Entitlements Management System (EMS) Technology Update Project Health Check Review

Save this PDF as:

Size: px
Start display at page:

Download "Entitlements Management System (EMS) Technology Update Project Health Check Review"

Transcription

1 Entitlements Management System (EMS) Technology Update Project Health Check Review February 2010 Final This report and PricewaterhouseCoopers deliverables are intended solely for the Department of Finance and Deregulation s internal use and benefit and may not be relied on by any other party. This report may not be distributed to, discussed with, or otherwise disclosed to any other party without PricewaterhouseCoopers prior written consent. PricewaterhouseCoopers accept no liability or responsibility to any other party who gains access to this report. Liability is limited by the Accountant's Scheme under the Professional Standards Act 1994 (NSW) 1

2 1. Executive Summary Introduction PricewaterhouseCoopers has been engaged by the Ministerial & Parliamentary Services (M&PS) Division to perform a point-in-time project health check review of the Entitlements Management System (EMS) Technology Update project. The purpose of this review was to determine whether appropriate project management processes and supporting procedures were in place to enable the effective management of project risk. Our terms of reference required specific focus on whether: the scope of the project has been defined, agreed, is realistic and properly managed; project plans and schedules have been developed and are maintained to support the achievement of project objectives; stakeholders have been appropriately engaged and are committed to the project. This will also assess project governance structures; adequate staffing and skills have been allocated to the team to support the project; risks and issues are appropriately identified, mitigated and monitored effectively and do not threaten implementation; and business benefits have been sufficiently identified and are measurable. This report provides a high level traffic light view of project status and notes key strengths and opportunities for improvements. Current Status & Opportunities for improvement Overall the project has been assessed as Amber, representing moderate risk. This rating is mainly due to the recent departure of the project manager, with arrangements for a replacement yet to be confirmed at the time of the review fieldwork. This introduces a risk that the project could lose momentum and incur delays as a result. This will need to be closely monitored by the Steering Committee during the new project manager s transition. Other key areas for improvement noted during the review included: developing a strategy that defines how the delivery of project objectives and benefits will be measured and monitored confirming business project resources and effort, including testing, given the recent structural and responsibility changes within M&PS enhancing key project documentation and ensuring all project documentation is stored on the Project server. Key strengths and improvement opportunities have been detailed further in Section 3 of this report. Our work was limited to that described in this report and was performed in accordance with International Standards for the Professional Practice of Internal Auditing from the Institute of Internal Auditors. It did not constitute an examination or a review in accordance with generally accepted auditing standards or assurance standards. Accordingly, we provide no opinion or other form of assurance with regard to our work or the information upon which our work was based. We did not audit or otherwise verify the information supplied to us in connections with this engagement, except to the extent specified in this report or our approved objectives and scope. 2

3 2. Summary project assessment The following provides an overview of our assessment of the EMS Technology Update project against the Six Pillars of Project Excellence 1. Overall assessment as at February 2010 Overall assessment (EMS Technology Update Project) Current Status Amber Key Points Project progressing well Recent departure of Project Manager Some resourcing effort yet to be determined and allocated Assessment of the EMS Technology Update Project Focus areas 2 Scope is realistic and managed Current Status (February 2010) Green Key points Approved Business Case and Project Proposal Comprehensive Project Plan Project costing tracked and reported Formal Project Change Request Process Business benefits are realised Green Business benefits defined Plan to measure benefits lacking Work and schedule are predictable Stakeholders are committed (Governance focus) Team is high performing (Limited assessment) Risks are mitigated Amber Green Amber Green Approved project schedule Minor project delays due to limited Subject Matter Expertise availability Some documentation not stored on Project server Testing effort to be determined Good executive level support Effective governance mechanisms Roles and responsibilities defined Formal Terms of Reference for Steering Committee Regular communication amongst stakeholders The project team is committed Project manager has recently departed Arrangements for new project manager to be finalised Structural changes in M&PS group are occurring Risk assessment and issues register exist Risks managed and monitored regularly Project funding not considered as a risk Legend: Significant risk area Moderate risk area Minimal to no issues Requires immediate management attention Requires consideration noted 1 Based on PwC s 6 pillars of Project Excellence, outlined at Appendix A 3

4 3. Key strengths and opportunities for improvement A high level summary of strengths and opportunities for improvement associated with the review are detailed in the table below. Key Strengths Scope Management Approved Business Case and Project Proposal which outline a defined scope and project objectives, alternative options have been considered. Project Plan is comprehensive. Project costing is being tracked and reported. Benefits Management Business benefits have been documented in the Business Case including: Project Schedule Cost-related benefits Service related benefits Qualitative benefits. Projected timelines and expected completion date of project are defined through the project schedule. Stakeholder Management & Governance Good executive level support for the project. Effective governance mechanisms are in place to steer the project. Roles and responsibilities for governance arrangements have been clearly identified. Communication amongst stakeholders is occurring on a regular basis. Team The project team is committed to ensuring the project is successfully delivered. There is a positive collaborative relationship between M&PS and BASB on the project. Risk Management Risk assessment and issues register have been developed and are being maintained regularly. Risks are a focus point for discussion by the Steering Committee. Opportunities for Improvement 1. Transition of new Project Manager: Arrangements for a dedicated replacement project manager should be confirmed to ensure that there is little impact to the momentum of the project. Suitable support should be given to the new project manager to ensure they can quickly grasp the status and requirements of their role for the project. The Steering Committee should pay particular attention to project progress during the new project managers transition. 2. Development of configuration documentation: Finance should ensure sufficient configuration documentation is developed to support the project to reduce the risks associated with the key developer (with extensive legacy EMS knowledge) leaving the project. 3. Project resourcing to be determined: M&PS project resources should be identified and allocated given the revised structure, including those resources that will be utilised during the testing phases of the project. 4. Improvements to project documentation: Update the Project Management Plan to include the process for monitoring, tracking and reporting budget updates on a regular basis. Ensure all project documentation is retained on the designated Project server. Ensure that all status reporting include whether the project is on track, whether delays are expected, reasons for delays and the expected date for project completion. Update the Project Risk Register to include and assess the risk of the budget not being sufficient to cover the proposed body of work being conducted under the project. 5. Benefits realisation strategy to be defined: The EMS project should develop a strategy that defines how the achievement of project objectives and 4

5 benefits will be measured. This can be used to measure the success of the project. 5

6 Appendix A Focus areas of our project assessment The evaluation framework we use for our project assessment reviews is based on a core set of principles which we refer to as the Six Pillars of Project Excellence. This framework (as illustrated in the following diagram) provides a foundation for our assessments on all projects and has been used successfully in providing our independent, forward-looking views on the status of critical elements of major projects. The table below provides some further perspectives in respect of each of the six pillars of project excellence: Project Pillar: 1. Scope is realistic and managed Our experience tells us that project scope is often defined in more than one way and that an active, ongoing scope management process is needed to ensure that stakeholder expectations remain aligned with the agreed scope throughout the project. 2. Business benefits are realised Business benefits may be well defined at the outset, but without ongoing focus and accountability, their realisation is often elusive. Our evaluation will focus on the way the project plans for and tracks progress in relation to costs and business benefits, as well as responsibility and accountability for benefits realisation post-implementation. Liability is limited by the Accountant's Scheme under the Professional Standards Act 1994 (NSW) 6

7 Project Pillar: 3. Work and schedule are predictable Project plans and schedules may be well constructed, but may not take into account variables outside the control of the project. Our review will consider the quality of plans and schedules, including the effectiveness of tracking progress and updating plans to reflect emerging risks and issues. 4. Stakeholders are committed The needs and commitment of primary and secondary stakeholders need to be identified and monitored throughout the project. Where changes occur in the circumstances of key stakeholders, this can undermine commitment and in turn adversely impact the ability of the project to meet expectations. 5. Team is high performing This is a complex area, with many factors which can impact project effectiveness. Our review will consider the adequacy of staffing for the project; recruitment, development and retention strategies; and the management of risks related to staff turnover and performance. If considered appropriate, we will propose the involvement of some of our Performance Improvement specialists to assist in addressing issues related to people, culture and performance in the project. 6. Risks are understood and managed Risk management will be a core focus area of all our reviews. We will look beyond the normal processes of risk assessment and maintaining a risk register, to consider how the management of strategic and operational risk, including people related risk, is built into the structure and operations of the project. 7

8 PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. Liability is limited by the Accountant' s Scheme under the Professional Standards Act 1994 ( NSW) 8

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

Aberdeen City Council IT Governance

Aberdeen City Council IT Governance Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or

More information

Aberdeen City Council IT Disaster Recovery

Aberdeen City Council IT Disaster Recovery Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

Process Improvement Plan

Process Improvement Plan Doc ID: Date: Revision: Status: Abstract This document describes the process improvement plan for Company XXX. Approvals Approvals. Signed. Date. Author Page 2 of 19 Sample Process Improvement Plan.doc

More information

Aberdeen City Council IT Asset Management

Aberdeen City Council IT Asset Management Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

Oxford City Council Managing Capital Projects

Oxford City Council Managing Capital Projects www.pwc.co.uk Internal Audit Report 2014/2015 August 2015 Oxford City Council Managing Capital Projects Table of Contents 1. Executive Summary... 3 2. Background and scope... 5 3. Detailed findings...

More information

Comprehensive Assessment Q&A. 22 October 2014

Comprehensive Assessment Q&A. 22 October 2014 Comprehensive Assessment Q&A 22 October 2014 This document has been prepared to assist the ECB media team with queries on the comprehensive assessment. SSM in Numbers Description Number Number of banks

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

Audit Committee, 20 March 2014. Internal Audit Report Partners Expenses. Executive summary and recommendations. Introduction

Audit Committee, 20 March 2014. Internal Audit Report Partners Expenses. Executive summary and recommendations. Introduction Audit Committee, 20 Internal Audit Report Partners Expenses Executive summary and recommendations Introduction Mazars have undertaken a review of the HCPC s controls and processes for ensuring partners

More information

The report rated this area Substantial Assurance and made 2 housekeeping recommendations.

The report rated this area Substantial Assurance and made 2 housekeeping recommendations. Audit Committee 21 June 2012 Internal audit report Risk Management review Executive summary and recommendations Introduction Mazars have undertaken a review of Risk Management, in accordance with the internal

More information

LONDON BOROUGH OF SOUTHWARK

LONDON BOROUGH OF SOUTHWARK APPENDIX 1 LONDON BOROUGH OF SOUTHWARK The annual report to the Audit & Governance Committee on Risk and Insurance for 2011/12, and the key corporate risks Presented to the Audit & Governance Committee

More information

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

The end of SAS70 what next for Performance Assurance?

The end of SAS70 what next for Performance Assurance? Enhancing Trust and Transparency The end of SAS70 what next for Performance Assurance? A perspective on transitioning from SAS 70 to ISAE 3402 pwc Enhancing Trust and Transparency 1 Contents What you need

More information

MNLARS Project Audit Checklist

MNLARS Project Audit Checklist Audit Checklist The following provides a detailed checklist to assist the audit team in reviewing the health of a project. Relevance (at this time) How relevant is this attribute to this project or audit?

More information

Project Audit & Review Checklist. The following provides a detailed checklist to assist the PPO with reviewing the health of a project:

Project Audit & Review Checklist. The following provides a detailed checklist to assist the PPO with reviewing the health of a project: Project Audit & Review Checklist The following provides a detailed checklist to assist the PPO with reviewing the health of a project: Relevance (at this time) Theory & Practice (How relevant is this attribute

More information

The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17

The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17 The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17 Summary This paper sets out the University s current obligations and arrangements for

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

Auxilion Service Desk as a Service. Service Desk as a Service. Date January 2015. www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1

Auxilion Service Desk as a Service. Service Desk as a Service. Date January 2015. www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1 Title Service Desk as a Service Date January 2015 www.auxilion.com Commercial in Confidence Auxilion 2015 Page 1 1. Disclaimer All information contained in this document is provided in confidence to the

More information

Part E: Contract management

Part E: Contract management Overview Part A: Strategic assessment Part B1: Business case developing the business case Part B2: Business case procurement options Part B3: Business case funding and financing options Part C: Project

More information

Aberdeen City Council. Fleet Management Final Report

Aberdeen City Council. Fleet Management Final Report Aberdeen City Council Fleet Management Final Report Internal Audit Report 2013/2014 for Aberdeen City Council February 2014 Internal Audit KPI Targets Target Dates Actual Dates Red/Amber/ Green Commentary

More information

Queensland State Archives. Strategic Recordkeeping Implementation Plan Workbook

Queensland State Archives. Strategic Recordkeeping Implementation Plan Workbook Queensland State Archives Strategic Recordkeeping Implementation Plan Workbook 1 Document Details Version 1 Version 1.01 Version 2 21 March 2002: Released to State and Local Authorities 9 January 2003:

More information

Australian National Audit Office. Human Resource Management Performance Audit

Australian National Audit Office. Human Resource Management Performance Audit Australian National Audit Office Human Resource Management Performance Audit December 2008 Australian National Audit Office Human Resource Management Performance Audit December 2008 Commonwealth of Australia

More information

Assuring success in large business programs Internal audit s role in strategic risk management

Assuring success in large business programs Internal audit s role in strategic risk management The resilience, reputation and value of a company can be positively influenced by successful transformation projects. Assuring success in large business programs Internal audit s role in strategic risk

More information

3D Online Education Initiative

3D Online Education Initiative 3D Online Education Initiative Date: July 2013 Contents 1. 3D Online Education initiative... 4 1.1 Introduction... 4 1.2 Outline of the 3D Online Education initiative... 4 1.2.1 Summary of initiative...

More information

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

Internal Audit. Audit of HRIS: A Human Resources Management Enabler Internal Audit Audit of HRIS: A Human Resources Management Enabler November 2010 Table of Contents EXECUTIVE SUMMARY... 5 1. INTRODUCTION... 8 1.1 BACKGROUND... 8 1.2 OBJECTIVES... 9 1.3 SCOPE... 9 1.4

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office IT Procurement Review Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Last updated 18 June 2012 Will Simpson Senior Manager T: 0161 953 6486 E: will.g.simpson@uk.gt.com

More information

South Northamptonshire Council Contract Assurance: Leisure Contract

South Northamptonshire Council Contract Assurance: Leisure Contract South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013 Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

UNIVERSITY OF CALIFORNIA, DAVIS INTERNAL AUDIT SERVICES. University of California Davis Medical Center Electronic Medical Records Project #04-44

UNIVERSITY OF CALIFORNIA, DAVIS INTERNAL AUDIT SERVICES. University of California Davis Medical Center Electronic Medical Records Project #04-44 , DAVIS INTERNAL AUDIT SERVICES University of California Davis Medical Center Electronic Medical Records Project #04-44 October 2006 Fieldwork Performed by: Tim Bryan, Principal Auditor Reviewed by: Tom

More information

Audit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction

Audit Committee, 13 March 2013. Internal Audit Report Project Management. Executive summary and recommendations. Introduction Audit Committee, 13 March 2013 Internal Audit Report Project Management Executive summary and recommendations Introduction Mazars has undertaken a review of the arrangements for project management in accordance

More information

Maine State Innovation Model Risk and Issue Mitigation Plan and Process

Maine State Innovation Model Risk and Issue Mitigation Plan and Process Maine State Innovation Model Risk and Issue Mitigation Plan and Process Table of Contents 1) Maine SIM Risk and Issue Mitigation Process a) Risk Log b) Steps for SIM Risk Creation c) Governance Involvement

More information

Project Charter. ISO 20k Certification Project

Project Charter. ISO 20k Certification Project Computing Sector ISO 20k Certification Project Version 1.1 9/25/2012 DocDB # 4904 PREPARED BY: Robert D. Kennedy CONCURRENCES: Name Date Name Date Project Sponsor Executive Director

More information

Delivering deal value

Delivering deal value Delivering deal value The seven fundamental tenets of successful M&A Integration Consulting services Introduction Research shows that most merger integrations fail to meet their expectations. The deals

More information

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

Driving Excellence in Implementation and Beyond The Underlying Quality Principles SAP Thought Leadership Paper SAP Active Quality Management Driving Excellence in Implementation and Beyond The Underlying Quality Principles 2014 SAP AG or an SAP affiliate company. All rights reserved.

More information

Standard Terms of Engagement. and. Terms of Business

Standard Terms of Engagement. and. Terms of Business Standard Terms of Engagement and Terms of Business Contents 1. Standard Terms of Engagement of Keirs Carr... 4 1.1 Accounting Services... 4 Accounting Services... 4 Compilation of Financial Statements...

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

Bath & North East Somerset Council

Bath & North East Somerset Council Government and Public Sector September 2006 Bath & North East Somerset Council Contents Section Page Introduction... 3 Executive Summary... 5 Detailed Findings... 8 Observations and recommendations...

More information

Status Report of the Auditor General of Canada to the House of Commons

Status Report of the Auditor General of Canada to the House of Commons 2011 Status Report of the Auditor General of Canada to the House of Commons Chapter 1 Financial Management and Control and Risk Management Office of the Auditor General of Canada The 2011 Status Report

More information

Joint Operating Procedures of the ACO and AER. Regan Smith, Manager, Aboriginal Engagement, Alberta Stakeholder Engagement September 24, 2015

Joint Operating Procedures of the ACO and AER. Regan Smith, Manager, Aboriginal Engagement, Alberta Stakeholder Engagement September 24, 2015 Joint Operating Procedures of the ACO and AER Regan Smith, Manager, Aboriginal Engagement, Alberta Stakeholder Engagement September 24, 2015 First Nations Consultation The Government of Alberta (GoA) requires

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Project Governance Plan Next Generation 9-1-1 Project Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1)

Project Governance Plan Next Generation 9-1-1 Project Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1) Oregon Military Department, Office of Emergency Management, 9-1-1 Program (The OEM 9-1-1) Date: October 1, 2014 Version: 3.1 DOCUMENT REVISION HISTORY Version Date Changes Updated By 0.1 02/13/014 Initial

More information

Department of the Environment and Local Government. Project Management. Public Private Partnership Guidance Note 7. 14 April 2000

Department of the Environment and Local Government. Project Management. Public Private Partnership Guidance Note 7. 14 April 2000 Project Management Project Management Public Private Partnership Guidance Note 7 14 April 2000 Guidance Note 7 14 April 2000 Project Management Contents Section Page I INTRODUCTION...1 SCOPE AND PURPOSE

More information

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed

More information

Goodbye, SAS 70! Hello, SSAE 16!

Goodbye, SAS 70! Hello, SSAE 16! Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70

More information

Governance, Risk and Best Value Committee

Governance, Risk and Best Value Committee Governance, Risk and Best Value Committee 2.00pm, Wednesday 23 September 2015 Internal Audit Report: Integrated Health & Social Care Item number Report number Executive/routine Wards Executive summary

More information

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version) Smart Meters Programme Schedule 2.5 (Security Management Plan) (CSP South version) Schedule 2.5 (Security Management Plan) (CSP South version) Amendment History Version Date Author Status v.1 Signature

More information

Project Knowledge Areas

Project Knowledge Areas From Houston S: The Project Manager s Guide to Health Information Technology Implementation. Chicago: HIMSS; 2011; pp 27 39. This book is available on the HIMSS online bookstore at www. himss.org/store.

More information

Insurer audit manual

Insurer audit manual Insurer audit manual Disclaimer This publication may contain work health and safety and workers compensation information. It may include some of your obligations under the various legislations that WorkCover

More information

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project

Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Information Management Advice 35: Implementing Information Security Part 1: A Step by Step Approach to your Agency Project Introduction This Advice provides an overview of the steps agencies need to take

More information

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014 An Introduction to Risk Management For Event Holders in Western Australia May 2014 Tourism Western Australia Level 9, 2 Mill Street PERTH WA 6000 GPO Box X2261 PERTH WA 6847 Tel: +61 8 9262 1700 Fax: +61

More information

Knowledge is power. Consumer Protection Act Series #1

Knowledge is power. Consumer Protection Act Series #1 www.pwc.com/za/retail-and-consumer Knowledge is power Consumer Protection Act Series #1 Make sure you don t get it wrong on consumer rights November 2010 In this issue: We provide an overview of the Consumer

More information

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning

More information

INTERNAL AUDIT DIVISION AUDIT REPORT 2013/020. Audit of the Umoja software system (SAP) implementation

INTERNAL AUDIT DIVISION AUDIT REPORT 2013/020. Audit of the Umoja software system (SAP) implementation INTERNAL AUDIT DIVISION AUDIT REPORT 2013/020 Audit of the Umoja software system (SAP) implementation Overall results relating to effective implementation and configuration of the SAP system were initially

More information

Building a Strategic Internal Audit Function. A 10-Step Framework

Building a Strategic Internal Audit Function. A 10-Step Framework Building a Strategic Internal Audit Function A 10-Step Framework Ten steps to a strategically focused internal audit function With passage of the Sarbanes-Oxley Act and the push for exchange-listed companies

More information

Quick Guide: Managing ICT Risk for Business

Quick Guide: Managing ICT Risk for Business Quick Guide: Managing ICT Risk for Business This Quick Guide is one of a series of information products aimed at helping small to medium sized enterprises identify and manage risks when assessing, buying

More information

Gateway review guidebook. for project owners and review teams

Gateway review guidebook. for project owners and review teams Gateway review guidebook for project owners and review teams The State of Queensland (Queensland Treasury and Trade) 2013. First published by the Queensland Government, Department of Infrastructure and

More information

State University of New York Charter Renewal Benchmarks Version 5.0, May 2012

State University of New York Charter Renewal Benchmarks Version 5.0, May 2012 State University of New York Charter Renewal Benchmarks Version 5.0, May 2012 Introduction The State University of New York Charter Renewal Benchmarks 1 (the Benchmarks ) serve two primary functions at

More information

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement

Auditor General s Office. Governance and Management of City Computer Software Needs Improvement Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City

More information

Introduction to Procurement

Introduction to Procurement Introduction to Procurement Why is procurement important? Client needs are unique and consequently each project meeting those needs has unique characteristics. This means that achieving the right project

More information

Datalynx Project Delivery Methodology and PCTM Methodology For Legacy Data Cleansing & Migration

Datalynx Project Delivery Methodology and PCTM Methodology For Legacy Data Cleansing & Migration Datalynx Project Delivery Methodology and For Legacy Data Cleansing & Migration Title: Datalynx for Migrating Legacy Data Revision: V1.4 Copyright 2014 - Datalynx Pty Ltd. All rights reserved. www.datalynx.com.au

More information

BRITISH COLUMBIA INSTITUTE OF TECHNOLOGY ( BCIT ) PROJECT BUSINESS PLAN PROPOSAL TEMPLATE

BRITISH COLUMBIA INSTITUTE OF TECHNOLOGY ( BCIT ) PROJECT BUSINESS PLAN PROPOSAL TEMPLATE BRITISH COLUMBIA INSTITUTE OF TECHNOLOGY ( BCIT ) PROJECT BUSINESS PLAN PROPOSAL TEMPLATE 1 PROJECT PROPOSAL PREAMBLE To obtain project approval from BCIT each school/department must submit a Project Business

More information

IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know

IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen

More information

FISCAL PLAN RESPONSE TO THE AUDITOR GENERAL

FISCAL PLAN RESPONSE TO THE AUDITOR GENERAL Government FISCAL PLAN RESPONSE TO THE AUDITOR GENERAL OCTOBER 2015 127 TABLE OF CONTENTS RESPONSE TO THE AUDITOR GENERAL October 2015.... 129 128 RESPONSE TO THE AUDITOR GENERAL FISCAL PLAN 2016 19 RESPONSE

More information

INTERNAL AUDIT SERVICES Glenorchy City Council Internal audit report of Derwent Entertainment Centre financial business and operating systems

INTERNAL AUDIT SERVICES Glenorchy City Council Internal audit report of Derwent Entertainment Centre financial business and operating systems INTERNAL AUDIT SERVICES Internal audit report of Derwent Entertainment Centre financial business and operating systems ADVISORY Contents Executive summary...2 Internal audit findings...4 Summary of other

More information

External Audit BV Performance Report: Delivering Change Management and Financial Sustainability

External Audit BV Performance Report: Delivering Change Management and Financial Sustainability CLACKMANNANSHIRE COUNCIL THIS PAPER RELATES TO ITEM 05 ON THE AGENDA Report to: Resources and Audit Committee Date of Meeting: 24 September 2015 Subject: External Audit BV Performance Report: Delivering

More information

The principal purposes of the Audit Committee ( Committee ) of the Board of Directors ( Board ) of CSRA Inc. (the Company ) are to:

The principal purposes of the Audit Committee ( Committee ) of the Board of Directors ( Board ) of CSRA Inc. (the Company ) are to: CSRA Inc. AUDIT COMMITTEE CHARTER (EFFECTIVE December 16, 2015) I. PURPOSES OF THE COMMITTEE The principal purposes of the Audit Committee ( Committee ) of the Board of Directors ( Board ) of CSRA Inc.

More information

OFFICE OF THE PRIVACY COMMISSIONER OF CANADA. Audit of Human Resource Management

OFFICE OF THE PRIVACY COMMISSIONER OF CANADA. Audit of Human Resource Management OFFICE OF THE PRIVACY COMMISSIONER OF CANADA Audit of Human Resource Management May 13, 2010 Prepared by the Centre for Public Management Inc. TABLE OF CONTENTS 1.0 Executive Summary... 2 2.0 Background...

More information

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction

More information

STUDENT INFORMATION SYSTEM PLANNING PROJECT

STUDENT INFORMATION SYSTEM PLANNING PROJECT Name of Responder: CIBER Inc, CIBER Enterprise Solutions Tom Payne Director of Sales 3556 Burch Ave Cincinnati, OH 45208 (o) 513-321-4090 (m) 513-403-6462 (f) 513-321-3868 tpayne@ciber.com Bruce Moore

More information

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013 Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council This version of the report is a draft. Its contents and subject matter remain under review and its contents

More information

Special Purpose Reports on the Effectiveness of Control Procedures

Special Purpose Reports on the Effectiveness of Control Procedures Auditing Standard AUS 810 (July 2002) Special Purpose Reports on the Effectiveness of Control Procedures Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation

More information

2015 Release Review. Overarching Report

2015 Release Review. Overarching Report 2015 Release Review Overarching Report Australian Taxation Office 2015 Release Review Overarching Report July 2015 Liability limited by a scheme approved under Professional Standards Legislation Contents

More information

The Higher Education Authority Review of the processes employed by the University of Limerick to inquire into allegations made by Persons A, B and C

The Higher Education Authority Review of the processes employed by the University of Limerick to inquire into allegations made by Persons A, B and C The Higher Education Authority Review of the processes employed by the University of Limerick to inquire into allegations made by Persons A, B and C 29 January 2016 Report version: Final Contents 1. EXECUTIVE

More information

ERP Systems: Audit and Control Risks

ERP Systems: Audit and Control Risks ERP Systems: Audit and Control Risks Jennifer Hahn Deloitte & Touche ISACA Spring Conference April 26, 1999 Session Learning Objectives At the end of this session, the participant should be able to: Understand

More information

Membership Application OTASA Scheme of Co-operation

Membership Application OTASA Scheme of Co-operation MEDICAL PROTECTION SOCIETY PROFESSIONAL SUPPORT AND EXPERT ADVICE Membership Application OTASA Scheme of Co-operation 012 362 5457 Please complete all parts of this form in BLACK INK and BLOCK CAPITALS

More information

Metrics by design A practical approach to measuring internal audit performance

Metrics by design A practical approach to measuring internal audit performance Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.

More information

Review of pre-hospital emergency care services to ensure high quality in the assessment, diagnosis, clinical management and transporting of acutely

Review of pre-hospital emergency care services to ensure high quality in the assessment, diagnosis, clinical management and transporting of acutely Review of pre-hospital emergency care services to ensure high quality in the assessment, diagnosis, clinical management and transporting of acutely ill patients to appropriate healthcare facilities 2 December

More information

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April 2008 1

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April 2008 1 Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS April 2008 1 Contents 1 Introduction 3 2 Management Systems 2.1 Management Systems Introduction 3 2.2 Quality Management System

More information

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08

Performance Detailed Report. May 2008. Review of Performance Management. Norwich City Council. Audit 2007/08 Performance Detailed Report May 2008 Review of Performance Management Audit 2007/08 External audit is an essential element in the process of accountability for public money and makes an important contribution

More information

Internal Audit at the University of Cambridge.

Internal Audit at the University of Cambridge. Internal Audit at the University of Cambridge. Contents Introduction to Deloitte 1 Our team 2 What is Internal Audit? 4 Our approach to Internal Audit 5 Authority and reporting lines 7 Planning 8 Ad Hoc

More information

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology... Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact...

More information

ITIL v3 Process Cheat Sheets

ITIL v3 Process Cheat Sheets CEB Infrastructure Leadership Council ITIL v3 Process Cheat Sheets 2014 CEB. All rights reserved. IEC8051414SYN 1 ITIL v3 Process Cheat Sheets The ITIL v3 process cheat sheets include a definition, description

More information

Information Technology Project Oversight Framework

Information Technology Project Oversight Framework i This Page Intentionally Left Blank i Table of Contents SECTION 1: INTRODUCTION AND OVERVIEW...1 SECTION 2: PROJECT CLASSIFICATION FOR OVERSIGHT...7 SECTION 3: DEPARTMENT PROJECT MANAGEMENT REQUIREMENTS...11

More information

FIDUCIAN AUSTRALIAN SHARES FUND

FIDUCIAN AUSTRALIAN SHARES FUND PRODUCT DISCLOSURE STATEMENT FIDUCIAN AUSTRALIAN SHARES FUND ARSN 093 542 271 2 MARCH 2015 This Product Disclosure Statement (PDS) provides a summary of significant information about the Fiducian Australian

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

Strategic Plan. New Zealand Fire Service Commission to 2005 2010

Strategic Plan. New Zealand Fire Service Commission to 2005 2010 Strategic Plan New Zealand Fire Service Commission to 2005 2010 Table of contents Forward from the Chairperson...3 Summarises the purpose, content and logic behind the Commission s strategic direction.

More information

Module 6 Documenting Processes and Controls

Module 6 Documenting Processes and Controls A logical place to begin any comprehensive evaluation of internal controls is at the top entity-level controls that might have a pervasive effect on the organization. This includes a consideration of factors

More information

PART A: OVERVIEW...1 1. Introduction...1. 2. Applicability...2. 3. Legal Provisions...2. 4. Effective Date...2

PART A: OVERVIEW...1 1. Introduction...1. 2. Applicability...2. 3. Legal Provisions...2. 4. Effective Date...2 PART A: OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provisions...2 4. Effective Date...2 PART B: INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS...3 5. Overview of ICAAP...3 6. Board and

More information

Building a Strategic Internal Audit Function

Building a Strategic Internal Audit Function Internal Audit Building a Strategic Internal Audit Function Ten steps to a strategically focused internal audit function With the passage of internal control related rules and regulations in countries

More information

Guidance Statement GS 011 Third Party Access to Audit Working Papers

Guidance Statement GS 011 Third Party Access to Audit Working Papers GS 011 (April 2009) Guidance Statement GS 011 Third Party Access to Audit Working Papers Issued by the Auditing and Assurance Standards Board GS 011-1 - GUIDANCE STATEMENT Obtaining a Copy of this Guidance

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

1. Trustees annual report

1. Trustees annual report 1. Trustees annual report Accounting and reporting by charities Overview and the purpose of the trustees annual report 1.1. The primary purpose of the trustees annual report (the report) is to ensure that

More information

NSW GOVERNMENT RESPONSE

NSW GOVERNMENT RESPONSE NSW GOVERNMENT RESPONSE to the REPORT OF THE LEGISLATIVE COUNCIL GENERAL PURPOSE STANDING COMMITTEE NO. 2 INQUIRY INTO THE PROVISION OF EDUCATION TO STUDENTS WITH A DISABILITY OR SPECIAL NEEDS January

More information

National IT Project Management Methodology

National IT Project Management Methodology NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA National IT Project Management Methodology Project Reporting Support Guide Version 0.5 Project Reporting Support Guide version 0.5 Page 1 Document Version

More information