Submitted by: Christopher Mead, Director, Department of Information Technology
|
|
- Shannon Rodgers
- 8 years ago
- Views:
Transcription
1 Office of the City Manager INFORMATION CALENDAR March 21, 2006 To: From: Honorable Mayor and Members of the City Council Phil Kamlarz, City Manager Submitted by: Christopher Mead, Director, Department of Information Technology Subject: Update: Implementation of FUND$ Change Management Audit Recommendations (CF 27-05) SUMMARY In response to a request by the Director of Information Technology (IT) and the City Manager, in FY03 the City Auditor conducted an Information Systems FUND$ Change Management Audit. The purpose of the audit was to determine whether program change controls over the City s financial system, FUND$, were adequate and if programming best practices were being observed. The Audit findings and recommendations were presented to Council on May 4, 2004 and a progress report was presented to Council on December 14, 2004 (CF 69-04) and June 28, 2005 (CF 27-05). In the intervening time, the Department of Information Technology has made significant progress in implementing the audit recommendations. Out of the 23 recommendations, 9 are implemented, 6 partially implemented, and 8 not implemented. This update is meant to keep Council informed of our progress. CURRENT SITUATION AND ITS EFFECTS The following reports on progress regarding each audit finding. BACKGROUND The Department of Information Technology is responsible for maintaining and supporting the City s financial system, commonly known as FUND$. The May 4, 2004 audit raises many valid points regarding formalized methods, software maintenance record keeping and management participation in decisions to modify existing software or create new software. The Department of Information Technology has conducted a thorough review of existing practices, carefully considered the audit recommendations and taken a pragmatic approach to implementing more formalized methods that will reduce the City s exposure to damage due to either inadvertent or malicious software failure. In addition, all requests for software development, acquisition or enhancement are carefully considered in context to the return on investment and the organizational needs of the City Milvia Street, Berkeley, CA Tel: (510) TDD: (510) Fax: (510) manager@ci.berkeley.ca.us Website:
2 Update: Implementation of FUND$ INFORMATION CALENDAR Change Management Audit Recommendations March 21, 2006 POSSIBLE FUTURE ACTION The Department of Information Technology continues to refine its software maintenance procedures and to pursue the acquisition of software to facilitate and enforce those policies. Another progress report will be delivered to Council no later than February 13, FISCAL IMPACTS OF POSSIBLE FUTURE ACTION The current estimate for obtaining change management software is $15,000 - $25,000 (General Fund) for the initial purchase and a recurring software support cost of $1,500 - $2,500. If additional staff is added to facilitate the division of duties recommended, an additional $162,000 - $202,000 per year will be required. CONTACT PERSON Keith Skinner, Supervising Systems Analyst, Department of Information Technology Attachments: 1: Implementation of FUND$ Change Management Audit Recommendations March 21, 2006 Page 2
3 Implementation of FUND$ Change Management Audit Recommendations March 21, 2006 Finding 1: No formal written policies and procedures for implementing program changes to FUND$. Recommendation 1: 1.0 Develop formal written policies and procedures for implementing program changes to FUND$. The procedures should cover the processes of approving change requests, implementing a test and production environment, user testing, documenting results, reviewing results, migrating changes, and handling emergencies. 1.0 Partially implemented. A new version of the DoIT Service Request system is currently in beta testing and incorporates, among other things, a change control approval and tracking mechanism. This new version will be put in production by April 30, During the most recent HTE upgrade (Oct. 2005), test plan templates were distributed to all module leaders along with instructions for the types of tests to perform. Finding 2: Lack of segregation of functions and duties. Recommendation 2: 2.1 A programmer who modifies programs should not have access to production files and data. This is a preventive measure to mitigate the risk of unauthorized modifications that threaten application and data integrity. IT should develop a long-term plan to expand resources in the Application Development Division by either adding staff, implementing a policy of job rotation, or cross training to segregate incompatible functions as well as to reduce reliance on one single individual for performing critical tasks in the change process. 2.2 Access to production by the programmers should be restricted and subject to supervisory review and approval. 2.3 Require programmers to log and document program changes using a standardized format to facilitate ease of review and monitoring by the manager. When managerial review cannot be performed, peer review among the programmers should be in place. The bottom line is that all program changes should be subject to some form of review. 2.4 Consider installing a change control software package to facilitate the change process and to reduce reliance on human efforts. Page 1
4 2.1 to 2.4 Not Implemented. IT will be including a request for funding of a change controls system in their FY budget. Properly implementing this class of software should address all the risks identified in Recommendation 2 above. Once funding is secured, it is anticipated that the software will be selected and implemented by January Finding 3: Inadequate controls over H.T.E. s remote access to FUND$. Recommendation 3: 3.1 Change H.T.E. account passwords at least every three months. 3.2 Periodically review the access log. Work with H.T.E. to ensure that information reflected on the access log is accurate and complete. 3.3 Develop and formalize procedures to improve controls over vendor remote access. The procedures should provide an auditable and internally controlled method of granting access to the vendor and monitoring vendor activities. 3.4 Consider requiring City staff to notify Finance and IT and to explain the problems needing support prior to contacting H.T.E. 3.5 IT should consider negotiating with H.T.E. to restrict H.T.E. s access to the test machine. IT should also consider limiting H.T.E. s access to the production machine to emergencies only. 3.1 Implemented March Implemented August Not implemented. The change control software mentioned in the response to Recommendation 2, above, will also provide the ability to better monitor HTE activity. The software will log all changes made to software and, optionally, can be configured to disallow changes unless specifically approved by IT. The software, assuming funding is secured, will be implemented by January Implemented Sept This matter was discussed at the last two module leader meetings and both IT and Finance will continue to reinforce the importance of this notification. 3.5 Not implemented. The proposed change management software mentioned in Recommendations 2 and 3 above would help to address this issue by providing an audit trail that could be reviewed by IT at any time. The recommendation that HTE be confined only to the test environment is not practical. It would seriously impact service delivery, particularly to critical functions such as payroll and general ledger processing. Page 2
5 Finding 4: Not all FUND$ related service requests are formally logged or documented. Recommendation 4: 4.1 Since the service request tracking system provides a consistent mechanism for tracking service requests, the Application Development Division should require departments to enter all FUND$ service requests in the system. The electronic service request should serve as a base document for user initiated program changes requiring in-house support. No user initiated program change should be implemented without an authorized service request. 4.2 Consider enhancing the service request tracking system so that it can be accessed directly and used by management in IT and Finance to manage and to analyze FUND$ related requests or problems. 4.3 Management should analyze patterns in end user complaints and requests and discuss them with the vendor on a regular basis. 4.1 Partially implemented. A project request component has been added to the DoIT service request system but the full approval and tracking functionality has yet to be added. As mentioned in the response to Recommendation 1, this will be implemented by April 30, Partially implemented. All users in all departments will be able to view all service requests for their department with the new version of the service request system. IT will provide Finance with a report of all open and pending service requests for all departments at the monthly IT/Finance meeting. This will be implemented along with the new version of the service request system on April 30, Implemented. IT has taken the lead in coordinating user enhancement requests, coordinating group training and alerting all module leaders to important HTE announcements. In addition, IT management has a monthly conference call with the HTE Director of Customer Support to discuss difficult issues that have not been resolved. Finding 5: FUND$ modules continue to not have module leaders. Recommendation 5: 5.1 The City Manager, Human Resources, Finance and IT together should perform a final review of the A.R. on Application Experts. Once the review is completed, the updated A.R. should be issued and distributed to City staff. 5.2 Direct the user department directors to officially designate a qualified Application Expert for each FUND$ module. 5.3 Direct the Application Experts to coordinate with the users to develop a screen operation manual for each FUND$ module. The responsible Application Expert should also update the manual regularly as changes occur. The manual will serve as a Page 3
6 quick reference for the day-to-day module operation. In addition, the process of compiling a manual will help the module leaders become familiar with the FUND$ modules to which they are assigned. 5.4 When substantial technical changes are made to FUND$, IT should provide application experts with appropriate training as needed. 5.1 Partially implemented. IT, Finance and HR are still working out the policy issues associated with the implementation of the A.R. The new target date for implementation is December 31, Not implemented. The memo to the department directors will be issued, as soon as the Application Expert A.R. has been issued, by December, Implemented Sept IT meets with the Application Experts on a quarterly basis and has encouraged them to document their process fully. In addition, IT has provided several resources, such as templates, to help the Application Experts with that task. 5.4 Implemented Sept IT provides Application Experts with extensive information about the upgrade, analyses by the programming staff regarding changes and how they affect each module and self-paced training presentations that cover all new changes. In addition, IT coordinated a number of training sessions offered by HTE to make users aware of changes in the last upgrade. Finally, IT has prepared and coordinated users for attending the regional and national user conferences which thoroughly cover planned changes to the software. Finding 6: Concerns with FUND$ version upgrade. Recommendation 6: 6.1 The Application Development Division should develop an action plan that clearly defines the methodology for implementing software upgrades. The plan should lay out critical deadlines and available resources that are needed during an upgrade. Conflicts that cannot be resolved by the departments should be referred to the planning group for resolution. 6.2 IT should consider including in the service support agreement a provision requiring H.T.E. to provide complete documentation of their changes and to be responsible for timely correcting problems resulting from incomplete documentation. 6.3 IT should reduce the number of custom programs by eliminating programs that are obsolete or not used. 6.4 Since recurring costs and efforts are required to maintain custom programs, a cost and benefit justification should be required for all program change requests submitted by user departments. When a reasonable justification cannot be provided, IT should retain the right to deny the request. Page 4
7 6.1 Implemented. IT had formalized the procedures for implementing software upgrades. Testing and training templates were developed by IT for the Application Experts and will be distributed to them when they are appointed following the publication of the Application Experts AR see Not implemented. IT agrees with the finding and recommendation. IT will discuss this option with H.T.E. when the next service support agreement is executed in Implemented. Eliminating customized programs is now a standard part of the upgrade process. All modifications are reviewed to determine when they were last used. Anything that has not been used for two years or more is archived and retired. IT also carefully reviews all new features of the upgrade to determine if they supercede modifications done by COB. 6.4 Partially implemented. IT carefully reviews each request and evaluates the impact of each on our overall system support workload. This approval process will be formalized in the online request system (DoIT) by April 30, 2006 Finding 7: Project management methodology and IT governance are not formalized. Recommendation 7: 7.1 An executive policy group should be formed to align IT resources with the City s mission, strategies, and priorities. The City Manager should delegate to the executive policy group the authority to recommend to the City Manager, on behalf of the Deputy City Manager and department directors, how IT resources should be allocated. This group should be convened and staffed by the City Manager. Other sub-committees, established to deal with specific system issues or needs, could include the existing Financial Software Policy Committee s current charge governing major new financial application deployment. The sub-committees should report in writing to the governance group. These groups should actively work on ongoing improvements to the City s systems and technical issues, including training needs. 7.2 The draft IT Master Plan should undergo a thorough review process by the appropriate group. After recommended changes have been considered and incorporated, as appropriate, the IT Master Plan should undergo final review and approval by the City s policy group and the City Manager. 7.1 Implemented. The Technology Governance Group meets every 2 weeks and has been reviewing and prioritizing major IT projects and IT policies. 7.2 Partially Implemented. The Master Plan will be submitted to the City Manager for review. IT will revise the plan to reflect changes in technology and the needs of the City, in cooperation with the Technology Governance Group, on an annual basis. The next update will be prepared by December Page 5
Customer Service Cash Receipts/Cash Handling Audit Status Report (CF63-04)
Office of the City Manager To: From: Submitted by: Subject: Honorable Mayor and Members of the City Council Phil Kamlarz, City Manager Fran David, Director, Finance Department Customer Service Cash Receipts/Cash
More informationHonorable Mayor and Members of the City Council. Submitted by: David W. Hodgkins, Director, Human Resources
Office of the City Manager November 9, 2010 To: From: Honorable Mayor and Members of the City Council Phil Kamlarz, City Manager Submitted by: David W. Hodgkins, Director, Human Resources Subject: Audit
More informationDepartment of Information Technology Software Change Control Audit - Mainframe Systems Final Report
Department of Information Technology Software Change Control Audit - Mainframe Systems Final Report March 2007 promoting efficient & effective local government Introduction Software change involves modifications
More informationPatrice Randle, City Auditor Craig Terrell, Assistant City Auditor. Group Health Fund Follow-Up Audit April 2012
Patrice Randle, City Auditor Craig Terrell, Assistant City Auditor Group Health Fund Follow-Up Audit April 2012 Group Health Fund Follow-Up Audit Table of Contents Page Executive Summary...1 Audit Scope
More informationSUPPLEMENTAL AGENDA MATERIAL. Item Description: Fee Assessment State of California Self-Insurance Fund (Workers Compensation Program)
Office of the City Manager SUPPLEMENTAL AGENDA MATERIAL Meeting Date: December 7, 2010 Item Number: 11 Item Description: Fee Assessment State of California Self-Insurance Fund (Workers Compensation Program)
More informationMETRO REGIONAL GOVERNMENT Records Retention Schedule
Program: Administration IS Administration provides strategic planning, direction, and central management oversight of the Information Services that includes the following programs: Desktop Support Services,
More informationhi Information Technologies Change Management Standard
hi Information Technologies Change Management Standard Classification Service Delivery Standard # SVD-002 Approval Authority Chief Information Officer Implementation Authority Director, Service Delivery
More informationDevelopment, Acquisition, Implementation, and Maintenance of Application Systems
Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of
More informationCity of Berkeley. Prepared by:
City of Berkeley Purchase Order Audit Select Public Works Divisions At the Corporation Yard Prepared by: Ann-Marie Hogan, City Auditor, CIA, CGAP Teresa Berkeley-Simmons, Audit Manager, CIA, CGAP Frank
More informationMecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452
Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationCity of Berkeley. Accounts Payable Audit
City of Berkeley Accounts Payable Audit Prepared by: Ann-Marie Hogan, City Auditor, CIA, CGAP Teresa Berkeley-Simmons, Audit Manager, CIA, CGAP Frank Marietti, Senior Auditor, CIA, CGAP Presented to Council
More informationCity of Berkeley. Prepared by:
City of Berkeley Berkeley Public Library Purchasing and Accounts Payable Audit Prepared by: Ann-Marie Hogan, City Auditor, CIA, CGAP Teresa Berkeley-Simmons, Audit Manager, CIA, CGAP Frank Marietti, Senior
More informationPerformance Audit Concurrent Review: ERP Pre-Solicitation
Performance Audit Concurrent Review: ERP Pre-Solicitation April 2002 City Auditor s Office City of Kansas City, Missouri 24-2001 April 10, 2002 Honorable Mayor and Members of the City Council: We conducted
More informationTailored Technologies LLC
685 Third Avenue New York, NY 10017 Tel: (212) 503-6300 Fax: (212) 503-6312 Date: January 9, 2014 To: The Audit File of the Hugh L. Carey Battery Park City Authority From: Tailored Technology Observations
More informationInformation Systems and Technology
As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons
More informationDepartment of Finance Department of Purchasing and Supply Management Fixed Assets System Audit Final Report
Department of Finance Department of Purchasing and Supply Management Fixed Assets System Audit Final Report November 2006 promoting efficient & effective local government Executive Summary The Department
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR
More informationGeneral IT Controls Audit Program
Contributed February 5, 2002 by Paul P Shotter General IT Controls Audit Program Purpose / Scope Perform a General Controls review of Information Technology (IT). The reviews
More informationAudit Report: Most Contracts Executed Timely but Contract Project Managers Could Use Better Tools and Guidance
Office of the City Auditor CONSENT CALENDAR October 6, 2015 To: From: Honorable Mayor and Members of the City Council Ann-Marie Hogan, City Auditor Submitted by: Ann-Marie Hogan, City Auditor Subject:
More informationPolicy on Privileged Access
Policy on Privileged Access Reference: CNS-P-GEN-PRIV-ACCESS Revision: D Supersedes: Purpose: Source: System Administrator Best Practice Guideline The purpose of this policy is to prevent inappropriate
More informationPART 10 COMPUTER SYSTEMS
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
More informationSTATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE
STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT ORGANIZATION,
More informationHow To Manage Change Management At Uni
Change Management Process VERSION 1.0 Version Date: 1 May 2006 Table of Revisions REVISION NUMBER DESCRIPTION OF CHANGES (PARAGRAPH AND OR SECTION NUMBERS FOR REVISION TRACKING) DATE OF CHANGE REVIEWED
More informationStandard CIP 007 3 Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More information07/18/2011. sodexousa.com
07/18/2011 sodexousa.com Overview Sodexo Who We Are Talent Management of Olde Competency Model Going Online Performance Cycle Online Process 2004-2011 Benefits Realized Succession Planning Data 2009 Decision
More informationState of South Carolina Policy Guidance and Training
DRAFT For Discussion Purposes Only State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Information Systems (IS) Acquisitions, Development, and Maintenance Policy April/May
More informationCity of Berkeley. Prepared by:
City of Berkeley Customer Service Cash Receipts / Cash Handling Audit Prepared by: Ann-Marie Hogan, City Auditor, CIA, CGAP Teresa Berkeley-Simmons, Audit Manager, CIA, CGAP Frank Marietti, Senior Auditor,
More informationNEW HAMPSHIRE RETIREMENT SYSTEM
NEW HAMPSHIRE RETIREMENT SYSTEM Auditors Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government
More informationPUBLIC RELEASE PATENT AND TRADEMARK OFFICE. Inadequate Contractor Transition Risks Increased System Cost and Delays
PUBLIC RELEASE PATENT AND TRADEMARK OFFICE Inadequate Contractor Transition Risks Increased System Cost and Delays Inspection Report No. OSE-10084-8-0001 / December 1997 Office of Systems Evaluation PTO
More informationOFFICE OF THE CITY CONTROLLER
OFFICE OF THE CITY CONTROLLER INFORMATION TECHNOLOGY DEPARTMENT ENTERPRISE RESOURE PLANNING (SAP) SECURITY LIMITED REVIEW PERFORMANCE AUDIT Ronald C. Green, City Controller David A. Schroeder, City Auditor
More informationAuditing in an Automated Environment: Appendix C: Computer Operations
Agency Prepared By Initials Date Reviewed By Audit Program - Computer Operations W/P Ref Page 1 of 1 Procedures Initials Date Reference/Comments OBJECTIVE - To document the review of the computer operations
More informationAllen Independent School District July 21, 2014
Allen Independent School District July 21, 2014 Table of Contents Internal Audit Process 3 Risk Evaluation Criteria 5 Payroll 6 Information Technology 11 Facilities 18 Finance and Operations 22 Eagle Stadium
More informationINFORMATION SYSTEMS ANALYST III
INFORMATION SYSTEMS ANALYST I INFORMATION SYSTEMS ANALYST II INFORMATION SYSTEMS ANALYST III Class specifications are intended to present a descriptive list of the range of duties performed by employees
More informationASSISTANT PAYROLL ADMINISTRATOR (PS100952) This position is located at the San Rafael Administration Building
POSITION: SALARY RANGE: ASSISTANT PAYROLL ADMINISTRATOR (PS100952) This position is located at the San Rafael Administration Building $69,673.50 to $84,201.00 plus excellent benefits (37.5 hour workweek)
More informationIT Consultant Job Family
JOB TITLE Promotion Criteria Position Overview Statement: Principal Duties and Responsibilities IT Consultant I (may be Support or Admin) Entry level little or no IT experience required; however, experience
More informationTHE UNIVERSITY OF TEXAS AT AUSTIN ANNUAL PERFORMANCE EVALUATION FOR CLASSIFIED PERSONNEL AND NON-TEACHING PROFESSIONAL STAFF
THE UNIVERSITY OF TEXAS AT AUSTIN ANNUAL PERFORMANCE EVALUATION FOR CLASSIFIED PERSONNEL AND NON-TEACHING PROFESSIONAL STAFF For Evaluation Period Ending: Employee Name: Department: Title: Manager KEY
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationMedical Billing and Ensuring Compliance With the State of Montana
STATE OF MONTANA SECRETARY OF STATE S OFFICE JOB PROFILE AND EVALUATION SECTION I - Identification Working Title: Systems Analyst Class Code Number: 151516 Department: Secretary of State Division/ Bureau:
More informationDepartment of Public Utilities Customer Information System (BANNER)
REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More informationINTERNAL AUDIT REPORT. Review of Software Change Management. Fairfax County Internal Audit Office
INTERNAL AUDIT REPORT Review of Software Change Management FAIRFAX COUNTY, VIRGINIA INTERNAL AUDIT OFFICE M E M O R A N D U M TO: Anthony H. Griffin DATE: May 2, 2002 County Executive FROM: SUBJECT: Ronald
More informationHIPAA Privacy Rule Policies
DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment
More informationAudit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
More informationDIXON MONTESSORI CHARTER SCHOOL FISCAL CONTROL POLICY
DIXON MONTESSORI CHARTER SCHOOL FISCAL CONTROL POLICY 1. Purpose The Dixon Montessori Charter School Board of Directors ( Board ) has reviewed and adopted the following policies and procedures to ensure
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationSECTION I PROJECT SUMMARY (TRW)
SECTION I PROJECT SUMMARY (TRW) Table I Summary Agency/Department Information TRW Information Executive Sponsor: Cynthia Lorenzo Received Date: Managers: Ron McCranie/Andy Loveland Status Meeting Date:
More informationRisk and Controls 101
Risk and Controls 101 Agenda What is a Risk and Control? Controls 101 What is Risk and Control? Control Types Control Execution Control Categories A-123 Process here at LBNL Wrap-up Process Risk Map Control
More informationGOVERNANCE AND MANAGEMENT OF CITY WIRELESS TECHNOLOGY NEEDS IMPROVEMENT MARCH 12, 2010
APPENDIX 1 GOVERNANCE AND MANAGEMENT OF CITY WIRELESS TECHNOLOGY NEEDS IMPROVEMENT MARCH 12, 2010 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS
More informationOPERATIONAL RISK RISK ASSESSMENT
OPERATIONAL RISK RISK ASSESSMENT 1 OVERVIEW Inherent Risk Risk Management Composite or Net Residual Risk Trend 2 INHERENT RISK Definition Sources Identification Quantification 3 Definition OPERATIONAL
More informationOffice of the City Manager CONSENT CALENDAR JUNE 17, 2008
Office of the City Manager JUNE 17, 2008 To: From: Submitted by: Subject: Honorable Mayor and Members of the City Council Phil Kamlarz, City Manager David W. Hodgkins, Director of Human Resources Contract:
More informationCFPB Consumer Laws and Regulations
General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services
More informationExecutive Assistant Competency Profile
UNIVERSITY OF NORTH CAROLINA WILMINGTON DESCRIPTION OF WORK: Executive Assistant Positions in this banded class serve as staff/management assistants to highest-level administrators in an organization that
More informationINFORMATION SYSTEMS SPECIALIST 8 1488
INFORMATION SYSTEMS SPECIALIST 8 1488 SERIES DESCRIPTION The INFORMATION SYSTEMS SPECIALIST (ISS) classification series has eight levels that describe technical and professional non-supervisory positions
More informationISACA PROFESSIONAL RESOURCES
ISACA PROFESSIONAL RESOURCES SEGREGATION OF DUTIES WITHIN INFORMATION SYSTEMS This is an excerpt from the CISA Review Manual 2005 Chapter 2 - Management, Planning and Organization of IS CISA Review Manual
More informationTargeted Case Management Services Sliding Scale Payment Schedules
Office of the City Manager CONSENT CALENDAR April 18, 2006 To: From: Honorable Mayor and Members of the City Council Phil Kamlarz, City Manager Submitted by: Fred Medrano, Director, Health and Human Services
More informationDISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY
Audit Committee - 1. Call to Order - Bradford Seamon, Chairperson DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY Board of Directors Audit Committee Thursday, March 29, 2012 9:30 a.m. 1. Call to Order...
More informationAugust 2012 Report No. 12-048
John Keel, CPA State Auditor An Audit Report on The Texas Windstorm Insurance Association Report No. 12-048 An Audit Report on The Texas Windstorm Insurance Association Overall Conclusion The Texas Windstorm
More informationCITY UNIVERSITY OF HONG KONG Communications and Operating Management Standard
CITY UNIVERSITY OF HONG KONG Communications and Operating Management Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationHow Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?
SOLUTION BRIEF CA SERVICE MANAGEMENT - SOFTWARE ASSET MANAGEMENT How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationOffice of the City Auditor. Audit Report. AUDIT OF MONTHLY BANK RECONCILIATIONS (Report No. A08-014) May 16, 2008. City Auditor. Craig D.
CITY OF DALLAS Dallas City Council Office of the City Auditor Audit Report Mayor Tom Leppert Mayor Pro Tem Dr. Elba Garcia AUDIT OF MONTHLY BANK RECONCILIATIONS (Report No. A08-014) Deputy Mayor Pro Tem
More informationProgram Summary. Criterion 1: Importance to University Mission / Operations. Importance to Mission
Program Summary DoIT provides and supports the infrastructure and custom development for NIU s core human resources system: The PeopleSoft Human Resources Management System (PS- HR) provides core functionality
More informationSupportworks ITSM Foundations A Bite-Size approach to ITIL adoption
Supportworks ITSM Foundations A Bite-Size approach to ITIL adoption Supportworks ITSM Foundations IT Service Management Made Simple Globally, the IT Infrastructure Library (ITIL) is by far the most popular
More informationVoice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview
Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview 1/1 Table of Contents 1. Introduction...3 2. Executive Summary...4 3. Program Definition...5 3.1. Program
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More information1) Why did you make the change with Accounts Payable and IDS?
Accounts Payable/Payroll/IDS/Travel/Purchasing/BEN 1) Why did you make the change with Accounts Payable and IDS? The requirements for reimbursing and paying individuals generally differ from those related
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationDepartment of Information Technology Remote Access Audit Final Report. January 2010. promoting efficient & effective local government
Department of Information Technology Remote Access Audit Final Report January 2010 promoting efficient & effective local government Background Remote access is a service provided by the county to the Fairfax
More informationUnited States Department of State Global Financial Management System (GFMS) Privacy Impact Assessment
United States Department of State Global Financial Management System (GFMS) Privacy Impact Assessment CGFS/DCFO/GFMS 1. Contact Information Privacy Impact Assessment (PIA) Department of State Privacy Coordinator
More informationMission. - 139 - Human Resources
Human Resources Mission The mission of Human Resources is to serve our community by attracting and retaining a highly qualified workforce and creating a work environment for them that supports their commitment
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationKANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER
KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER Material Weaknesses (0) No material weaknesses were reported for FY 2013. Significant Deficiencies (1) Grant Receivable Accounting
More informationSCHOOL BUSINESS EXECUTIVE
SCHOOL BUSINESS EXECUTIVE DISTINGUISHING FEATURES OF THE CLASS: This is a professional business management position responsible for the supervision and performance of a wide variety of business affairs
More informationHonorable Mayor and Members of the City Council. Submitted by: David W. Hodgkins, Director of Human Resources
Office of the City Manager To: From: Honorable Mayor and Members of the City Council Christine Daniel, City Manager Submitted by: David W. Hodgkins, Director of Human Resources Subject: Workers Compensation
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Management of Western Area Power Administration's Cyber Security Program DOE/IG-0873 October 2012 Department
More informationOFFICE OF INSPECTOR GENERAL. Audit Report
OFFICE OF INSPECTOR GENERAL Audit Report Select Financial Management Integrated System Business Process Controls Need Improvement Report No. 16-02 November 30, 2015 RAILROAD RETIREMENT BOARD EXECUTIVE
More informationColorado Department of Health Care Policy and Financing
Colorado Department of Health Care Policy and Financing Solicitation #: HCPFRFPCW14BIDM Business Intelligence and Data Management Services (BIDM) Appendix B BIDM Project Phases Tables The guidelines for
More informationAudit of Policy on Internal Control Information Technology General Controls (ITGCs) Audit
D.2.1D Audit of Policy on Internal Control Information Technology General Controls (ITGCs) Audit Office of the Chief Audit Executive Audit and Assurance Services Directorate March 2015 Cette publication
More informationVirginia Longitudinal Data System
Virginia Longitudinal Data System Book of Data Governance Version 1.0 Page 1 Signature Page The following parties agree upon the policies and procedures outlined in this version of the VLDS Book of Data
More informationJob Description- Manager, Financial Systems & Project Management
S00010A, page 1 Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. FUNCTIONAL DUTIES Serves as Manager, Financial Systems
More informationMemorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098. May 23, 2000.
U.S. Department of Transportation Office of the Secretary of Transportation Office of Inspector General Memorandum ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098
More informationAUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1
AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the
More informationDepartment of Legislative Services Office of Legislative Audits. Maryland Insurance Administration
Maryland Insurance Administration Report Dated November 20, 2014 Audit Overview MIA licenses and regulates insurers, insurance agents and brokers who conduct business in the State, and monitors the financial
More informationInternal Control Guide & Resources
Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed
More informationInternal Audit. Audit of HRIS: A Human Resources Management Enabler
Internal Audit Audit of HRIS: A Human Resources Management Enabler November 2010 Table of Contents EXECUTIVE SUMMARY... 5 1. INTRODUCTION... 8 1.1 BACKGROUND... 8 1.2 OBJECTIVES... 9 1.3 SCOPE... 9 1.4
More informationSUMMARY OF AUDIT FINDINGS
SUMMARY OF AUDIT FINDINGS EXECUTIVE SUMMARY Citizens' Office of Internal Infrastructure - July 2010 The audit determined the overall effectiveness of the controls over the processes for the acquisition,
More informationTalent Management JOB CLASS: Manager PAY GRADE: 19 EXEMPT STATUS: Exempt DATE: 4/16/2015
JOB DESCRIPTION: MANAGER, HUMAN RESOURCE INFORMATION SYSTEMS (HRIS) DEPARTMENT: Talent Management-Human Executive Director, REPORTS TO: Resources Talent Management JOB CLASS: Manager PAY GRADE: 19 EXEMPT
More informationFederal Home Loan Bank Membership Version 1.0 March 2013
Introduction The Federal Home Loan Banks (FHLBanks) are cooperative institutions owned by members. The Federal Home Loan Bank Act of 1932 (FHLBank Act) created the Federal Home Loan Bank System to support
More informationProject Governance Plan Next Generation 9-1-1 Project Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1)
Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1) Date: October 1, 2014 Version: 3.1 DOCUMENT REVISION HISTORY Version Date Changes Updated By 0.1 02/13/014 Initial
More informationIllinois State Board of Education
Illinois State Board of Education 100 North First Street Springfield, Illinois 62777-0001 www.isbe.net James T. Meeks Chairman Tony Smith, Ph.D. State Superintendent of Education CAREER OPPORTUNITIES July
More informationSTATE OF TENNESSEE COMPTROLLER OF THE TREASURY State Capitol Nashville, Tennessee 37243-9034 (615) 741-2501. August 9, 2010
Justin P. Wilson Comptroller STATE OF TENNESSEE COMPTROLLER OF THE TREASURY State Capitol Nashville, Tennessee 37243-9034 (615) 741-2501 The Honorable Phil Bredesen, Governor and Members of the General
More informationIndependent Auditors Report
KPMG LLP Suite 12000 1801 K Street, NW Washington, DC 20006 Independent Auditors Report Administrator and Acting Inspector General United States General Services Administration: Report on the Financial
More informationCLASS FAMILY: Business Operations and Administrative Management
OCCUPATIONAL GROUP: Business Administration CLASS FAMILY: Business Operations and Administrative Management CLASS FAMILY DESCRIPTION: This family of positions includes those which perform administrative
More informationAssurX Makes Quality & Compliance a Given Not Just a Goal
AssurX Makes Quality & Compliance a Given Not Just a Goal TRACK. MANAGE. AUTOMATE. IMPROVE. AssurX s powerfully flexible software unites and coordinates information, activities and documentation in one
More informationOversight of Information Technology Projects. Information Technology Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Oversight of Information Technology Projects Information Technology Audit May 29, 2009 Report 09-19 FINANCIAL
More information