Example: bachelor of science

Audit of IT Asset Management Report

Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 1 Audit of IT Asset Management Report Office of Audit and Ethics July 10, 2012 Recommended by the Departmental Audit Committee for approval by the President on July 10, 2012 Approved by the President on September 4, 2012 e-Doc : 3854899 Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 2 Table of Contents EXECUTIVE SUMMARY .. 3 1. INTRODUCTION .. 5 5 OBJECTIVE AND 6 ANALYSIS OF RISKS AND Audit 7 APPROACH AND 7 STATEMENT OF 8 2. OBSERVATIONS AND RECOMMENDATIONS .. 8 GOVERNANCE 8 ACQUISITION, REPLACEMENT AND DISPOSAL OF 9 Management OF IT 12 3. INVENTORY TESTING .. 16 4. OVERALL 18 5. OVERALL CONCLUSION .. 18 APPENDIX A DETAILED Audit 19 APPENDIX B OVERVIEW OF Audit RECOMMENDATIONS AND Management RESPONSE AND ACTION PLANS (MAP) .. 20 Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 3 Executive Summary Background Information technology (IT) plays an important role in CNSC operations, and represents an essential component of the organization s strategy to address challenges of increasing productivity and enhancing mandated services for the benefit of citizens, businesses and employees.

Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 6 1.2. Objective and scope The objectives of the audit were as follows: • To determine whether adequate and effective IT asset management processes and controls are in place, in order to maintain the integrity of the IT assets while

Fullscreen Download

Tags:

  Management, Asset, Integrity, Asset management

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Audit of IT Asset Management Report

1 Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 1 Audit of IT Asset Management Report Office of Audit and Ethics July 10, 2012 Recommended by the Departmental Audit Committee for approval by the President on July 10, 2012 Approved by the President on September 4, 2012 e-Doc : 3854899 Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 2 Table of Contents EXECUTIVE SUMMARY .. 3 1. INTRODUCTION .. 5 5 OBJECTIVE AND 6 ANALYSIS OF RISKS AND Audit 7 APPROACH AND 7 STATEMENT OF 8 2. OBSERVATIONS AND RECOMMENDATIONS .. 8 GOVERNANCE 8 ACQUISITION, REPLACEMENT AND DISPOSAL OF 9 Management OF IT 12 3. INVENTORY TESTING .. 16 4. OVERALL 18 5. OVERALL CONCLUSION .. 18 APPENDIX A DETAILED Audit 19 APPENDIX B OVERVIEW OF Audit RECOMMENDATIONS AND Management RESPONSE AND ACTION PLANS (MAP) .. 20 Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 3 Executive Summary Background Information technology (IT) plays an important role in CNSC operations, and represents an essential component of the organization s strategy to address challenges of increasing productivity and enhancing mandated services for the benefit of citizens, businesses and employees.

2 Due to the growth in activities related to the nuclear sector, the CNSC has recruited a number of highly skilled professionals in the scientific, technical and administrative fields. Over the past four years, in order to meet this expansion in the number of full-time staff members, the CNSC has made several investments in IT hardware and software. Since these represent attractive and important assets, an independent examination of the accuracy and completeness of the inventory and records was proposed to Management . This Audit was approved in the CNSC Risk-Based Audit Plan for 2011 14. Objective and Scope The objectives of the Audit were the following: To determine whether adequate and effective IT Asset Management processes and controls are in place, in order to maintain the integrity of the IT assets while meeting the CNSC s and Government of Canada s requirements. To provide Management with assurance that the IT Asset inventory and records are complete and accurate.

3 The scope of the Audit was limited to CNSC s information technology hardware and software inventories, including IT Asset Management practices in place as of July 2011. The Audit s focus was on systems and practices used in the governance, Management , control and oversight of IT hardware and software assets. The Audit testing excluded: Laptops: An inventory test count for laptops was included in the terms of reference (TOR) for this Audit . However, at the time of the Audit , the Information Management and Technology Division (IMTD) had not completed their inventory count of laptops, and could not provide a final list. The CNSC may decide to have the laptops subjected to a future Audit . Telecommunication equipment (such as Blackberries and cellular telephones) was not included in the TOR for this Audit . The CNSC President requested that an Audit of this equipment be conducted. Therefore, the OAE plans to table an Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 4 Audit of mobile telecommunication equipment at the July 2012 Audit Committee meeting.

4 For logistical reasons, the inventory audited did not include the regional offices. Approach and Methodology The planned approach was to review documentation and interview key employees and managers, in order to identify the risks associated with IT Asset Management and to assess whether controls are in place to mitigate the risks. The Audit methodology included: Conducting interviews with managers and staff. Reviewing relevant CNSC and Government of Canada documents (including legislation, regulation, policies, directives, processes and procedures). Conducting tests on the accuracy of IMTD s inventory of IT assets. The Audit was conducted within the established parameters of the Treasury Board Policy on Internal Audit , as well as the Auditing Standards for the Government of Canada. Audit Findings The Audit found that there were no documented procedures for all the major activities involved in the Management of IT assets.

5 Management has not implemented a lifecycle plan to effectively manage the inventory of IT assets. The Audit also found that the process used to track and monitor IT assets had several controls weaknesses, which may result in a loss of assets. Furthermore, the Audit found that IMTD does not have a reliable method to track the software installed on CNSC computers and networks. Overall Recommendation Management should strengthen its IT Asset Management processes and systems, in order to meet both the CNSC s and the Treasury Board s requirements. The updated processes and systems should address all the recommendations outlined in this Report . Conclusion The Audit concluded that there was a lack of adequate and effective IT Asset Management processes and controls necessary to maintain the integrity of the IT assets. The Audit was unable to determine the completeness and accuracy of the software inventory, as no listing of installed software was available.

6 Improvements are needed, in order to: strengthen the governance structure; document processes and procedures; implement an integrated tracking tool; conduct regular monitoring and verification of assets; ensure that storage areas are secure and can safeguard IT assets. Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 5 1. Introduction Background Information technology (IT) plays an important role in CNSC operations and represents an essential component of the organization s strategy to increase productivity and enhance mandated services for the benefit of citizens, businesses and employees. Due to the growth in activities related to the nuclear sector, the CNSC has recruited a number of highly skilled professionals in the scientific, technical and administrative fields. Over the past four years, in order to meet this expansion in the number of full-time staff members, the CNSC has made several investments in IT hardware and software.

7 Since these represent attractive and important assets, an independent examination of the accuracy and completeness of the inventory and records was proposed to Management . This Audit is part of the approved Risk-Based Audit Plan for 2011 14. The Information Management and Technology Directorate (IMTD) develops and implements an IT planning process that is integrated with the CNSC s overall corporate planning process and aligned with the investment planning process. The resulting plan defines CNSC IM/IT directions, strategies, architecture and human resource capacity, and how these work together to achieve CNSC business and government-wide strategic objectives. The IM/IT Plan reflects CNSC priorities and outlines planned investments, including any acquired services. The CNSC s IM/IT Plan is reviewed annually, and updated as required. Government of Canada common or shared IT assets and services are used as much as possible at the CNSC, as a way to avoid duplication, when such assets and services are available and appropriate.

8 This strategy is aligned with the CNSC s IT Management practices, processes and technology architecture. IT assets and services are reviewed periodically, to identify opportunities for enhancing efficiency, effectiveness and innovation in collaboration with service providers, service users and other stakeholders. IMTD s objectives for Asset Management are to: Ensure that IT assets meet program needs as well as operational requirements. Ensure value for money in IT assets. Ensure that procurement activities stand the test of public scrutiny in matters of prudence and integrity , encourage competition, and reflect fairness in spending of public funds. Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 6 Objective and scope The objectives of the Audit were as follows: To determine whether adequate and effective IT Asset Management processes and controls are in place, in order to maintain the integrity of the IT assets while meeting the CNSC s and the Government of Canada s requirements.

9 To provide Management with assurance that the IT Asset inventory and records are complete and accurate. The scope of the Audit was limited to CNSC s information technology hardware and software inventories, and included IT Asset Management practices in place as of July 2011. The Audit focus was on systems and practices used in the governance, Management , control and oversight of IT hardware and software assets. The Audit testing excluded: Laptops: An inventory test count for laptops was included in the terms of reference (TOR) for this Audit . However, at the time of the Audit , IMTD had not completed their inventory count of laptops, and could not provide a final list. The CNSC may decide to have the laptops subjected to a future Audit . Telecommunication equipment (such as Blackberries and cellular telephones) was not included in the TOR for this Audit . The CNSC President requested that an Audit of this equipment be conducted. Therefore, the OAE plans to table an Audit of mobile telecommunication equipment at the July 2012 Audit Committee meeting.

10 For logistical reasons, the inventory audited did not include the regional offices. Furthermore, sufficient Audit coverage was obtained by only counting the headquarters region. The Audit fieldwork was conducted between October 4, 2011, and December 22, 2011. Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 7 Analysis of risks and Audit criteria The Audit team conducted a risk assessment exercise during the planning phase of the Audit . The purpose of the assessment was to identify the potential areas of risk such as governance, acquisition, safeguarding and disposal/surplus of IT assets. As a result of the assessment, the following lines of enquiry and related Audit criteria were identified. Line of Enquiry Audit Criteria 1. IT Management governance structures are in place to provide strategic direction for IT Asset Management . The CNSC has a governance structure in place, to ensure IT assets are managed appropriately and in compliance with Government of Canada and CNSC policies.

Show more

Documents from same domain

Audit of IT Asset Management Report

Audit of IT Asset Management Report

nuclearsafety.gc.ca

Audit of IT Asset Management Office of Audit and Ethics July 10, 2012 1 Audit of IT Asset Management Report Office of Audit and Ethics July 10, 2012

  Report, Management, Asset, Audit, Audit of it asset management report, Audit of it asset management

Radionuclide Information Booklet - Canadian …

Radionuclide Information Booklet - Canadian …

nuclearsafety.gc.ca

1 Radionuclide Information Booklet The purpose of the Radionuclide Information Booklet is to provide practical information to aid radiation protection specialists at Canadian Nuclear Safety Commission (CNSC) licensed facilities.

  Information, Nuclear, Radionuclide information booklet, Radionuclide, Booklet, Radiation

Alarm Response Guidelines for Radiation Portal …

Alarm Response Guidelines for Radiation Portal

nuclearsafety.gc.ca

Naturally occurring nuclear substances . are radioactive substances that are naturally found in the environment. These include uranium, thorium

  Guidelines, Response, Patrol, Radiation, Radioactive, Lamar, Naturally, Alarm response guidelines for radiation portal, Naturally occurring, Occurring

Radium Luminous Devices - Canadian Nuclear …

Radium Luminous Devices - Canadian Nuclear …

nuclearsafety.gc.ca

How are radium luminous How are radium luminous devices regulated? Who may possess these devices? How can I handle, store and How can I handle, store and

  Devices, Radium, Radium luminous devices, Luminous

The Science of Safety CNSC Research Report 2015-16

The Science of Safety CNSC Research Report 2015-16

nuclearsafety.gc.ca

The following is the CNSC’s third annual research report, which summarizes the various research projects we have funded and completed in the 2015–16 fiscal year.

  Research, Report, Safety, Sciences, 2015, Cnsc, Science of safety cnsc research report 2015

REGDOC-3.6 Glossary of CNSC Terminology

REGDOC-3.6 Glossary of CNSC Terminology

nuclearsafety.gc.ca

December 2016 REGDOC-3.6, Glossary of CNSC Terminology 3 2. Terms and Definitions A A1, A2 (A1, A2) Ha[ve] the same meanings as in the IAEA Regulations. (Source: Packaging and Transport of Nuclear Substances Regulations, 2015)

  Nuclear, Terminology, Glossary, Iaea, Glossary of cnsc terminology, Cnsc

Regulatory Guide G-129, Rev. 1, Keeping Radiation ...

Regulatory Guide G-129, Rev. 1, Keeping Radiation ...

nuclearsafety.gc.ca

Keeping Radiation Exposures and Doses "As Low as Reasonably Achievable (ALARA)" Regulatory Guide G-129, Revision 1 Published by the Canadian Nuclear Safety Commission

  Dose, Radiation, Reasonably, As low as reasonably achievable, Achievable

Safety Analysis for Nuclear Power Plants

Safety Analysis for Nuclear Power Plants

nuclearsafety.gc.ca

May 2014 REGDOC 2.4.1, Deterministic Safety Analysis establish a modern, risk-informed approach to the categorization of accidents – one that considers a full

  Analysis, Safety, Safety analysis

REGDOC-3 1 1 Reporting Requirements for Nuclear Power …

REGDOC-3 1 1 Reporting Requirements for Nuclear Power

nuclearsafety.gc.ca

May 2014 REGDOC-3.1.1, Reporting Requirements for Nuclear Power Plants 1 Reporting Requirements: Nuclear Power Plants 1. Introduction 1.1 Purpose This regulatory document sets out the requirements and guidance of the Canadian Nuclear Safety Commission (CNSC) for reports, notifications and filing of specific records to the CNSC by

  Requirements, Reporting, Power, Nuclear, Plants, 3 1 1 reporting requirements for nuclear power, Reporting requirements for nuclear power plants 1

Introduction to Radiation - nuclearsafety.gc.ca

Introduction to Radiation - nuclearsafety.gc.ca

nuclearsafety.gc.ca

December 2012 . Introduction to Radiation . 1. Overview . Radiation is energy in the form of waves or streams of particles. There are many kinds of radiation all

  Radiation

Related documents

Service Asset and Configuration Management Process

Service Asset and Configuration Management Process

itsm.ucsf.edu

The Service Asset and Configuration Management process ensures the integrity of the IT infrastructure by the tracking, recording and reporting on configuration items. In order to adequately manage and control these CIs, the SACM process is supported by a Configuration Management Database (CMDB) capable of holding information on all CIs, including

  Management, Process, Asset, Integrity, Management process

The Seven-Step Process to Risk Based Auditing - ACUIA

The Seven-Step Process to Risk Based Auditing - ACUIA

www.acuia.org

The process begins with formal annual planning, planning updates before audit segments begin, ... and retention, product/service development, and ethics/integrity. Step Two: Preliminary Risk Assessment . ... applicable, is evaluated through management's asset/liability management process. Liquidity risk, including both on and off balance sheet ...

  Based, Management, Process, Risks, Step, Asset, Auditing, Integrity, Seven, Management process, Seven step process to risk based auditing

Loan Portfolio Management - Office of the Comptroller of ...

Loan Portfolio Management - Office of the Comptroller of ...

www.occ.treas.gov

loan portfolio is typically the largest asset and the predominate source of revenue. As such, it is one of the greatest sources of risk to a bank’s safety ... elements that should be part of a loan portfolio management process. These ... verifying the integrity of the process. Each practice, by itself, adds a

  Management, Process, Loan, Portfolio, Asset, Integrity, Loan portfolio management, Loan portfolio management process

Risk Management Program Rules - homeaffairs.gov.au

Risk Management Program Rules - homeaffairs.gov.au

www.homeaffairs.gov.au

hazard occurring or mitigate the relevant impact of such a hazard on the asset. 6. At its core, a risk management program is designed to mitigate risks/hazards that can cause an ... reliability and integrity of a critical infrastructure asset. ... the entity manages risks arising from the off-boarding process for outgoing personnel.

  Management, Process, Asset, Integrity

Incident Reporting - United States Army

Incident Reporting - United States Army

armypubs.army.mil

integrity, or availability of an IS or the information the system processes, stores, or transmits or that constitutes a viola tion ... or management client/advanced key processor) as COMSEC incidents in accordance with AR 380 ... essary activity on or to the asset(s) and immediately notify the supporting RCC, which will immediately notify CCIU ...

  United, States, Management, Reporting, Army, Asset, United states army, Integrity

Asset management in the utilities industry. - IBM

Asset management in the utilities industry. - IBM

www.ibm.com

integrity, emissions, safety and, in some jurisdictions, new governance and ... management (BPM) to allow process improvement to support reduced staffing ... asset management system alone was able to consolidate more than 60 legacy applications. In addition to obvious cost savings, consolidated asset management

  Management, Process, Industry, Asset, Integrity, Utilities, Asset management, Asset management in the utilities industry

Information Management Framework

Information Management Framework

data.nsw.gov.au

integrity, security, availability, longevity and useability in different environments and service offerings. Internal or external audits assess the integrity and performance of specific information management processes, services or environments. Compliance assessments monitor …

  Management, Integrity

Safety and environmental standards for fuel storage ... - HSE

Safety and environmental standards for fuel storage ... - HSE

www.hse.gov.uk

Part 1 Systematic assessment of safety integrity level requirements ... Appendix 5 Guidance for the management of operations and human factors 142 Appendix 6 Emergency planning guidance 197 Appendix 7 Principles of process safety leadership 244 Appendix 8 Process Safety Forum: Governance and terms of reference 247 Appendix 9 BSTG report cross ...

  Management, Process, Integrity

Food Fraud Prevention - Nestlé

Food Fraud Prevention - Nestlé

www.nestle.com

process Like any management system, a food fraud management system is a continuous process as depicted in the figure below (from U.S. Pharmacopeia Appendix XVII: Food Fraud Mitigation Guidance). It begins with an evaluation step to characterise food fraud vulnerabilities, followed by the design and review of a mitigation strategy, and

  Management, Process, Food, Prevention, Fraud, Nestl, Food fraud prevention

Related search queries

Asset, Management process, Integrity, Process, Management, Seven-Step Process to Risk Based Auditing, Loan Portfolio Management, Loan portfolio management process, Reporting, United States Army, Asset management in the utilities industry, Asset management, Food Fraud Prevention, Nestlé