Internal Audit Report



Similar documents
Internal Audit Report. Chief Executive s Unit. Review of Contract Management

ARGYLL AND BUTE COUNCIL SUPPORT SERVICES REVIEW 15 DECEMBER 2011 SUMMARY REPORT

Hertsmere Borough Council. Data Quality Strategy. December

Version No: 2 Date: 27 July Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Glasgow Life Performance Management. Final Report

ARGYLL & BUTE COUNCIL Internal Audit Section INTERNAL AUDIT REPORT

LSB Procurement Framework

Auditing data protection a guide to ICO data protection audits

Information Governance Framework

Corporate Data Quality Policy

LONDON BOROUGH OF HARROW. Overview & Scrutiny Committee

DATA QUALITY STRATEGY

CARE QUALITY COMMISSION -ESSENTIAL STANDARDS OF QUALITY AND SAFETY

AMAA Distribution Standards

GLASGOW LIFE ATTENDANCE MANAGEMENT

Higher National Unit Specification. General information for centres. Occupational Therapy Support: Audit. Unit code: F3NE 34

Internal Audit at the University of Cambridge.

7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers

1.1 Terms of Reference Y P N Comments/Areas for Improvement

NHS LQF 360 ETHICAL DILEMMAS

INTERNATIONAL STANDARD ON RELATED SERVICES 4400 ENGAGEMENTS TO PERFORM AGREED-UPON PROCEDURES REGARDING FINANCIAL INFORMATION CONTENTS

SCHEDULE 3 Generalist Claims 2015

Information Integrity & Data Management

APPENDIX B: FINANCIAL PLANNING AND CONTROL OF RESOURCES

Information Commissioner's Office

SCRUTINY COMMITTEE ITEM MARCH 2012

CORPORATE RECORDS MANAGEMENT POLICY

Certification criteria for. Internal QMS Auditor Training Course

CCG: IG06: Records Management Policy and Strategy

PROGRESS THROUGH PARTNERSHIP MAKING A DIFFERENCE GUIDANCE PERFORMANCE MANAGEMENT FRAMEWORK AND CONTINUOUS IMPROVEMENT

Asset Protection Agreement Templates - Customer Explanatory Notes. Explanatory Notes on Asset Protection Agreement

SESSION 3 AUDIT PLANNING

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Compliance. Group Standard

Data Protection. Policy and Application July 2009

Fit and Proper Assessment Best Practice

JOB DESCRIPTION. Marketing Executive Donor Recruitment Animal Welfare Promotion. Marketing Manager, Recruitment

An Export Marketing Research Project. Guidance Notes

Discussion Paper on the Validation of Pharmacovigilance Software provided via SaaS

College of Occupational Therapists Specialist Section Independent Practice. Code of Business Practice

Information Governance Policy

ESKITP5023 Software Development Level 3 Role

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

Information Governance Strategy & Policy

Invitation to Quote for General Fund Assets Revaluation for Resource Accounting 2015/ /20.

Appendix D Programme Stream 6 CRM Procurement. Programme Stream 6 Remodelling of Customer Services Programme CRM Procurement

a) To achieve an effective Quality Assurance System complying with International Standard ISO9001 (Quality Systems).

RULES FOR THE BOARD OF DIRECTORS WRIGHT MEDICAL GROUP N.V. ST\ASD\

UNIVERSITY OF BIRMINGHAM CODE OF PRACTICE ON EXTERNAL EXAMINING (TAUGHT PROVISION)

Project Management Fact Sheet:

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy? Scope of this Policy Principles of data quality...

Delivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for LEAs

APPENDIX: CHECKLIST COMPLIANCE WITH THE CODE

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt. Monitoring & Audit

Internal Audit Final Report Strategic Finance Accounts Receivable March 2014

council s Budget and Financial Planning Framework

THE REAL ESTATE CODE CONDUCT, ETHICS AND BEHAVIOUR IN REAL ESTATE

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Competence Requirements for Audit Professionals

ITEM NO: 4. Date: 23 March Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

WHEN BUSINESS GETS PERSONAL A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS PERSONAL DATA PROTECTION COMMISSION

STATEMENT OF AUDITING STANDARDS 300 AUDIT RISK ASSESSMENTS AND ACCOUNTING AND INTERNAL CONTROL SYSTEMS

Purchasing Card CARDHOLDER MANUAL

TEMPLATE DATA MANAGEMENT PLAN

Security Incident Management Process. Prepared by Carl Blackett

ANTI-MONEY LAUNDERING POLICY AND GUIDANCE NOTES

Trust Operational Policy. Information Security Department. Third Party Remote Access Policy

Code of Corporate Governance

ANTI-MONEY LAUNDERING POLICY. Introduction

Internal Audit Strategic and Annual Plans 2015/16

Internal Audit Charter. Version 1 (7 November 2013)

CODE GOVERNANCE COMMITTEE CHARTER. 1 Functions and responsibilities of the Code Governance Committee

DRAFT PROCUREMENT AND TENDERING PROCEDURES. (Revised October 2006)

Cumbria Constabulary. Business Continuity Planning

Transcription:

Internal Audit Report CUSTOMER SERVICES DEPARTMENT Review of the Iken Case Management System November 2012

1 INTRODUCTION This report has been prepared as a result of the Internal Audit review of the Iken Case Management System as part of the 2012/13 Internal Audit programme. Management must ensure that applications perform properly the business activity for which they were designed. The purpose of application controls is to ensure the completeness, accuracy, security and effectiveness of input processing and output. These controls may be provided either by programming within the application system or by manual controls exercised by users or the IT Service. 2 AUDIT SCOPE AND OBJECTIVES The scope of this review is limited to the Internal Control Questionnaire (ICQ) issued to the Iken Case Management Systems Administrator for completion. The overall objective is to ascertain whether the system incorporates adequate internal controls, ensure that they are effective and are not invalidated when changes are made. A systems-based auditing approach has been employed to assess the Iken Case Management system s internal controls to ensure that they are sound and the transactions are properly recorded and processed. The following areas were reviewed using CIPFA SBA control matrices for Application Controls. This will ensure that procedures and processes are in place through examination of the ICQ Questionnaire answers in the areas detailed below. Requests for system documentation have also been requested to be lodged with Internal Audit Department. Compliance Logical Security Controls User Security Controls Parameter Data Transaction Input Data Processing Output System Availability Audit Trail 3 RISK ASSESSMENT As part of the audit process and in conjunction with our Systems Based Auditing, ICQ approach, the Risk Register was reviewed to identify any areas that needed to be included within the audit. 1

SR 16 - Failure to have a robust internal control system. 4 CORPORATE GOVERNANCE There are no Corporate Governance issues to be reported as a result of this audit. 5 MAIN FINDINGS There were no significant findings resulting from the tests that were completed during the course of the audit and one recommendation has been made (see 6 below). The Iken Case Management team continue to provide a well controlled service. A Completed Application Controls Questionnaire reply was received. 6 RECOMMENDATIONS The audit generated one recommendation that has been agreed with management. With regard to System Availability it is recommended that an Impact assessment and Business Continuity Planning process should be undertaken for the application (See action plan at APPENDIX 2) 7 AUDIT OPINION Internal Audit is satisfied that the Iken Case Management Systems Administrator has answered the ICQ in an appropriate manner. Based on audit findings we can conclude that the Iken Case Management System staff were able to provide answers indicating their adherence to current controls. That in examination of the ICQ answers, one minor matter was identified and this has been discussed with management. Recommendations arising from the audit work should be implemented by the nominated responsible officer within the agreed timescale. Recommendations not implemented will require explanation to the Audit Committee. This could lead to findings being reported in the Internal Control Statement produced by the Council in support of the Annual Accounts. 2

8 ACKNOWLEDGEMENTS Thanks are due to the Iken Case Management Systems Administrator and their team for their co-operation and assistance during the Audit and the preparation of the report and action plan. Argyll and Bute Council s Internal Audit section has prepared this report. Our work was limited to the objectives in Section 2. We cannot be held responsible or liable if information material to our task was withheld or concealed from us, or misrepresented to us. This report is private and confidential for the Council s information only and is solely for use in the provision of an internal audit service to the Council. The report is not to be copied, quoted or referred to, in whole or in part, without prior written consent. 3

APPENDIX 2 ACTION PLAN No. FINDINGS PRIORITY RECOMMENDATION RESPONSIBLE OFFICER 1 System Availability That business continuity Legal Services No Impact assessment or planning and impact Manager - business continuity assessment should be Commercial Medium planning has been undertaken. undertaken. IMPLEMENTATION DATE 31 March 2013 1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information