR THE PREPARATION OF ACCOUNTS Best Practice Guidance Revised Edition April 2010 PUBLISHED IN APRIL 2010 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF SCOTLAND This document is published by the
More informationHORIZON OIL LIMITED (ABN: 51 009 799 455)
HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon
More informationAPB ETHICAL STANDARD 5 (REVISED) NON-AUDIT SERVICES PROVIDED TO AUDITED ENTITIES
APB ETHICAL STANDARD 5 (REVISED) NON-AUDIT SERVICES PROVIDED TO AUDITED ENTITIES (Revised December 2010, updated December 2011) Contents paragraph Introduction 1 4 General approach to non-audit services
More informationRISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers
Appendix 1 RISK MANAGEMENT POLICY AND STRATEGY Document Status: Draft Originator: A Struthers Updated: A Struthers Owner: Executive Director Corporate Services Version: 01.01.03 Date: 30/3/14 Approved
More informationAnnual Audit Letter. Kettering General Hospital NHS Foundation Trust Audit 2010/11
Annual Audit Letter Kettering General Hospital NHS Foundation Trust Audit 2010/11 Contents Key messages 2 Audit opinion and financial statements 2 Value for money 2 Limited assurance opinion on the Quality
More informationRecords & Information Management Policy
The Moray Council Records & Information Management Policy 2013 1 Name of Record Author Description of Content Status Approved by Records & Information Management Policy Eleanor Rowe, Records Manager Strategic
More informationAudit and Risk Committee Charter. Knosys Limited ACN 604 777 862 (Company)
Audit and Risk Committee Charter Knosys Limited ACN 604 777 862 (Company) Audit and Risk Committee Charter 1. Introduction 1.1 The Audit and Risk Committee is a committee established by the board of directors
More informationPublic Records (Scotland) Act 2011. NHS Health Scotland Assessment Report. The Keeper of the Records of Scotland. 5 th August 2015
Public Records (Scotland) Act 2011 NHS Health Scotland Assessment Report The Keeper of the Records of Scotland 5 th August 2015 Contents 1. Public Records (Scotland) Act 2011... 3 2. Executive Summary...
More informationInformation Management Advice 50 Developing a Records Management policy
Information Management Advice 50 Developing a Records Management policy Introduction This advice explains how to develop and implement a Records Management policy. Policy is central to the development
More informationAPPENDIX: CHECKLIST COMPLIANCE WITH THE CODE
AEDIX: CHECKLIST COMLIACE WITH THE CODE lease tick to indicate = ES, = ARTIAL, = O. Where partial or no, you should give reasons for any noncompliance, and any compensating measures in place or actions
More informationRegisters of Scotland. Annual report on the 2012/13 audit
Registers of Scotland Annual report on the 2012/13 audit Prepared for Registers of Scotland and The Auditor General for Scotland October 2013 Audit Scotland is a statutory body set up in April 2000 under
More informationReport 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010
Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set
More informationCode of Corporate Governance
www.surreycc.gov.uk Making Surrey a better place Code of Corporate Governance October 2013 1 This page is intentionally blank 2 CONTENTS PAGE Commitment to good governance 4 Good governance principles
More informationThe SDNPA has agreed the following statement as an expression of the values that will govern the behaviour of its staff and Members:
Agenda Item 9 Appendix 1 DRAFT LOCAL CODE OF CORPORATE GOVERNANCE Introduction Corporate Governance has been defined 1 as being: how local government bodies ensure that they are doing the right things,
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationAberdeen City Council
Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationHead of Internal Audit:
Head of Internal : Opinion on the effectiveness of the system of Internal Control at Northern Devon Healthcare NHS Trust for the year ended 31 March 2010 Roles and responsibilities The whole Board of Directors
More informationInformation Governance Policy
Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationSteve Turpie, Chair of Audit Committee David Swales, Assistant Director of Finance
PRESENTED BY: PREPARED BY: DATE PREPARED: 27 June 2013 1 Background 1.1 The Audit Committee of West Suffolk NHS Foundation Trust is established under Board delegation with approved Terms of Reference that
More informationScotland s Commissioner for Children and Young People Records Management Policy
Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives
More informationRecords Management - Council Policy Version 2-28 April 2014. Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...
Council Policy Records Management Table of Contents Table of Contents... 1 Policy... 2 Policy Objectives... 2 Policy Statement... 2 Records Management Program... 2 Accountability Requirements... 3 General
More information