Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06
|
|
- June Miles
- 8 years ago
- Views:
Transcription
1 Comhairle nan Eilean Siar Internal Audit Review Information Technology Final Report 2014/ rd November 2014
2 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 7-14 SECTION 3 - ACTION PLAN 15 APPENDIX A - RESPECTIVE RESPONSIBILITIES OF MANAGEMENT 16 AND INTERNAL AUDIT APPENDIX B - ISOLATED EXCEPTIONS TO EXPECTED PROCEDURES 17 Date of Visit August/September 2014 Draft Report Issued 22 nd September 2014 Management Response Received 03 rd November 2014 Final Report Issued 03 rd November 2014 Issued to: Director of Finance & Corporate Resources Chief Executive External Audit Head of IT and Customer Services Robert Emmott Malcolm Burr Karen Jones Angus MacArthur 3 rd November 2014
3 SECTION 1: EXECUTIVE SUMMARY Introduction 1.1 This report has been prepared following an internal audit review of Disaster Recovery Arrangements and as part of the operational annual internal audit plan for 2014/15. The purpose of this report is to provide an overview of the Comhairle s arrangements for the operation and management of Disaster Recovery and in terms of the objectives noted below. Background information 1.2 The IT Unit operates from the Comhairle building at Sandwick Road but provides services, via its network, to offices and schools in all parts of the Western Isles. All its core systems are housed in the machine room in the Sandwick Road building. Its main purpose is to provide the IT infrastructure over which all the Comhairle s IT systems run. This ranges from standard desktop PC s, laptops, mobile devices including ipads, all telephony services, central servers, network switches, wireless units and all cabling. The Comhairle has over 1000 registered users, supports almost 100 servers and has a broadband network which stretches from the North of Lewis to Barra 1.3 In order to provide the kind of support required for this scale of operation the IT Unit is staffed by a 9 person Technical Support team and a 6 person Business Support team. As is most organisations of this size, the Comhairle are highly dependent on its IT infrastructure and systems in the delivery of its core day to day services and support functions. It is therefore important that the Comhairle has suitable disaster recovery arrangements in place as part of a wider business continuity planning process. Internal audit objective 1.4 In accordance with the remit outlined within the operational annual internal audit plan for 2014/15 and further documented within the agreed terms of reference, our internal audit work was designed to obtain assurance that the Comhairle s arrangements for Disaster Recovery and associated processes were appropriate and operating as expected. In practice, we assessed whether the overall objective was being achieved by confirming that:- The organisation demonstrates VFM in all the services provided/supported and evidences that alternatives have been adequately considered, where available and appropriate; There is a corporate business continuity management policy and supporting procedures in place which identifies the organisations mission critical activities and prioritised recovery; The organisation has produced a business impact analysis and risk assessment and these have been agreed corporately; 3 rd November
4 SECTION 1: EXECUTIVE SUMMARY (CONTINUED) The IT section have identified hazards and threats in relation to IT architecture, networks, suppliers, documentation, hardware, software, storage, back-ups, staffing, buildings, facilities, security, systems monitoring, power, data communications, archiving and environmental factors such as air conditioning in data rooms; There has been appropriate testing of disaster recovery arrangements, together with a review of learning points with have been filtered into updated procedures and processes, where appropriate; There is supporting documentation held within the organisation, the IT unit and in offsite locations which provide clear instruction for staff which include, responsibilities, authorisations and relocation; Third party arrangements are supported by a contract and have appropriate security, authorisations, recognised practices in accordance with international standards of IT management, and There are suitable budgetary provisions in place to facilitate appropriate business continuity and disaster recovery arrangements within the Comhairle. 1.5 Areas of good practice A secure alternate location for backups and recovery; A reciprocal agreement is in place for the Comhairle s virtualised servers to be housed within a secure location at NHS-WI premises; and A modern virtualised infrastructure with a fast, dedicated communication link between Comhairle HQ and the Disaster recovery site is in place. 3 rd November
5 SECTION 1: EXECUTIVE SUMMARY (CONTINUED) 1.6 Concluding remarks Our detailed findings are included in the body of this report. We would point out that the most significant issues arising from our review which require management attention are: Whilst there is the basis for the development of adequate IT disaster recovery provision, particularly now that the off-site storage arrangements are in place; there is however, further work required to be undertaken to take forward a number of key issues, for example, the prioritisation of a corporate approach to system recovery before the Comhairle is in a position to have a robust IT disaster recovery arrangement in place. (Paragraphs 2.1, 2.2 and 2.6) The Comhairle s IT Disaster Recovery plan requires to be completed in full, together with advising staff of their responsibilities/duties in relation to the plan, and with suitable annual training/testing of the plan to be taken forward once all key issues have been dealt with in terms of systems infrastructure and reconfiguration. (Paragraphs 2.8 and 2.9) We are advised by the Head of IT and Customer Services that PSN compliance took priority over much of the unit s work programme and that, as a result, limited progress was made in completing the residual parts of the DR plan. 3 rd November
6 SECTION 1: EXECUTIVE SUMMARY (CONTINUED) 1.7 We have graded our detailed findings and recommendations, based on the likelihood of the identified weakness occurring and the impact on the Comhairle if it should occur, using the following criteria: Grade 1 - Critical High likelihood, High impact (HH) The weakness is almost bound to happen or is already happening (likelihood) and could have a significant impact on the Comhairle s services, reputation, control, financial position, statutory, regulatory or constitutional compliance if not contained Grade 2 - Contingent/Insurable Risk - Low likelihood, High impact (LH) The weakness is unlikely to happen, but would have a significant impact on the Comhairle s services, reputation, control, financial position, statutory, regulatory or constitutional compliance if it did occur Grade 3 - Housekeeping High likelihood, Low impact (HL) The weakness is almost bound to happen or is already happening but is unlikely to have a material impact on the Comhairle s services, reputation, control, financial position, statutory, regulatory or constitutional compliance, and can be contained Grade 4 - Value for Money High likelihood, Value for money impact (HV) The weakness is almost bound to happen or is already happening but if contained would have a positive impact on economy, efficiency and effectiveness in the use of resources Where we have identified isolated exceptions in our sample testing, and we consider that: - They are unlikely to recur; and Would have no significant impact if they should occur, we have classified them as low likelihood and low impact (LL), discussed them with relevant officers and detailed them in Appendix B to this report. 3 rd November
7 SECTION 1: EXECUTIVE SUMMARY (CONTINUED) 1.8 Our recommendations can be summarised and prioritised as follows: Recommendation 2.1 The IT Unit Business Continuity Plan be completed, together with a system prioritisation plan as a matter of priority. Overall grading The Head of IT and Customer Services in discussions with the Comhairle s Management Team and other relevant sections within the Comhairle, determine the key critical systems to be prioritised in the event of a disaster or business continuity event. 2.3 The Head of IT and Customer Services takes forward the alternative link contained within the disaster recovery plan or considers another option to achieve the planned outcome. 2.4 The Head of IT and Customer Services appends third party SLA s to IT Unit Disaster Recovery Plan. 2.5 The Head of IT and Customer Services communicates the timetable for recovery of systems to all key staff named in IT Unit Disaster Recovery Plan in order that staff are aware of their duties. 2.6 The Head of IT and Customer Services addresses the incomplete infrastructure, systems and supporting protocols which are required as part of the disaster recovery plan. 2.7 The Head of IT and Customer Services as part of developing the testing arrangements, involves third parties in order to determine any areas of concern or where improvement may be required. 3 rd November
8 SECTION 1: EXECUTIVE SUMMARY (CONTINUED) 1.8 Our recommendations can be summarised and prioritised as follows: Recommendation 2.8 The Head of IT and Customer Services should inform staff, once a suitable disaster and business continuity plan for IT has been developed, of their responsibilities, authorisations, relocation arrangements in relation to disaster recovery. Overall grading We would like to thank all staff for the co-operation and goodwill we received during the course of our internal audit fieldwork. For Comhairle Nan Eilean Siar Internal Audit Section Internal Audit Comhairle Nan Eilean Siar Sandwick Road Stornoway Isle of Lewis HS1 2BW 3 rd November rd November
9 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 2.1 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 1: There is a corporate business continuity management policy and supporting procedures in place which identifies the organisations mission critical activities and prioritised recovery. The Comhairle s Business Continuity H H The IT Unit Business Continuity 1 Core elements of the plan are Strategy and policy require each Head of Plan be completed, together with already in place and resources Service to ensure that a Business a system prioritisation plan as a have been diverted to other Continuity Plan exists that can deliver matter of priority. priority work over the last 9 acceptable standards of service for each 12 months. The plan is critical area. Each service must exercise its scheduled for completion by Business Continuity Plan at least once a March year. We reviewed the IT Unit Business Continuity Plan and note that the plan is incomplete in a number of key areas, therefore not meeting the requirements contained within the corporate policy or strategy. The IT Unit Business Continuity Plan is incomplete and insufficient to meet the needs of the Comhairle as outlined in the corporate Business Continuity Management strategy and policy. 3 rd November
10 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.2 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 3: The organisation has produced a business impact analysis and risk assessment and these have been agreed corporately. We understand that departments have H H The Head of IT and Customer 1 This recommendation is identified systems requiring to be restored Services in discussions with the consistent with the outcomes of in the event of a disaster or business Comhairle s Management Team the Corporate Business continuity event, this has not been and other relevant sections within Continuity Management developed strategically where systems have the Comhairle, determine the key exercise and will be completed been prioritised and identified as Mission critical systems to be prioritised once all departments Business Critical Activities. (MCA) in the event of a disaster or Continuity Plans are in place. business continuity event. This increases the risk that the Comhairle are unable to identify or implement a defined plan of systems recovery which is prioritised to meet the critical activities of the organisation. 3 rd November
11 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.3 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 3: The organisation has produced a business impact analysis and risk assessment and these have been agreed corporately. L H The Head of IT and Customer Services takes forward the alternative link contained within the disaster recovery plan or considers another option to achieve the planned outcome. There are systems and processes in place which could support the MCA key services but these have yet to be considered in terms of the Comhairle s overall disaster response, together with progress of the IT Unit Disaster Recovery Plan. We note that the implementation of the alternative connected communities link is currently not in place. This increases the risk that elements of the disaster recovery plan have not been fully implemented. 2 The implementation of New Generation Broadband (NGB) in 2015 will provided increased resilience until then a contingency plan will be developed. 3 rd November
12 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.4 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 7: Third party arrangements are supported by a contract and have appropriate security, authorisations, recognised practices in accordance with international standards of IT management. We note that although there is provision H L The Head of IT and Customer 3 Agreed. within the IT Unit Disaster Recovery Plan Services appends third party for third party SLA s, for example, SLA s to IT Unit Disaster Resourcelink/Authority Financials; these Recovery Plan. should be appended to the plan for ease of access and provide an instant record of key contacts and system details. Increases the risk that this may prevent staff accessing detailed information as part of the plan, along with key contacts and systems data. 3 rd November
13 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.5 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 5: There has been appropriate testing of disaster recovery arrangements, together with a review of learning points with have been filtered into updated procedures and processes, where appropriate. We spoke with key staff within the IT L H The Head of IT and Customer 2 Training will be completed by section who are named within the plan and Services communicates the March note that whilst some were aware of the IT timetable for recovery of Unit Disaster Recovery Plan, most had not systems to all key staff named in received any training in this area or were IT Unit Disaster Recovery Plan aware of where to find the document in order that staff are aware of their duties. The timetable outlined within the IT business continuity plan has not been communicated and all key staff named in such documents are not all aware of their duties. 3 rd November
14 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.6 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 3: The organisation has produced a business impact analysis and risk assessment and these have been agreed corporately. Whilst there is an infrastructure in place H H The Head of IT and Customer 1 Acknowledge that there is for disaster recovery, there are a number of Services addresses the some further work required and areas of development, testing and training incomplete infrastructure, this is scheduled to commence to be undertaken before the Comhairle can systems and supporting after the completion of PSN be satisfied that it can respond in a protocols which are required as compliance. comprehensive manner to a disaster event part of the disaster recovery in terms of IT response. Such areas plan. include: The reconfiguration of the Unix systems, in terms of replication at the NHS side; As each stage of the disaster recovery process develops, this will need to lead to the culmination of a full annual systems testing protocol. There are element of the disaster recovery systems and supporting protocols which are not developed to a sufficient stage which will support the Comhairle in a disaster event. 3 rd November
15 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.7 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 5: There has been appropriate testing of disaster recovery arrangements, together with a review of learning points with have been filtered into updated procedures and processes, where appropriate. Whilst we are advised by the Head of IT L H The Head of IT and Customer 2 Contracts will be reviewed as and Customer Services that contracts with Services as part of developing they are renewed. suppliers outline generic arrangements for the testing arrangements, disaster recovery, we found that these involves third parties in order to arrangements have not been tested to a determine any areas of concern sufficient standard. or where improvement may be required. Third party arrangements have not been tested insofar as there has not been a coordinated testing of disaster recovery with systems providers. As part of the disaster recovery protocols and testing the use of third party providers must be included in order to assess the robustness of the Comhairle s disaster recovery arrangements. 3 rd November
16 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS (CONTINUED) 2.8 FINDINGS AND IMPLICATIONS RISK RANKING RECOMMENDATION GRADE MANAGEMENT L I COMMENT Control objective 6: There is supporting documentation held within the organisation, the IT unit and in off-site locations which provide clear instruction for staff which include, responsibilities, authorisations and relocation. We issued a questionnaire to relevant IT L H The Head of IT and Customer 2 All IT staff will be briefed on staff in relation to their knowledge and Services should inform staff, Business Continuity awareness of disaster recovery protocol once a suitable disaster and Management arrangements on and received the following responses. In business continuity plan for IT a regular basis. general, it was felt that there was some has been developed, of their awareness to varying degrees in relation to responsibilities, authorisations, disaster recovery but most had not received relocation arrangements in training or were aware of their role in such relation to disaster recovery. an event. Staff were not sufficiently aware of their responsibilities, authorisations, relocation arrangements in relation to disaster recovery. This increase the risk of a disjointed and unorganised response by the Comhairle to a serious event which may further affect resilience to deal with core activities. 3 rd November
17 SECTION 3 - ACTION PLAN Ref. RECOMMENDATION RESPONSIBLE OFFICER 2.1 The IT Unit Business Continuity Plan be The Head of IT and completed, together with a system Customer Services prioritisation plan as a matter of priority. DATE OF IMPLEMENTATION March The Head of IT and Customer Services in discussions with the Comhairle s Management Team and other relevant sections within the Comhairle, determine the key critical systems to be prioritised in the event of a disaster or business continuity event. 2.3 The Head of IT and Customer Services takes forward the alternative link contained within the disaster recovery plan or considers another option to achieve the planned outcome. 2.4 The Head of IT and Customer Services appends third party SLA s to IT Unit Disaster Recovery Plan. 2.5 The Head of IT and Customer Services communicates the timetable for recovery of systems to all key staff named in IT Unit Disaster Recovery Plan in order that staff are aware of their duties. 2.6 The Head of IT and Customer Services addresses the incomplete infrastructure, systems and supporting protocols which are required as part of the disaster recovery plan. 2.7 The Head of IT and Customer Services as part of developing the testing arrangements, involves third parties in order to determine any areas of concern or where improvement may be required. 2.8 The Head of IT and Customer Services should inform staff, once a suitable disaster and business continuity plan for IT has been developed, of their responsibilities, authorisations, relocation arrangements in relation to disaster recovery. The Head of IT and Customer Services The Head of IT and Customer Services The Head of IT and Customer Services The Head of IT and Customer Services The Head of IT and Customer Services The Head of IT and Customer Services The Head of IT and Customer Services March 2015 December 2015 March 2015 March 2015 March 2015 Ongoing and review in December 2015 December
18 APPENDIX A: RESPECTIVE RESPONSIBILITIES OF MANAGEMENT AND INTERNAL AUDIT Responsibility in relation to internal controls It is the responsibility of the Comhairle s management to maintain adequate and effective financial systems and to arrange for a system of internal controls. Our responsibility as internal auditors is to evaluate the financial systems and associated internal controls. In practice, we cannot examine every financial implication and accounting procedure within an activity, and we cannot substitute for management s responsibility to maintain adequate systems of internal controls over financial systems. We therefore may not identify all weaknesses that exist in this regard. Responsibilities in relation to fraud and corruption The prime responsibility for the prevention and detection of fraud and irregularities rests with management. They also have a duty to take reasonable steps to limit the opportunity for corrupt practices. It is our responsibility to review the adequacy of these arrangements, but our work does not remove the possibility that fraud, corruption or irregularity may have occurred and remained undetected. We nevertheless endeavour to plan our internal audit work so that we have reasonable expectation of detecting material fraud, but our examination should not be relied upon to disclose all such material frauds that may exist. 16
19 APPENDIX B: ISOLATED EXCEPTIONS TO EXPECTED PROCEDURES AND CONTROLS ITEM ISOLATED EXCEPTION RESPONSIBLE OFFICER AGREED Y/N DATE OF DISCUSSION 17
Comhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY. Final Report 12/13-20
Comhairle nan Eilean Siar Internal Audit Review Final Report 12/13-20 8 th January 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4-9 SECTION 3 -
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery. Final Report FU18 14/15
Comhairle nan Eilean Siar Internal Audit Follow Up Review Disaster Recovery Final Report FU18 14/15 27 th May 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationComhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department. Final Report 2014/15-21
Comhairle nan Eilean Siar Internal Audit Review Project Management and Project Delivery Technical Services department Final Report 2014/15-21 4 th November 2014 PROJECT MANAGEMENT & PROJECT DELIVERY CONTENTS
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Licensing. Final Report FU16 12/13
Comhairle nan Eilean Siar Internal Audit Follow Up Review Licensing Final Report FU16 12/13 09 October 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 2 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationComhairle nan Eilean Siar Internal Audit Review School Transport Policy Final Report 15/16-22
Comhairle nan Eilean Siar Internal Audit Review School Transport Policy Final Report 15/16-22 3 rd June 2015 3 rd June 2015 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS
More informationComhairle nan Eilean Siar Internal Audit Review MANAGEMENT OF SICKNESS ABSENCES. Final Report 2013/14-18
Comhairle nan Eilean Siar Internal Audit Review Final Report 2013/14-18 01 st July 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-8 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 9-27 SECTION 3
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review PERFORMANCE MANAGEMENT & MONITORING. Final Report FU17 12/13
Comhairle nan Eilean Siar Internal Audit Follow Up Review Final Report FU17 12/13 30 th May 2013 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS 4 7 30
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators. Final Report FU20 11/12
Comhairle nan Eilean Siar Internal Audit Follow Up Review Statutory Performance Indicators Final Report FU20 11/12 14 th August 2012 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3 SECTION 2 - DETAILED
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Document Management. Final Report FU01 14/15
Comhairle nan Eilean Siar Internal Audit Follow Up Review Document Management Final Report FU01 14/15 11 November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 4 SECTION 2 - DETAILED FINDINGS AND
More informationComhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements. Final Report FU01 13/14
Comhairle nan Eilean Siar Internal Audit Follow Up Review Children s Services Cost of Placements Final Report FU01 13/14 INTERNAL AUDIT FOLLOW UP REPORT CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1 3
More informationIT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS
NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor
More informationEAST AYRSHIRE COUNCIL CABINET. 16 th June 2010. 2010 / 11 to 2012 / 13 INFORMATION TECHNOLOGY SERVICES CAPITAL EXPENDITURE PROGRAMME
EAST AYRSHIRE COUNCIL CABINET 16 th June 2010 2010 / 11 to 2012 / 13 INFORMATION TECHNOLOGY SERVICES CAPITAL EXPENDITURE PROGRAMME Report by Executive Director of Finance & Corporate Support 1. PURPOSE
More informationInternal Audit Report Business Continuity Planning Arrangements
The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report
More informationICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING
ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING Report by Director of Finance and Corporate Resources PURPOSE OF REPORT To bring before the Sub-Committee
More informationInternal Audit Report Disaster Recovery / Business Continuity Planning
Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,
More informationAppendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15
Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationAPPLICATION FORM PARTICIPATORY BUDGETING TRAINING SUPPORT PACKAGE FOR LOCAL AUTHORITIES. Telephone number Gayle Findlay 01851 822617
APPLICATION FORM PARTICIPATORY BUDGETING TRAINING SUPPORT PACKAGE FOR LOCAL AUTHORITIES Contact Details Name Telephone number Gayle Findlay 01851 822617 Organisation: Comhairle nan Eilean Siar Role: Community
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationFood Standards Agency in Scotland
in Scotland Report on the Audit of Local Authority Assessment of Regulation (EC) No 852/2004 on the Hygiene of Foodstuffs in Food Business Establishments Comhairle nan Eilean Siar 21-23 November 2011 Foreword
More informationAPPENDIX 1 COMHAIRLE NAN EILEAN SIAR IT STRATEGY
APPENDIX 1 COMHAIRLE NAN EILEAN SIAR IT STRATEGY VERSION 4.0 MAY 2012 0 Item Table of Contents Page CHANGE HISTORY... 2 1 INTRODUCTION... 3 2. BACKGROUND AND SUPPORTING POLICIES... 4 3. REVIEW PROCESS...
More informationJoint Audit Report for South Lakeland District Council. & Eden District Council
Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationAppendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit
Appendix C Accountant in Bankruptcy Annual report on the 2013/14 audit Prepared for Accountant in Bankruptcy and the Auditor General for Scotland 6 August 2014 Audit Scotland is a statutory body set up
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationADDITIONAL CONTRACTUAL TERMS RELATING TO THE PROVISION OF MANAGED SERVICES
ADDITIONAL CONTRACTUAL TERMS RELATING TO THE PROVISION OF MANAGED SERVICES ACT Document Version: 3.0 Customer Document Version: 1.0 Issue Date: XXXXXX COMMERCIAL IN CONFIDENCE Please replace this image
More information2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.
REPORT TO: SCRUTINY COMMITTEE 25 JUNE 2013 REPORT ON: REPORT BY: INTERNAL AUDIT REPORTS CHIEF INTERNAL AUDITOR REPORT NO: 280-2013 1.0 PURPOSE OF REPORT To submit to Members of the Scrutiny Committee a
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationIT Assurance - Business Continuity and Disaster Recovery
Audit Summary Report October 2006 PAPER D IT Assurance - Business Continuity and Disaster Recovery Audit 2006/2007 Paper D - 1 External audit is an essential element in the process of accountability for
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More informationDacorum Borough Council Final Internal Audit Report
Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service
More informationInformation Commissioner's Office
Information Commissioner's Office Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Internal Audit 2011-12: Business Continuity Review Last updated 6 February 2012 Will Simpson Senior Manager
More informationINTERNAL AUDIT 2008/09 INFORMATION TECHNOLOGY (BUSINESS CONTINUITY)
2008/09 SUMMARY Location Subject Business Sponsor Staff engaged Coleg Gwent Information Technology (Business Continuity) Lynda Roberts Sue Harris Head of Internal Audit Gaynor Rains Manager David Bratt
More informationSecondary School 1/04/2015. ICT Service Specification by: Andrea Warburton ONE IT SERVICES AND SOLUTIONS
1/04/2015 Secondary School ICT Service Specification by: 1 Andrea Warburton ONE IT SERVICES AND SOLUTIONS SERVICE SPECIFICATION One IT Services and Solutions offer a one stop shop ICT support service,
More informationCumbria Constabulary. Business Continuity Planning
Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market
More informationSUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS
REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet
More informationReview of housing benefit overpayments 2008/09 to 2011/12
Review of housing benefit overpayments 2008/09 to 2011/12 Prepared by Audit Scotland January 2013 Audit Scotland is a statutory body set up in April 2000 under the Public Finance and Accountability (Scotland)
More informationBusiness Continuity Business Impact Analysis arrangements
Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary
More informationDERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY
DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY VERSION 1.0 ISSUED JULY 2015 CONTENTS Page CONTENTS VERSION CONTROL FOREWORD i ii iii POLICY 1 Scope 1 Aim and Objectives 1 Methods and Standards 1
More informationCenSus ICT Strategy (2012 2015)
CenSus ICT Strategy (2012 2015) Date: September 2012 Version: 5.0 Version Control Amendment History including Author: Version Date Author / Amendment History 1.0 Draft 30 th August 2012 Graham Crossingham
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationFINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation
Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationWest Highland College. Internal Audit 2014/15 Annual Report August 2015
Internal Audit 2014/15 Annual Report August 2015 TABLE OF CONTENTS Section Page 1. Introduction 3 2. Executive Summary 4 5 3. Audit Findings 6 11 4. Benchmarking 12 5. Key Performance Indicators 13 Appendices
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationAUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT
More informationRISK MANAGEMENT STRATEGY
RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate
More informationBusiness Continuity Management Policy
Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationAudit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction
Audit Committee, 13 March 2013 Internal Audit Report Project Management Executive summary and recommendations Introduction Mazars has undertaken a review of the arrangements for project management in accordance
More informationVersion: 3.0. Effective From: 19/06/2014
Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016
More informationAnnual Report of Internal Audit 2012/13
Open Decision Item 4 Audit & Governance Committee 19 th June 2013 Annual Report of Internal Audit 2012/13 SYNOPSIS To report on Internal Audit s opinion of the overall adequacy and effectiveness of the
More informationV1.0 - Eurojuris ISO 9001:2008 Certified
Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation
More informationWEST LOTHIAN COLLEGE
WEST LOTHIAN COLLEGE ANNUAL REPORT TO THE BOARD OF GOVERNORS AND THE AUDITOR GENERAL FOR SCOTLAND ON THE EXTERNAL AUDIT FOR THE YEAR ENDED 31 JULY 2006 DECEMBER 2006 Wylie & Bisset Date of commencement
More informationDisaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery
Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and
More informationEssex Fire Authority
Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013
More informationBalancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs
Balancing and Settlement Code BSC PROCEDURE BSCP537 QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs APPENDIX 3 GUIDANCE NOTES ON COMPLETING THE SAD Version 2.0 Date: 10 September 2007
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationInternal audit report Information Security / Data Protection review
Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationCARING AT HOME CAREER PROJECT
HEALTH AND SOCIAL CARE COMMITTEE: 5 SEPTEMBER 2013 POLICY AND RESOURCES COMMITTEE: 12 SEPTEMBER 2013 CARING AT HOME CAREER PROJECT Report by Chief Executive, Comhairle nan Eilean Siar PURPOSE OF REPORT
More informationKaren Winter Service Manager Schools and Traded Services 01823 355267 KWinter@somerset.gov.uk
Somerset Services to Education Providers 2014-2015 SOUTHWEST ONE TECHNOLOGY SERVICES Service Provider: Southwest One Service Category: Academy Schools - Chargeable Contact: Karen Winter Service Manager
More information1.1 Terms of Reference Y P N Comments/Areas for Improvement
1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational
More informationGovernance and Audit Committee 23 November 2015
Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on
More informationAPPENDIX 2 GENERIC OPERATIONAL RISKS RISK TABLES & ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006
APPENDIX 2 GENERIC OPERATIONAL S TABLES ADDITIONAL ACTION PLANS MONITORING REPORT MARCH 2006 GENERIC S AFFECTING MOST OR ALL SERVICES OPERATIONAL S OF HYNDBURN BOROUGH COUNCIL PROFESSIONAL LIKELI- HOOD
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationGlasgow Life Risk Management & Business Continuity Planning. Final Report
Glasgow Life Risk Management & Business Continuity Planning Final Report INTERNAL AUDIT October 2014 Glasgow City Council Internal Audit 1 Glasgow Life Risk Management & Business Continuity Planning Table
More informationService Level Agreement: Support Services (Version 3.0)
Service Level Agreement: Support Services (Version 3.0) This Service Level Agreement ("SLA") is attached to the Agreement (Number [ ]) entered into between Uniware Systems Limited ("Uniware") and the Customer
More informationBusiness Continuity Policy
Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during
More informationitg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.
Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your
More informationAPPENDIX: CHECKLIST COMPLIANCE WITH THE CODE
AEDIX: CHECKLIST COMLIACE WITH THE CODE lease tick to indicate = ES, = ARTIAL, = O. Where partial or no, you should give reasons for any noncompliance, and any compensating measures in place or actions
More informationAberdeen City Council IT Disaster Recovery
Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationHow To Manage A Business Continuity Strategy
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
More informationNote the Chief Internal Auditor s findings to date and gain assurance from Officers that key issues raised are being addressed.
Agenda Item No: 9 To: Joint Audit Committee Date: 24 September 2014 By: Chief Internal Auditor Title: Internal Audit Update Report 2014-15 Purpose of Report: The purpose of this report is to give an opinion
More informationColeg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:
Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation
More informationBUSINESS CONTINUITY POLICY RM03
BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:
More informationPolish Financial Supervision Authority. Guidelines
Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents
More informationBACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationHow To Write A Criminal Justice Plan For The Western Ireland
Comhairle nan Eilean Siar Social Work Department Criminal Justice Service Plan 2008-11 1 INTRODUCTION Comhairle nan Eilean Siar Criminal Justice Service provides services, such as, Supervision of offenders
More informationInformation Services IT Security Policies B. Business continuity management and planning
Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary
More informationCENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT
Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning
More informationPractice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM
October 2010 Practice Note 10 (Revised) AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM The Auditing Practices Board (APB) is one of the operating bodies of the Financial Reporting
More informationAnnual Audit Letter. Kettering General Hospital NHS Foundation Trust Audit 2010/11
Annual Audit Letter Kettering General Hospital NHS Foundation Trust Audit 2010/11 Contents Key messages 2 Audit opinion and financial statements 2 Value for money 2 Limited assurance opinion on the Quality
More informationBUSINESS CONTINUITY PLAN
Business Logo Here BUSINESS CONTINUITY PLAN FOR SMALL TO MEDIUM SIZED BUSINESSES DATE :??? VERSION:?? PRODUCED BY DURHAM CIVIL CONTINGENCIES UNIT BUSINESS CONTINUITY PLAN LIST OF CONTENTS 1. DISCLAIMER...4
More informationIT control environment Caerphilly County Borough Council
Audit 2008/2009 November 2009 Author: PricewaterhouseCoopers LLP Ref: C09366 IT control environment Caerphilly County Borough Council We found the overall IT control environment at Caerphilly County Borough
More informationSouth Northamptonshire Council Contract Assurance: Leisure Contract
South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013 Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year
More informationAppendix 1C. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA PAYROLL CONTROL FRAMEWORK
Appendix 1C DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA PAYROLL CONTROL FRAMEWORK DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Karen Walker, Risk and Assurance
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationYour complete guide to Cloud Computing
Your complete guide to Cloud Computing 1 Doc V1.0 Dec 2013 Table of Contents Hosted Desk- 3 The Cloud and Cloud Computing... 4 The benefits of Cloud Solutions 6 The Cloud is Growing - Rapidly 7 Resolving
More informationPeer Review Panel Report. Information Technology Services
Peer Review Panel Report Information Technology Services 21 st October 2008 Introduction As part of s commitment to quality assurance it is the policy of the Institute to review key academic and other
More information