Coleg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10)
|
|
- Heather Eaton
- 8 years ago
- Views:
Transcription
1 Internal Audit Report 1 June 2010
2 Business Continuity Plan Test Post Implementation Review (PIR) CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations 5 Debrief meeting 28 April 2010 Draft report issued 19 May 2010 Responses received 1 June 2010 Final report issued 1 June 2010 Auditors Client sponsor Distribution Helen Cargill, IA Associate Director Stephen Temple, ISA Director Heather Wheatley, IA Manager Colin Alexander, ISA Manager Lisa Swanger, ISA Senior Consultant Lynda Roberts, Vice Principal Finance, Estates & Information Services Lynda Roberts, Vice Principal Finance, Estates & Information Services Robert Bates, Director of Estates & Facilities Audit Committee This review has been performed using RSM Tenon s bespoke internal audit methodology, i-ris. The matters raised in this report are only those which came to our attention during our internal audit work and are not necessarily a comprehensive statement of all the weaknesses that exist, or of all the improvements that may be required. Whilst every care has been taken to ensure that the information provided in this report is as accurate as possible, based on the information provided and documentation reviewed, no complete guarantee or warranty can be given with regard to the advice and information contained herein. Our work does not provide absolute assurance that material errors, loss or fraud do not exist. This report is prepared solely for the use of Board and senior management of Coleg Gwent. Details may be made available to specified external agencies, including external auditors, but otherwise the report should not be quoted or referred to in whole or in part without prior consent. No responsibility to any third party is accepted as the report has not been prepared, and is not intended for any other purpose RSM Tenon Limited RSM Tenon Limited is a member of RSM Tenon Group RSM Tenon Limited is an independent member firm of RSM International an affiliation of independent accounting and consulting firms. RSM International is the name given to a network of independent accounting and consulting firms each of which practices in its own right. RSM International does not exist in any jurisdiction as a separate legal entity. RSM Tenon Limited (No ) is registered in England and Wales. Registered Office 66 Chiltern Street, London W1U 4GB. England
3 1 Business Continuity Plan Test Post Implementation Review (PIR) 1 EXECUTIVE SUMMARY 1.1 INTRODUCTION This post implementation review of the recent business continuity test carried out in February 2010 was undertaken as part of the approved internal audit periodic plan for 2009/10. Coleg Gwent (the College ) comprises of five main campuses with approximately 1,400 members of staff and approximately 30,000 learners (including community based learners). The College has invested in the development of a robust yet flexible business continuity plan to help reduce the impact of a disaster at the college. However, the College recognises that this plan will only be effective and usable if sufficient testing demonstrates its operational success. During February 2010, the College engaged a third party, Zurich (insurance providers) to aid the planning and execution of a business continuity test. This consisted of a bespoke scenario posed to members of the Crisis Control and Management Team (CC&MT). The CC&MT then undertook an interactive desktop exercise to evaluate the plan. The specific risks considered as part of this review were: Inadequate testing procedure documentation is maintained; Tests are not planned on an appropriately regular basis; The test scenario is unrealistic and does not include appropriate representation of business areas and staff; The test is un-coordinated and responsibilities are not clearly assigned; Issues and lessons learned are not captured; Planned as well as unplanned events are not captured and reported upward adequately; and The BCP documentation is not updated in a timely manner to reflect the results of test exercises. These risks relate to the objective of providing assurance that the business continuity test was undertaken in an appropriate manner to ensure the business continuity plan is up to date and functioning as expected.
4 2 Business Continuity Plan Test Post Implementation Review (PIR) 1.2 CONCLUSION Taking account of the issues identified, in our opinion the Corporation can take substantial assurance that the testing processes upon which Coleg Gwent relies upon to aid management of the business continuity plan, as currently laid down and operated, are well designed and complied with. This assurance level has been formulated on the basis of conclusions drawn on the individual elements of effectiveness, design and application of controls in place: Substantial Adequate Limited Design of control framework Application of and compliance with control framework OVERALL OPINION X X X The above conclusions feeding into the overall assurance level are based on the evidence obtained during our review. A number of well-designed control procedures to ensure the adequate testing of the business continuity plan were found to be in place, in particular: Full test procedural documentation was maintained, which reduces the risk that the objectives of the test are not carried out therefore rendering the test ineffective; The test scenario developed was of a realistic nature. This reduces the risk that the scenario is not taken seriously and therefore lessons learnt are not productive; The test was co-ordinated and responsibilities were clearly assigned. This reduces the risk that the scenario is just a basis for a general discussion and is not structured enough to test the individuals involved; Lessons learnt were captured. This reduces the risk that the results from the test are not reflected in the business continuity plan therefore it could fail in a real life scenario at the same points it did during testing, therefore the benefit has not been realised; and Events are captured and reported upward appropriately. This reduces the risk that incidents which could affect the business continuity plan are not being incorporated into the plan thus it may not be effective should an incident occur. However, we did identify a number of areas where we consider that the control framework in operation over the testing arrangements of the business continuity plan could be improved, principally: Tests are not scheduled on a periodic basis. However we are pleased to note that it is the stated intention of the Director of Estates & Facilities to conduct annual testing. Unless the plan is formally tested on a regular basis, there is a risk that expected controls and processes do not function as intended, leading to an ineffective plan as potential failures are unknown; Staff representation was limited to the members of the Crisis Control and Management Team (CC&MT). However we are pleased to note that it is the intention of the Director of Estates & Facilities to expand testing going forward to include a wider range of staff. Unless a wide range of CC&MT and general staff are involved in the business continuity testing, there is potential risk that operational inconsistencies or errors are not flagged up and not all staff are aware of the College s business continuity arrangements; and
5 3 Business Continuity Plan Test Post Implementation Review (PIR) Business continuity documentation is not updated in a timely manner to reflect the results of testing. Unless business continuity documentation is updated in a timely manner, an incident could occur which does not benefit from the lessons learnt during the test. 1.3 SCOPE OF THE REVIEW The objective of our review was to evaluate the adequacy of risk management and control of the recent business continuity plan test, and the extent to which controls have been applied, with a view to providing an opinion. Control activities are put in place to ensure that risks to the achievement of the organisation s objectives are managed effectively. Control activities relied upon: Test Documentation; Communication; Change Control; Planned and Unplanned Events; and Incident Management. Limitations to the scope of the review: The review focused on the most recent business continuity test undertaken (February 2010); and This review did not re-perform the test or examine the adequacy or otherwise of individual business continuity plans including the IT disaster recovery input. The approach taken for this review tested key controls only and included the following: Our work was undertaken through discussion with nominated staff and a high level review of documentation; Detailed testing was not undertaken; and Reviewing the adequacy and application of the controls in place to mitigate the risks.
6 4 Business Continuity Plan Test Post Implementation Review (PIR) 1.4 RECOMMENDATIONS SUMMARY The following table highlights the number and categories of recommendations made. The Action Plan at Section 2 details the specific recommendations made as well as agreed management actions to implement them. Recommendations made during this review: Risk Fundamental Significant Merits Attention Inadequate testing procedure documentation is maintained Tests are not planned on a regular basis The test scenario is unrealistic and does not include appropriate representation of business areas and staff. The test is un-coordinated and responsibilities are not clearly assigned. Issues and lessons learned are not captured. Planned and unplanned events are not captured and reported upward adequately. The BCP documentation is not updated in a timely manner to reflect the results of test exercises Total 0 0 3
7 5 2 ACTION PLAN The priority of the recommendations made is as follows: Fundamental Significant Merits Attention Action is imperative to ensure that the objective for the area under review is met Requires action to avoid exposure to significant risk in achieving the objective for the area under review. Action is advised to enhance control or improve operational efficiency Ref Recommendation Categorisation Accepted (Y/N) Management Comment Implementation Date Manager Responsible 2.1 Management should ensure that business continuity testing is undertaken on a regular basis (at least annually). Furthermore, the requirement to test and a schedule of testing should be documented within the business continuity plan. Merits Attention Y The College BCP was completed in September 2009 and the first test of the Plan was scheduled in February As noted in your review, annual tests of the Plan were anticipated although not formally stated in the document. The Director, Estates & Facilities would therefore have ensured that such tests were undertaken in the future at those intervals. However, test arrangements are now confirmed in the latest revision of the BCP. May 2010 Director, Estates & Facilities 3.2 Management should ensure that future testing considers the need to involve all staff within the Crisis Control and Management Team (CC&MT) function and staff outside of it. Merits Attention Y As noted in the Review it was / is the College s intention to involve all CC&MT colleagues in the BCP test and this will be undertaken over future tests of the Plan. However it is May 2012 Director, Estates & Facilities
8 6 Ref Recommendation Categorisation Accepted (Y/N) Management Comment Implementation Date Manager Responsible recognised by the College that to involve all of the CC&MT on every test is neither necessary nor practicable and indeed may lessen the realism of a test situation. The requirements for involvement of all CC&MT members however are now recorded in the revised BCP. 7.1 Management should document within the business continuity plan, a full test process. This should include the expected and accepted timescales within which the plan should be updated following a test. Merits Attention Y It is anticipated that the BCP will be updated regularly and at maximum twelve monthly intervals and in any case following a test scenario, in order to reflect any actions / recommendations / lessons learnt from the test. The latest revision of the BCP records that the updating should be completed within eight weeks following any such test. May 2010 Director, Estates & Facilities
9 7 3 FINDINGS AND RECOMMENDATIONS Controls (actual and/or missing) Adequate Design (yes/no) Test Result / Implications Recommendation Categorisation Risk 1: Inadequate testing procedure documentation is maintained. 1.1 Full test procedural documentation was maintained. Yes Full test procedural documentation was found to be in place. Documentation observed included: Meeting notes/ s between the College and Zurich developing the test procedure; The original proposal from Zurich detailing a proposed test procedure; and The test presentation provided by Zurich, which led the participants through the actual scenario. The procedure documentation was confirmed as being followed in practice by a sample of four members of the CC&MT.
10 8 Controls (actual and/or missing) Adequate Design (yes/no) Test Result / Implications Recommendation Categorisation Risk 2: Tests are not planned on an appropriately regular basis. 2.1 Tests are not planned and preformed on a regular basis. Furthermore, the business continuity plan itself does not include reference to the need to test the plan regularly. However we are pleased to note that it is the stated intention of the Director of Estates & Facilities to conduct annual testing. No Unless the plan is formally tested on a regular basis, there is a risk that expected controls and processes do not function as intended, leading to an ineffective plan as potential failures are unknown. Management should ensure that business continuity testing is undertaken on a regular basis (at least annually). The requirement to test and a schedule of testing should be documented within the business continuity plan. Merits Attention Risk 3: The test scenario is unrealistic and does not include appropriate representation of business areas and staff. 3.1 The test scenario developed was of a realistic nature. The test scenario was developed by the College in conjunction with Zurich. The test was centred on a fire in the server room at the Cross Keys campus. This was based on a real event that occurred at Westminster University in Yes The test procedure documentation details the fire scenario at Cross Keys. This was confirmed with a sample of four members of the CC&MT who all advised this was the scenario used.
11 9 Controls (actual and/or missing) Adequate Design (yes/no) Test Result / Implications Recommendation Categorisation 3.2 Staff representation was limited to the members of the Crisis Control and Management Team (CC&MT). However we are pleased to note that it is the intention of the Director of Estates & Facilities to expand testing going forward to include a wider range of staff. No Unless a wide range of CC&MT and general staff are involved in the business continuity testing, there is potential risk that operational inconsistencies or errors are not flagged up and not all staff are aware of the College s business continuity arrangements. Management should ensure that future testing considers the need to involve all staff within the CC&MT function and staff outside of it. Merits Attention Risk 4: The test is un-coordinated and responsibilities are not clearly assigned. 4.1 The test was co-ordinated by the Zurich representative and responsibilities within the College were clearly assigned. Yes A sample of four staff involved in the test all confirmed that they were clear on their roles within the test. Furthermore, the test utilised an action plan proforma. This captured the actions taken throughout the test and this included staff initials, thereby demonstrating assigned responsibilities. Risk 5: Issues and lessons learned are not captured. 5.1 Lessons Learnt were captured in the form of an 'Issues Board' which was later developed into a lessons leant spreadsheet by the Director of Estates & Facilities. Yes Evidence of the Issues Board, development into a lesson learnt log and the completed log were observed. A sample of four staff involved in the test were interviewed and confirmed their participation in developing the lessons learnt log during the test period.
12 10 Controls (actual and/or missing) Adequate Design (yes/no) Test Result / Implications Recommendation Categorisation Risk 6: Planned as well as unplanned events are not captured and reported upward adequately. 6.1 Events are captured and reported upward appropriately. There are Health and Safety Officer's at each campus who record all incidents that occur. These are reported into the campus Health and Safety Committee and then the Headquarters Health and Safety Committee. Through this reporting process any points of significance are fed into the business continuity plan via the monthly Estates meeting that the College Health and Safety Manager attends. Furthermore, the plan was tested by a recent snow incident which caused the closure of a number of campuses. The Director of Marketing and Communications and the Director of Estates & Facilities drafted a lessons learnt report which details the updates required to the business continuity plan. Yes Incident pro-formas, reports and associated meeting minutes confirmed the capture and reporting of incidents to the Director of Estates & Facilities.
13 11 Controls (actual and/or missing) Adequate Design (yes/no) Test Result / Implications Recommendation Categorisation Risk 7: The BCP documentation is not updated in a timely manner to reflect the results of test exercises. 7.1 Business continuity documentation is not updated in a timely manner to reflect the results of testing. No Unless business continuity documentation is updated in a timely manner, an incident could occur which does not benefit from the lessons learnt during the test. Management should document within the business continuity plan, a full test process. Merits Attention The test took place on the 8th of February 2010 and the plan is expected to be updated by the middle of May This is approximately 3 months from the date of the test. This could mean that the plan fails at the same points previously identified. However in a real-life scenario this could delay the resumption of service provision. This should include the expected and accepted timescales within which the plan should be updated following a test.
The Learning Zone - Project Management Arrangements
Coleg Gwent Internal Audit Report () 6 June 2012 Overall Opinion The Learning Zone - Project Management Arrangements CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations
More informationEssex Fire Authority. Fleet Management. Internal Audit Report (4.12/13) 28 February 2013 FINAL. Overall Opinion
Essex Fire Authority Fleet Management Internal Audit Report (4.12/13) 28 February 2013 FINAL Overall Opinion Essex Fire Authority Fleet Management 4.12/13 CONTENTS Section Page Executive Summary 1 Action
More informationEssex Fire Authority
Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013
More informationCheshire Fire Authority
Cheshire Fire Authority Internal Plan 2013/2014 Presented at the Cheshire Fire Authority meeting of: 17 April 2013 Lisa Randall Head of Internal 1 INTRODUCTION This document sets out the approach we have
More informationColeg Gwent. Wireless Audit. Internal Audit Report (2.10/11) 23 May 2011. Overall Opinion: Amber Green
Coleg Gwent Wireless Audit Internal Audit Report (2.10/11) 23 May 2011 Overall Opinion: Amber Green Coleg Gwent CONTENTS Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 10 Debrief
More informationESSEX FIRE AUTHORITY. Internal Audit Progress Report. Audit Sub-Committee Meeting: April 2012
ESSEX FIRE AUTHORITY Internal Audit Progress Report Audit Sub-Committee Meeting: April Essex Fire Authority CONTENTS Section Page 1 Introduction 1 2 Final reports 1 3 Key Findings from Internal Audit Work
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationColeg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:
Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management Assurance Rating: Distribution List: Final Report Audit Committee Principal Vice Principal, (Resources and Financial Planning)/Director
More informationPolice and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary
Avon and Somerset Constabulary Traffic Accidents Internal Audit Report (10.12/13) 12 February 2013 Overall Opinion: Amber/Green CONTENTS Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations
More informationDacorum Borough Council Final Internal Audit Report
Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service
More informationAudit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction
Audit Committee, 13 March 2013 Internal Audit Report Project Management Executive summary and recommendations Introduction Mazars has undertaken a review of the arrangements for project management in accordance
More informationAppendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15
Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13
More informationInternal Audit Report Disaster Recovery / Business Continuity Planning
Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,
More informationSOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011
SOUTH NORTHAMPTONSHIRE COUNCIL 11/31 ICT Capacity Management FINAL REPORT June 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07,
More informationIT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS
NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor
More informationReport 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010
Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set
More informationOffice of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary
Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Internal Audit Report () FINAL Risk Management: Follow Up of Previous Internal Audit Recommendations
More informationINTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY)
2008/09 SUMMARY Location Subject Business Sponsor Staff engaged Coleg Gwent Information Technology (Business Continuity) Lynda Roberts Sue Harris Head of Internal Audit Gaynor Rains Manager David Bratt
More informationItem 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010
Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page
More informationSCRUTINY COMMITTEE ITEM 04 28 MARCH 2012
SCRUTINY COMMITTEE ITEM 04 28 MARCH 2012 INTERNAL AUDIT PLAN Report of the: Director of Finance Contact: John Turnbull or Gillian McTaggart Urgent Decision?(yes/no) No If yes, reason urgent decision required:
More informationInternal Audit Report Project Management
Audit Committee, 20 Internal Audit Report Project Management Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14 Mazars have undertaken a review of arrangements
More informationColeg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:
Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation
More informationIT Assurance - Business Continuity and Disaster Recovery
Audit Summary Report October 2006 PAPER D IT Assurance - Business Continuity and Disaster Recovery Audit 2006/2007 Paper D - 1 External audit is an essential element in the process of accountability for
More informationGLASGOW LIFE Review of Business Continuity Planning. Final Report
Final Report INTERNAL AUDIT September 2011 Glasgow City Council Internal Audit 1 Table of Contents Section No Section Title 1 Introduction and Background 2 Audit Remit 3 Audit Opinion 4 Conclusions 5 Recommendations
More informationGlasgow Life Risk Management & Business Continuity Planning. Final Report
Glasgow Life Risk Management & Business Continuity Planning Final Report INTERNAL AUDIT October 2014 Glasgow City Council Internal Audit 1 Glasgow Life Risk Management & Business Continuity Planning Table
More informationBusiness Continuity Business Impact Analysis arrangements
Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationAberdeen City Council IT Disaster Recovery
Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationDIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Appendix 1b REVIEW OF CHEQUE HANDLING PROCESS
DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Appendix 1b REVIEW OF CHEQUE HANDLING PROCESS DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Report Distribution List
More informationReview of DBS Data Retention Policy
Review of DBS Data Retention Policy October 2015 Contents Distribution of Report... 3 EXECUTIVE SUMMARY... 4 Key Observations and Recommendations... 4 DETAILED FINDINGS: DATA RETENTION POLICY REVIEW...
More informationColeg Gwent Internal Audit Report 2012/13 Payroll and HR. Assurance Rating: Payroll
Coleg Gwent Internal Audit Report 2012/13 Payroll and HR Assurance Rating: Payroll HR Distribution List: Final Report Audit Committee Principal Vice Principal, (Finance, Estates and Information Services)
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationModule 7 Study Guide
Module 7 Study Guide Change Evaluation Welcome to your Study Guide. This document is supplementary to the information available to you online, and should be used in conjunction with the videos, quizzes
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationAberdeen City Council
Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 26/10/2015 HSCIC Audit of Data Sharing
More informationDIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF THE IT STRATEGY AND IMPLEMENTATION CONTROL FRAMEWORK
Appendix 1b DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF THE IT STRATEGY AND IMPLEMENTATION CONTROL FRAMEWORK DISTRIBUTION LIST Audit Team Steve Hutton, Head of
More informationAudit Quality Thematic Review
Thematic Review Professional discipline Financial Reporting Council December 2014 Audit Quality Thematic Review The audit of loan loss provisions and related IT controls in banks and building societies
More informationCambridgeshire and Peterborough Fire Authority. Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014
Cambridgeshire and Peterborough Fire Authority Internal Audit Progress Report Overview & Scrutiny Committee meeting 16 October 2014 Cambridgeshire & Peterborough Fire Authority 1 Introduction This report
More informationREVIEW OF THE FIREWALL ARRANGEMENTS
WEST DORSET DISTRICT COUNCIL REVIEW OF THE FIREWALL ARRANGEMENTS Report issued: December 2007 The matters raised in this report are only those, which came to the attention of the auditor during the course
More informationAPPENDIX C. Internal Audit Report South Holland District Council Project Management
APPENDIX C Internal Audit Report South Holland District Council Project Management Date: 20th December 2012 Contents Introduction and Scope 1 Executive Summary Assurance Opinion Key Messages 2 3 Management
More informationLFRS Business Continuity Planning
LFRS Business Continuity Planning 1.1 INTRODUCTION The LFRS Business Continuity Plan provides a framework for the activation, allocation and deployment of Lancashire Fire and Rescue Services resources
More informationESSEX FIRE AUTHORITY Essex County Fire & Rescue Service
ESSEX FIRE AUTHORITY Essex County Fire & Rescue Service MEETING Essex Fire Authority AGENDA ITEM 14 MEETING DATE 5 September 2012 REPORT NUMBER SUBJECT REPORT BY Risk and Business Continuity Department
More informationCENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT
Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning
More informationDraft Internal Audit Report Software Licensing Audit. December 2009
Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement
More informationCompliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationINTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION CONTENTS
INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of this
More informationConsultation Response
Consultation Response PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS PCAOB Rulemaking Docket Matter No.
More informationExternal Audit Reviews. Report by Director of Finance
THE HIGHLAND COUNCIL AUDIT AND STANDARDS COMMITTEE 4 DECEMBER 2003 Agenda Item Report No External Audit Reviews Report by Director of Finance SUMMARY The pages that follow contain a report from the Council's
More informationGuideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010
Public Record Office Victoria PROS 10/10 Strategic Management Guideline 5 Records Management Strategy Version Number: 1.0 Issue Date: 19/07/2010 Expiry Date: 19/07/2015 State of Victoria 2010 Version 1.0
More information1.1 Terms of Reference Y P N Comments/Areas for Improvement
1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational
More informationINSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES
SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting
More informationAvon & Somerset Police Authority
Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:
More informationCumbria Constabulary. Business Continuity Planning
Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market
More informationRecords Management plan
Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationNHS Dorset Clinical Commissioning Group. Internal Audit Annual Report 2014/15. May 2015
Internal Audit Annual Report 2014/15 May 2015 Internal Audit Annual Report INTRODUCTION This is the 2014/15 Annual Report by TIAA on the internal control environment at Dorset Clinical Commissioning Group.
More informationNational Occupational Standards. Compliance
National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements
More informationSteve Turpie, Chair of Audit Committee David Swales, Assistant Director of Finance
PRESENTED BY: PREPARED BY: DATE PREPARED: 27 June 2013 1 Background 1.1 The Audit Committee of West Suffolk NHS Foundation Trust is established under Board delegation with approved Terms of Reference that
More informationFINAL. Internal Audit Report. Data Centre Operations and Security
FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement
More informationReport 6c. Final Internal Audit Report Network and Communications. April 2008
Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results
More informationNHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationInternal audit report Information Security / Data Protection review
Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationDIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA
Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF CORPORATE GOVERNANCE, STRATEGIC PLANNING AND PERFORMANCE FRAMEWORKS INTEGRATING NEW AREAS OF GLA BUSINESS
More informationInterim Audit Report. Borough of Broxbourne Audit 2010/11
Interim Audit Report Borough of Broxbourne Audit 2010/11 The Audit Commission is an independent watchdog, driving economy, efficiency and effectiveness in local public services to deliver better outcomes
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationTeam Business Continuity Plan Guide
Team Business Continuity Plan Guide Contents Introduction 1.0 Functional Analysis of your Team 2.0 Business Continuity Risk Assessment 3.0 Team Network of Contacts 4.0 Incident Log Sheet 5.0 Record of
More informationAberdeen City Council IT Governance
Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or
More informationInformation Services IT Security Policies B. Business continuity management and planning
Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary
More informationTrust Operational Policy. Information Security Department. Third Party Remote Access Policy
Trust Operational Policy Information Security Department Policy Reference: 3631 Document Control Document Title Author/Contact Document Reference 3631 Pauline Nordoff-Tate, Information Assurance Manager
More informationBusiness Continuity Business Continuity Management Policy
Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version
More informationBusiness Continuity Plan
Business Continuity Plan IMMEDIATE ACTIONS Manager/Supervisor 1. Ensure emergency services contacted 2. Ensure safety of personnel 3. Co-ordinate with the emergency services 4. Contact Senior members of
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More information39 GB Guidance for the Development of Business Continuity Plans
39 GB Guidance for the Development of Business Continuity Plans Policy number: Version 2.2 Approved by Name of author/originator Owner (director) 39 GB Executive Committee Date of approval August 2014
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
More informationSubject: Internal Audit of Information Technology Disaster Recovery Plan
RIVERSIDE: AUDIT & ADVISORY SERVICES June 30, 2009 To: Charles Rowley, Associate Vice Chancellor Computing & Communications Subject: Internal Audit of Information Technology Disaster Recovery Plan Ref:
More informationInformation Commissioner's Office
Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationAppenidx 1a. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF HOUSING COMPLIANCE AUDIT PROGRAMME
Appenidx 1a DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF HOUSING COMPLIANCE AUDIT PROGRAMME DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance
More informationOxford City Council Managing Capital Projects
www.pwc.co.uk Internal Audit Report 2014/2015 August 2015 Oxford City Council Managing Capital Projects Table of Contents 1. Executive Summary... 3 2. Background and scope... 5 3. Detailed findings...
More informationBUSINESS CONTINUITY STRATEGY
BUSINESS CONTINUITY STRATEGY January 2009 CONTENTS Page BACKGROUND 1 OVERVIEW 1 AIM AND OBJECTIVES 1 CORE BUSINESS OF THE COUNCIL 2 ORGANISATION STRUCTURE 2 RISK IDENTIFICATION AND MITIGATION STRATEGIES
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationMerrycon s Approach to Business Continuity Management
Merrycon s Approach to Business Continuity Management Business Continuity is a management discipline that provides a framework for an organisation to build resilience, providing the capability for an effective
More informationProject, Programme and Portfolio Management Delivery Plan 6
Report title Agenda item Project, Programme and Portfolio Management Delivery Plan 6 Meeting Performance Management and Community Safety Panel 27 April 2009 Date Report by Document number Head of Strategy
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationSCHEDULE 25. Business Continuity
SCHEDULE 25 Business Continuity 1. Scope 1.1 This schedule covers TfL s requirements in respect of: any circumstance or event which renders, or which TfL considers likely to render, it necessary or desirable
More informationMidsize Enterprise Summit Business Continuity Questions
Select Q&A, D. Scott, F. DeSalvo Research Note 6 February 2003 Midsize Enterprise Summit Business Continuity Questions Current events have created a new awareness of the importance of business continuity
More informationGuidance for the Operation of the Emergency Mass Text Procedure
Guidance for the Operation of the Emergency Mass Text Procedure 1 Contents Page No. 1. Introduction 3 2. Definitions 3 3. Responsibilities and Authorisations 3 4. Circumstances of Use 6 5. Initiating an
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationQuality Impact Assessment. Executive summary
Report to Public Trust Board 28 th February 2013 Title Sponsoring Executive Director Author(s) Purpose Previously considered by Quality Impact Assessment Director of Quality and Safety/ Chief Nurse Director
More informationInforming the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013
Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council This version of the report is a draft. Its contents and subject matter remain under review and its contents
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationINTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS CONTENTS
INTERNATIONAL STANDARD ON 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Introduction
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More information