AUDIT REPORT. Citizens Insurance Suite Check Printing Audit Opinion: Needs Improvement. June 11, 2015
|
|
- Melissa Reeves
- 8 years ago
- Views:
Transcription
1 AUDIT REPORT Citizens Insurance Suite Check Printing Audit Opinion: Needs Improvement June 11, 2015 Citizens Insurance Suite Check Printing
2 Table of Contents: Page Executive Summary Background 1 Objectives and Scope 1 Audit Opinion 1 Appendices Definitions 3 Issue Classifications 4 Distribution 6 Audit Performed By 6
3 Executive Summary Background During March 2015, Finance management requested a review of the check printing process following an instance where IT support, as a test while repairing a broken check printer, reprinted a previously processed check file containing check data from the Citizens Insurance Suite application. OIA was informed that the checks were reprinted on plain white paper and there was no indication of any fraudulent activity associated with the reprinted checks. OIA was requested to assess the check printing process to validate that appropriate access controls had been applied during the Citizens Insurance Suite implementation project and to recommend necessary changes so that only specific Accounting personnel can perform check processing functions. The check processing work flow comprises five primary components, each consisting of underlying software and hardware: Audit Objectives and Scope With this audit, we evaluated the adequacy and effectiveness of the security access controls associated with the Citizens Insurance Suite check processing work flow. Our scope included a review of logical and physical access to all workflow steps including automated and manual procedures, batch jobs, output files, file storage systems and the physical security of the printers. Additionally, security access was also reviewed for the applicable servers and databases that are foundational to the process. Audit Opinion Based upon our audit work, the overall effectiveness of the processes and controls evaluated during the audit is rated as Needs Improvement. We found that Accounting personnel responsible for check printing have a strong knowledge of the process. This knowledge is invaluable in recognizing anomalies that may present a financial risk to the company. However, our work also indicated some specific opportunities to strengthen the control environment for checks originating from the Citizens Insurance Suite including: The need to implement encryption or other security measures for the check data files created by the Citizens Insurance Suite batch process. The current output file as well as archived files are located on a network storage server and neither file type is appropriately secured. Encryption was a business requirement identified in the system design document for the archived file copies; however, the design was not implemented as intended. Implementing encryption or other approved security measures for P a g e 1
4 Executive Summary the current and archived check data would prevent intentional or erroneous manipulation prior to a valid check run and deter attempts to circumvent the approved work flow process. Other issues considered as low risk were identified and discussed with management during the audit, some of which have been resolved. We would like to thank management and staff in Accounting, Budget and Financial Systems, Application Development, Application Delivery, Engineering Services, Facilities, and Information Security for their cooperation and professional courtesy throughout the course of this audit. P a g e 2
5 Appendix 1 Definitions Audit Ratings Satisfactory: Critical internal control systems are functioning in an acceptable manner. There may be no or very few minor issues, but their number and severity relative to the size and scope of the operation, entity, or process audited indicate minimal concern. Corrective action to address the issues identified, although not serious, remains an area of focus. Needs Improvement: Internal control systems are not functioning in an acceptable manner and the control environment will require some enhancement before it can be considered as fully effective. The number and severity of issues relative to the size and scope of the operation, entity, or process being audited indicate some significant areas of weakness. Overall exposure (existing or potential) requires corrective action plan with priority. Unsatisfactory: One or more critical control deficiencies exist which would have a significant adverse effect on loss potential, customer satisfaction or management information. Or the number and severity of issues relative to the size and scope of the operation, entity, or process being audited indicate pervasive, systemic, or individually serious weaknesses. As a result the control environment is not considered to be appropriate, or the management of risks reviewed falls outside acceptable parameters, or both. Overall exposure (existing or potential) is unacceptable and requires immediate corrective action plan with highest priority. P a g e 3
6 Appendix 2 Issue Classifications Control Category High Medium Low Financial Controls (Reliability of financial reporting) Operational Controls (Effectiveness and efficiency of operations) financial statement misstatements >USD 5 million Control issue that could have a pervasive impact on control effectiveness in business or financial processes at the business unit level A control issue relating to any fraud committed by any member of senior management or any manager who plays a significant role in the financial reporting process losses >USD 2.5 million Achievement of principal business objectives in jeopardy Customer service failure (e.g., excessive processing backlogs, unit pricing errors, call center non responsiveness for more than a day) impacting 10,000 policyholders or more or negatively impacting a number of key corporate accounts prolonged IT service failure impacts one or more applications and/or one or more business units negative publicity related to an operational control issue An operational control issue relating to any fraud committed by any member of senior management or any manager who plays a significant role in operations financial statement misstatements between USD 2.5 million to 5 million Control issue that could have an important impact on control effectiveness in business or financial processes at the business unit level losses between USD 0.5 to 2.5 million Achievement of principal business objectives may be affected Customer service failure (e.g., processing backlogs, unit pricing errors, call center non responsiveness) impacting 1,000 policyholders to 10,000 or negatively impacting a key corporate account IT service failure impacts more than one application for a short period of time financial statement misstatements below USD 2.5 million Control issue that does not impact on control effectiveness in business or financial processes at the business unit level losses below USD 0.5 million Achievement of principal business objectives not in doubt Customer service failure (e.g., processing backlogs, unit pricing errors, call center non responsiveness) impacting less than 1,000 policyholders IT service failure impacts one application for a short period of time P a g e 4
7 Appendix 2 Control Category High Medium Low Any operational issue leading to death of an employee or customer Any operational issue leading to injury of an employee or customer Compliance Controls (Compliance with applicable laws and regulations) Remediation timeline for public censure, fines or enforcement action (including requirement to take corrective actions) by any regulatory body which could have a significant financial and/or reputational impact on the Group Any risk of loss of license or regulatory approval to do business Areas of non-compliance identified which could ultimately lead to the above outcomes A control issue relating to any fraud committed by any member of senior management which could have an important compliance or regulatory impact Such an issue would be expected to receive immediate attention from senior management, but must not exceed 60 days to remedy. for public censure, fines or enforcement action (including requirement to take corrective action) by any regulatory body Areas of noncompliance identified which could ultimately lead to the above outcomes Such an issue would be expected to receive corrective action from senior management within 1 month, but must be completed within 90 days of final Audit Report date. for non-public action (including routine fines) by any regulatory body Areas of noncompliance identified which could ultimately lead the above outcome Such an issue does not warrant immediate attention but there should be an agreed program for resolution. This would be expected to complete within 3 months, but in every case must not exceed 120 days. P a g e 5
8 Appendix 3 Distribution Addressees Copies Fred Deeb, Director Budget and Financial Systems Curt Overpeck, Chief Information Officer Juan Cocuy, Citizens Audit Committee Chairman Bette Brown, Citizens Audit Committee Member Jim Henderson, Citizens Audit Committee Member Barry Gilway, President/CEO/Executive Director Kelly Booten, Chief Systems and Operations Charles Johnson, Chief Human Resources Officer Jennifer Montero, Chief Financial Officer Christine Ashburn, VP, Legislative and External Affairs and Communications John Rollins, Chief Risk Officer Dan Sumner, Chief Legal Officer and General Counsel Aditya Gavvala, VP Application Delivery Robert Sellers, VP IT Infrastructure and Operations Debby Kearney, Director, Ethics and Compliance Officer Bruce Meeks, Inspector General Mario Andrade, Director IT Infrastructure Robert Borland, Director Application Development and Delivery Mitch Brockbank, Director IT Security and Risk Cherri Linn, Director Facilities and General Services Following Audit Committee Distribution The Honorable Rick Scott, Governor The Honorable Jeff Atwater, Chief Financial Officer The Honorable Pam Bondi, Attorney General The Honorable Adam Putnam, Commissioner of Agriculture The Honorable Andy Gardiner, President of the Senate The Honorable Steve Crisafulli, Speaker of the House of Representatives Audit Performed By Auditor in Charge Audit Director Under the Direction of Gary Sharrock, Manager IT Audit Karen Wittlinger, Director IT Audit Joe Martins Chief of Internal Audit P a g e 6
AUDIT REPORT. Service Desk and Problem Management Audit Opinion: Satisfactory. November 14, 2014. Report Number: 2014-IT-04
AUDIT REPORT Service Desk and Problem Management Audit Opinion: Satisfactory November 14, 2014 Report Number: 2014-IT-04 Table of Contents: Page Executive Summary Background 1 Audit Objectives and Scope
More informationAUDIT REPORT. Corporate Access and Identity Management Project Audit Opinion: Satisfactory. July 31, 2015
AUDIT REPORT Corporate Access and Identity Management Project Audit Opinion: Satisfactory July 31, 2015 Report Number: 2015-IT-02 Corporate Access and Identity Management Project Table of Contents: Page
More informationAUDIT REPORT. Cloud Software as a Service (SaaS) Procurement and Governance Audit. June 9, 2016
AUDIT REPORT Cloud Software as a Service (SaaS) Procurement and Governance Audit June 9, 2016 Table of Contents: Page Executive Summary Background 1 Audit Objectives and Scope 1 Management s Assessment
More informationAUDIT REPORT. Citizens Data Warehouse Audit Opinion: Needs Improvement. Date: June 9, 2014. Report Number: 2014-AUD-IT-01
AUDIT REPORT Citizens Data Warehouse Audit Opinion: Date: June 9, 2014 Report Number: 2014-AUD-IT-01 Report Number: 2014-AUD-IT-01 Citizens Data Warehouse Table of Contents: Page Executive Summary Background
More informationMANAGEMENT ADVISORY SERVICE REPORT
MANAGEMENT ADVISORY SERVICE REPORT 2014 Disaster Recovery Exercise Date: September 8, 2014 Report Number: 2014-MAS-04 Report Number: 2014-MAS-04 Disaster Recovery Exercise Table of Contents: Page Executive
More informationINVESTIGATION REPORT. Secondary Employment Policy Violation. Date: May 23, 2014. Report Number: CPIC 14-03-0002. Report Number: CPIC 14-03-0002
INVESTIGATION REPORT Secondary Employment Policy Violation Date: May 23, 2014 Table of Contents: Page Report Background 1 Allegations 1 Procedures 1 Findings 2 Conclusion 2 Appendix Distribution 3 Audit
More informationFORENSIC AUDIT REPORT. Legal Defense Billing Audit Opinion: Unsatisfactory. Date: May 31, 2014. Report Number: 2013-AUD-15
FORENSIC AUDIT REPORT Legal Defense Billing Audit Opinion: Unsatisfactory Date: May 31, 2014 Table of Contents: Page Executive Summary Background 2 Audit Objectives and Scope 3 Audit Procedures 3 Summary
More informationAUDIT REPORT. Legal Billing Compliance. July 29, 2015. Report Number: 2015-AUD-09 Legal Billing Compliance
AUDIT REPORT Legal Billing Compliance July 29, 2015 Executive Summary Background In order to thoroughly review and manage legal fee bills received from a large pool of legal firms providing legal services
More informationTHE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014
THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014 Since the last Audit Committee meeting, the OIA has focused on finalizing the execution of the 2013 Audit Plan and the development of the
More information03/14/2013 Compensation Update Citizens Property Insurance Corporation Board of Governors Meeting March 22, 2013
03/14/2013 Compensation Update Citizens Property Insurance Corporation Board of Governors Meeting March 22, 2013 Executive Summary As Florida s no profit provider of property insurance, Citizens is continuously
More informationMay 2012 Report No. 12-030
John Keel, CPA State Auditor Incentive Compensation at the Teacher Retirement System, the Employees Retirement System, and the Permanent School Fund Report No. 12-030 Incentive Compensation at the Teacher
More informationAudit Plan Update. Percentage of Total Budgeted Hours. Adjusted Budgeted Hours. Actual YTD. Audit & MAS 8,066 8,366 38% 7,085.0 46% 2012 Carry Over
AUDIT COMMITTEE UPDATE DECEMBER 13, 2013 EXECUTIVE SUMMARY Office of the Internal Auditor Update Since the last Audit Committee meeting, the OIA has focused on finalizing the execution of the 2013 Audit
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationDEPARTMENT OF ALCOHOLIC BEVERAGE CONTROL REPORT ON AUDIT FOR THE YEAR ENDED
DEPARTMENT OF ALCOHOLIC BEVERAGE CONTROL REPORT ON AUDIT FOR THE YEAR ENDED JUNE 30, 2010 AUDIT SUMMARY We have audited the basic financial statements of the Department of Alcoholic Beverage Control as
More informationSTATEMENT FROM THE CHAIRMAN
STATEMENT FROM THE CHAIRMAN In an ever-changing global marketplace, it is important for all of us to have an understanding of the responsibilities each of have in carrying out day-to-day business decisions
More informationJohn Keel, CPA State Auditor. An Audit Report on The Division of Workers' Compensation at the Department of Insurance. July 2010 Report No.
John Keel, CPA State Auditor An Audit Report on The Division of Workers' Compensation at the Department of Insurance Report No. 10-035 An Audit Report on The Division of Workers' Compensation at the Department
More informationPRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions
PRACTICE GUIDE Formulating and Expressing Internal Audit Opinions 2 of 23 Table of Contents 1. Executive Summary... 1 2. Introduction... 2 3. Planning the Expression of an Opinion... 3 3.1 Expressing an
More informationSUMMARY MINUTES OF THE INFORMATION SYSTEMS ADVISORY COMMITTEE MEETING Friday, September 12, 2014
CITIZENS PROPERTY INSURANCE CORPORATION SUMMARY MINUTES OF THE INFORMATION SYSTEMS ADVISORY COMMITTEE MEETING Friday, The Information Systems Advisory Committee (ISAC) of Citizens Property Insurance Corporation
More informationINFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION. Information Technology Operational Audit
REPORT NO. 2015-017 SEPTEMBER 2014 INFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION Information Technology Operational Audit CITIZENS PROPERTY
More informationOffice of Inspector General
INFORMATION TECHNOLOGY: The Bureau of the Public Debt s Certificate Policy Statement Should Be Updated OIG-03-009 October 24, 2002 Office of Inspector General ******* The Department of the Treasury Contents
More informationMarch 2007 Report No. 07-709
John Keel, CPA State Auditor the State s Attorney, Assistant Attorney General, and General Counsel Positions Report No. 07-709 the State s Attorney, Assistant Attorney General, and Positions Overall Conclusion
More informationursouthwestern Medical Center The University of Texas Southwestern Medical Center HIPAA Privacy Program Audit Internal Audit Report 15:20 July 6, 2015
ursouthwestern The University of Texas Southwestern Internal Audit Report 15:20 July 6, 2015 Table of Contents UT Southwestern I. Executive Summary Background/Scope and Objectives Conclusion 11. Detailed
More informationOffice of Inspector General
Audit Report OIG-12-055 SAFETY AND SOUNDNESS: In-Depth Review of the First National Bank of Davis, Davis, Oklahoma June 7, 2012 Office of Inspector General DEPARTMENT OF THE TREASURY Contents Audit Report
More informationMay 2007 Report No. 07-033
John Keel, CPA State Auditor An Audit Report on Performance Measures at the Department of Insurance Report No. 07-033 An Audit Report on Performance Measures at the Department of Insurance Overall Conclusion
More informationFLORIDA COMMISSION ON OFFENDER REVIEW (formerly Florida Parole Commission)
FLORIDA COMMISSION ON OFFENDER REVIEW (formerly Florida Parole Commission) TENA M. PATE, Chair BERNARD R. COHEN, SR., Vice-Chair MELINDA N. COONROD, Secretary RICK SCOTT, Governor PAM BONDI, Attorney General
More informationCumbria Constabulary. Business Continuity Planning
Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market
More informationEMERGENCY MANAGEMENT PERFORMANCE AND STATE HOMELAND SECURITY PROGRAM FEDERAL GRANTS
EMERGENCY MANAGEMENT PERFORMANCE AND STATE HOMELAND SECURITY PROGRAM FEDERAL GRANTS REPORT ON AUDIT FOR THE YEAR ENDED JUNE 30, 2014 Auditor of Public Accounts Martha S. Mavredes, CPA www.apa.virginia.gov
More informationREPORT 2016/035 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/035 Audit of the use of consultants and individual contractors in the United Nations Stabilization Mission in Haiti Overall results relating to the effective hiring
More informationHow quality assurance reviews can strengthen the strategic value of internal auditing*
How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,
More informationADMINISTRATIVE MANUAL Subject: CORPORATE RESPONSIBILITY 21.49. Directive #: 21.49 Present Date: January 2011
Page: 1 of 18 Directive #: 21.49 Present Date: January 2011 Original Date: September 2004 Review Date: January 2013 Applicable To: SVHC & Affiliated Companies SVMC SCLM SLH FCPC POLICY In furtherance of
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationINTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS
INTERNATIONAL STANDARD ON ENGAGEMENTS 2410 OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY (Effective for reviews of interim financial information for periods beginning
More informationJudiciary Administrative Office of the Courts Data Center
New Jersey State Legislature Office of Legislative Services Office of the State Auditor Judiciary Administrative Office of the Courts Data Center April 30, 2001 to January 15, 2002 Richard L. Fair State
More informationNovember 2009 Report No. 10-016
John Keel, CPA State Auditor An Audit Report on The Financial Responsibility Verification Program (TexasSure) Report No. 10-016 An Audit Report on The Financial Responsibility Verification Program (TexasSure)
More informationIMMUNOTEC INC. AUDIT AND DISCLOSURE POLICY MANAGEMENT COMMITTEE CHARTER AND WHISTLEBLOWER POLICY
IMMUNOTEC INC. AUDIT AND DISCLOSURE POLICY MANAGEMENT COMMITTEE CHARTER AND WHISTLEBLOWER POLICY ORGANIZATION There shall be a committee of the Board of Directors of the Corporation (the Board ) to be
More informationDepartment of Developmental Disabilities Accounts ReceivableAudit
Department of Developmental Disabilities Accounts Receivable Period: September 2015 through December 2015 Results Summary: Objective Accounts Receivable Creation Receipt of Payment Monitoring of Past Due
More informationInternal Controls and Risk Management Report
42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management
More informationThe Advanced Certificate in Performance Audit for International and Public Affairs Management. Workshop Overview
The Advanced Certificate in Performance Audit for International and Public Affairs Management Workshop Overview Performance Audit What is it? We will discuss the principles of performance audit. The session
More informationAudit and Risk Committee Charter. 1. Membership of the Committee. 2. Administrative matters
Audit and Risk Committee Charter The Audit and Risk Committee (the Committee ) is a Committee of the Board established with the specific powers delegated to it under Clause 8.15 of the Company s Constitution
More informationInternal Audit of WFP s Information Architecture
Fighting Hunger Worldwide Internal Audit of WFP s Information Architecture Office of the Inspector General Internal Audit Report AR/13/05 Contents Page I. Executive summary 3 II. Context and scope 5 III.
More informationDEPARTMENT OF ALCOHOLIC BEVERAGE CONTROL REPORT ON AUDIT FOR THE YEAR ENDED JUNE 30, 2012
DEPARTMENT OF ALCOHOLIC BEVERAGE CONTROL REPORT ON AUDIT FOR THE YEAR ENDED JUNE 30, 2012 AUDIT SUMMARY We have audited the basic financial statements of the Department of Alcoholic Beverage Control as
More informationCOSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP
COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed
More informationFederal Information Security Management Act: Fiscal Year 2014 Evaluation
Federal Information Security Management Act: Fiscal Year 2014 Evaluation OFFICE OF INSPECTOR GENERAL UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 M E M O R A N D U M TO: FROM:
More informationAUDIT REPORT. Federal Energy Regulatory Commission's Fiscal Year 2014 Financial Statement Audit
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Federal Energy Regulatory Commission's Fiscal Year 2014 Financial Statement Audit OAS-FS-15-05 December
More informationCharter of the Audit Committee of the Board of Directors
Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA AUDIT OF THE INFORMATION SYSTEM GENERAL CONTROLS AT VANCE-GRANVILLE COMMUNITY COLLEGE HENDERSON, NORTH CAROLINA JUNE 2004 OFFICE OF THE STATE AUDITOR RALPH CAMPBELL, JR. STATE AUDITOR
More informationDRAFT. Informing the audit risk assessment for Cheshire Fire Authority. Year ending 31 March 2013 xx April 2013
Informing the audit risk assessment for Cheshire Fire Authority This version of the report is a draft. Its contents and subject matter remain under review and its contents may change and be expanded as
More informationMateriality and Audit Adjustments
Auditing Standard AUS 306 (June 2001) Materiality and Audit Adjustments Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation Issued by the Australian Accounting
More informationJohn Keel, CPA State Auditor. An Audit Report on The Dam Safety Program at the Commission on Environmental Quality. May 2008 Report No.
John Keel, CPA State Auditor An Audit Report on The Dam Safety Program at the Commission on Environmental Quality Report No. 08-032 An Audit Report on The Dam Safety Program at the Commission on Environmental
More informationBOARD OF GOVERNORS MEETING JUNE 25, 2014
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
More informationAudit, Risk and Compliance Committee Charter
1. Background Audit, Risk and Compliance Committee Charter The Audit, Risk and Compliance Committee is a Committee of the Board of Directors ( Board ) of Syrah Resources Limited (ACN 125 242 284) ( Syrah
More informationSouth East Water Corporation Finance Assurance and Risk Management Committee Charter
South East Water Corporation Finance Assurance and Risk Management Committee Charter Created: October 2012 Document number: BS 2359 Last reviewed: May 2015 1. Purpose The South East Water Corporation Board's
More information5/25/2011. Citizens Property Insurance Corporation:
Citizens Property Insurance Corporation: CAS Spring Meeting May 2011 1 Citizens Overview Citizens is a Florida State created, not for profit, tax exempt government entity established principally to provide
More informationAMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER
AMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER As adopted by the Board of Directors on December 9, 2013 The Board of Directors (the Board ) of American Airlines Group Inc. (the Company ) hereby sets
More informationEPA s Computer Security Self-Assessment Process Needs Improvement
OFFICE OF INSPECTOR GENERAL Catalyst for Improving the Environment Audit Report EPA s Computer Security Self-Assessment Process Needs Improvement Report No. 2003-P-00017 September 30, 2003 Report Contributors:
More informationDivision of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014
Official Audit Report Issued March 6, 2015 Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014 State House Room 230 Boston, MA 02133 auditor@sao.state.ma.us www.mass.gov/auditor
More informationInformation Commissioner's Office
Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft
More informationInforming the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013
Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council This version of the report is a draft. Its contents and subject matter remain under review and its contents
More informationVIRGINIA WORKERS COMPENSATION COMMISSION REPORT ON AUDIT FOR THE YEARS ENDED JUNE 30, 2006 AND JUNE 30, 2007
VIRGINIA WORKERS COMPENSATION COMMISSION REPORT ON AUDIT FOR THE YEARS ENDED JUNE 30, 2006 AND JUNE 30, 2007 AUDIT SUMMARY Our audit of the Virginia Workers Compensation Commission found: proper recording
More informationJuly 6, 2015. Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263
July 6, 2015 Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263 Re: Security Over Electronic Protected Health Information Report 2014-S-67
More informationTeachers Retirement Association. Financial Statement Audit. Year Ended June 30, 2009
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Teachers Retirement Association Financial Statement Audit Year Ended June 30, 2009 March 12, 2010 Report 10-07
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationJosephine Mathias. Kenneth J. Horowitz Phone: 609-586-4800 Ext. 3468 e-mail: horowitk@mccc.edu
ACC204 Auditing Administrative Outline Course Information Organization Mercer County Community College Course Number ACC204 Credits 3 Lecture/Lab 3/1 Catalog Description Investigation into and application
More informationAgency Board Meeting 28 July 2015
SEPA 22/15 Agency Board Meeting 28 July 2015 Report Number: SEPA 22/15 Audit Committee Annual Performance Report 2014-2015 Summary: Risks: Resource and Staffing Implications Equalities: Environmental and
More informationRisk Management: Coordinated activities to direct and control an organisation with regard to risk.
POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic
More informationHow To Manage Risk At Atb Financial
Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Regulatory risk is the risk of non-compliance with applicable regulatory requirements. For the
More informationSTATE OF ILLINOIS NORTHERN ILLINOIS UNIVERSITY ALUMNI ASSOCIATION REPORT REQUIRED UNDER GOVERNMENT AUDITING STANDARDS Year Ended June 30, 2008
STATE OF ILLINOIS NORTHERN ILLINOIS UNIVERSITY ALUMNI ASSOCIATION REPORT REQUIRED UNDER GOVERNMENT AUDITING STANDARDS Year Ended June 30, 2008 Performed as Special Assistant Auditors for the Auditor General,
More informationAugust 2006 Report No. 06-050
John Keel, CPA State Auditor An Audit Report on Construction Management at the Texas Tech University System Report No. 06-050 An Audit Report on Construction Management at the Texas Tech University System
More informationOctober 2008 Report No. 09-006
John Keel, CPA State Auditor An Audit Report on Performance Measures at the Board of Nursing Report No. 09-006 An Audit Report on Performance Measures at the Board of Nursing Overall Conclusion The Board
More informationThe Medicare and Medicaid EHR incentive
Feature The Meaningful Use Program: Auditing Challenges and Opportunities Your pathway to providing value By Phyllis Patrick, MBA, FACHE, CHC Meaningful Use is an area ripe for providing value through
More informationFinal. Internal Audit Report. Creditors System
Final Internal Audit Report Creditors System Document Details: Reference: 1.2 / 2014-15 Senior Manager, Internal Audit & Assurance: David Jenkins ext 6567 Date: 7 th January 2015 This report is not for
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine
More informationthe role of the head of internal audit in public service organisations 2010
the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public
More informationBradley University Credit Card Security Incident Response Team (Response Team)
Credit Card Security Incident Response Plan Bradley University has a thorough data security policy 1. To address credit cardholder security, the major card brands (Visa, MasterCard, American Express, Discover
More informationFEDERAL FAMILY EDUCATION LOAN PROGRAM (FFELP) SYSTEM
REPORT NO. 2015-007 AUGUST 2014 DEPARTMENT OF EDUCATION FEDERAL FAMILY EDUCATION LOAN PROGRAM (FFELP) SYSTEM Information Technology Operational Audit DEPARTMENT OF EDUCATION Pursuant to Article IX, Section
More informationFraud Risk Management Program Review
Office of the Chief Internal Auditor Fraud Risk Management Program Review South Carolina Department of Transportation s Implementation of a Fraud Risk Management Program CIA-FIN 09-001 December 3, 2009
More informationThe Compliance Universe
The Compliance Universe Principle 6.1 The board should ensure that the company complies with applicable laws and considers adherence to non-binding rules, codes and standards This practice note is intended
More informationNORTHERN MICHIGAN LAW ENFORCEMENT TRAINING GROUP AUDITED FINANCIAL STATEMENTS YEAR ENDED DECEMBER 31, 2009
NORTHERN MICHIGAN LAW ENFORCEMENT TRAINING GROUP AUDITED FINANCIAL STATEMENTS YEAR ENDED DECEMBER 31, 2009 NORTHERN MICHIGAN LAW ENFORCEMENT TRAINING GROUP TABLE OF CONTENTS Independent Auditor s Report...
More informationCOSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting
in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL
More informationFebruary 2015. Audit committee performance evaluation
February 2015 Audit committee performance evaluation Audit committee performance evaluation The following questionnaire is based on emerging and leading practices to assist in the self-assessment of an
More informationFIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE
FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE As amended, restated, and approved by the Boards of Directors on July 28, 2015 This Charter sets
More informationSUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT
SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT Bank of Guyana July 1, 2009 TABLE OF CONTENTS 1.0 Introduction 2.0 Management
More informationNORTH DAKOTA DAIRY PROMOTION COMMISSION SAINT PAUL, MINNESOTA Audit Report For the Two-Year Period Ended June 30, 2014
CLIENT CODE 123 CLIENT CODE 603 NORTH DAKOTA DAIRY PROMOTION COMMISSION SAINT PAUL, MINNESOTA Audit Report For the Two-Year Period Ended June 30, 2014 ROBERT R. PETERSON STATE AUDITOR LEGISLATIVE AUDIT
More informationSALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS. (Revised September 11, 2012)
I. STATEMENT OF POLICY SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS (Revised September 11, 2012) This Charter specifies the scope of the responsibilities of
More informationconducting an audit in accordance with Canadian generally accepted auditing standards.
ROBERTS,MARLOWE, JACKSON, JACKSON & ASSOCIATES {l~~ CHRISTOPHERJ. ROBERTS,CA CHARLES W. MARLOWE, CA WAYNE JACKSON, B.A.,CA GARY J. JACKSON, B.B.M.,CA 22 Stevenson Road South Oshawa, Ontario L1J 5L9 Oshawa
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationLegislative Audit Division State of Montana. Criminal Justice Information Network (CJIN)
Legislative Audit Division State of Montana November 2004 Report to the Legislature Information System Audit Criminal Justice Information Network (CJIN) Department of Justice This report contains the results
More informationDepartment of Homeland Security Office of Inspector General. Audit of Application Controls for FEMA's Individual Assistance Payment Application
Department of Homeland Security Office of Inspector General Audit of Application Controls for FEMA's Individual Assistance Payment Application OIG-09-104 September 2009 Table of Contents Objectives,
More informationBankcard Transaction Fees and Contract Management
A Report to the Montana Legisl ature Perform ance Audit Bankcard Transaction Fees and Contract Management Department of Administration June 2015 Legislative Audit Division 14P-04 Legislative Audit Committee
More informationOFFICE OF AUDITOR OF STATE
OFFICE OF AUDITOR OF STATE STATE OF IOWA State Capitol Building Des Moines, Iowa 50319-0004 David A. Vaudt, CPA Auditor of State Telephone (515) 281-5834 Facsimile (515) 242-6134 NEWS RELEASE Contact:
More informationAudit Report for South Lakeland District Council. People and Places Directorate Neighbourhood Services. Audit of Grounds Maintenance
Audit Report for South Lakeland District Council People and Places Directorate Neighbourhood Services Audit of Grounds Maintenance Cumbria Shared Internal Audit Service: Internal Audit Report 7 th November
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This
More informationACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER
ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER ORGANIZATION The Audit Committee is a committee of independent members of the Board of Directors. Its function is to assist the Board in fulfilling
More informationFDA 50-State Conference Call OIG Early Alert on FDA s Voluntary Food Recall Initiation Process. June 10, 2016 2:30 pm EDT
Page 1 FDA 50-State Conference Call OIG Early Alert on FDA s Voluntary Food Recall Initiation Process June 10, 2016 2:30 pm EDT Operator: Welcome and thank you for standing by. At this time, all lines
More informationCompany Information Management (CIM) Audit Report Report # 2/15 March 11, 2015
Distribution: Company Information Management (CIM) Audit Report Report # 2/15 March 11, 2015 To: President & CEO Senior Vice President & Chief Financial Officer Senior Vice President, Business Solutions
More informationRisk Management Advisory Services, LLC Capital markets audit and control
Risk Management Advisory Services, LLC Capital markets audit and control November 14, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C., 20006-2803
More informationDepartment of Homeland Security
for the Immigration and Customs Enforcement Component of the FY 2013 Department of Homeland Security s Financial Statement Audit OIG-14-85 April 2014 OFFICE OF INSPECTOR GENERAL Department of Homeland
More informationThe Certification and Accreditation of Computer Systems Should Remain in the Computer Security Material Weakness. August 2004
The Certification and Accreditation of Computer Systems Should Remain in the Computer Security Material Weakness August 2004 Reference Number: 2004-20-129 This report has cleared the Treasury Inspector
More informationAUDIT COMMITTEE BEST PRACTICES CHECKLIST
AUDIT COMMITTEE BEST PRACTICES CHECKLIST General 1. Members have the appropriate predefined qualifications to meet the objectives of the audit committee s charter, including appropriate financial literacy.
More informationOffice of Inspector General
Audit Report OIG-08-037 GENERAL MANAGEMENT: Office of Management Needs to Improve Its Monitoring of the Department s Audit Follow-up Process June 23, 2008 Office of Inspector General Department of the
More information