Metro. B. KPMG LLP's Management Letter presenting internal control and other. June 30,2009; and. operational matters for considemtion.
|
|
- Cathleen Wade
- 5 years ago
- Views:
Transcription
1 Metro kos Angeles Caunty Qne Gateway PIaza , Metropafitan Ttansportatisn Authority Los Angefes, G4 gcralz-zg1;2 rnetr0.n EXECUTfVE MANAGEMENT AND AUDIT COMMITTEE FEBRUARY - 18,2010 SUBJECT: CQMPRENEMSlVE ANNUAL FfNANCtAt REPORT F!SCAL V AR 2009 ACTlONr RECEfVE AND FILE Receive and file A. The Comprehensive Annual Financial Report (CAFR) for the fiscal year ended June 30,2009; and B. KPMG LLP's Management Letter presenting internal control and other operational matters for considemtion. ISSUE We are required to be audited annually by independent certified public accountants. This report presents the CAFR related Management Letter From KPMG for the year ended June 30,2009. The CAFR Includes our audited financial statements, supplemental information and unqualified opinion from KPMG LLP the independent auditor. KPMG representatives will provide a presentation on the results of their audit. As a savings measure, a hard copy of the CAFR is on file with the Board Secretary and is atso availabse oor 2he Metro website. metro. nevabouf us/fnance/ima~es/cafr 2009,pdf The Management Letter is issued by KPMG to communicate certain matters involving internal control and other operational matters and management's related response.
2 ATTACHMENT(S1 A. KPMG LLP3s Management Letter dated Prepared by: Ruthe Hotden, Chief Auditor Comprehensive Annual Financial Report
3 Chief Auditor Arthur T. Leahy Chief Executive Officer Comprehensive Annual Financial Report
4 KPMG LLP Suite Pacifica Irvine, CA The Board of Directors Los Angeles County Metropolitan. Transportation Authority One Gateway Plaza Los Angeles, CA Ladies and Gentlemen: We have audited the financial statements of the Los Angeles County Metropolitan Transportation Authority (LACMTA) for the year ended June 30, 2009, and have issued our report thereon dated December 11, In planning and performing our audit of the financial statements of LACMTA, in accordance with auditing standards generally accepted in the United States of America, we considered LACMTA's internal control. over financial reporting (internal control) as a basis for designing our auditing procedures for the purpose of expressing our opinion on the financial statements but not for the purpose of expressing an opinion on the effectiveness of LACMTA's internal control. Accordingly, we do not express an opinion on the effectiveness of LACMTA's internal control. During our audit, we noted certain matters involving internal control and other operational matters that are presented for your consideration. These cormnents and recommendations, all of which have been discussed with the appropriate members of management, are intended to improve internal control or result in other operating eficiencies and are sumrn&zed in Appendix I. Our audit procedures are designed primarily to enable us to fom an opinion on the financial statements and, therefore, may not bring to light all weaknesses in policies or procedures that may exist. We aim, however, to use our knowledge of LACMTA's organization gained during our work to make comments and suggestions that we hope will be useful to you. We would be pleased to discuss these comments and recommendations with you at any time. This communication is intended solely for the information and use of management, Board of Directors, others within the organization, and is not intended to be and should not be used by anyone other than these specified parties very truly yours, KPMG LLP, a U.S. limited liability partnership, is the U.S. member firm of KPMG International, a Swiss cooperative.
5 Page 2 Deficiency #09-01: Information Technology - Password Polices (Windows) Appendix f Based on our online observation of the Password Policy within the Windows Active Directory, we noted the current configuration for password complexity was not enabled. This setting does not comply with the (LACMTA) Information Security 2 - Password Generation document dated August We noted that the Los Angeles County Metropolitan Transportation Authority policy states that password complexity should be enabled requiring aigha and numeric characters. Effect (or Potential Effect) Increases the risk of unauthorized access to the network by external or internal parties. We recommend that management either implement the password requirements as noted in their Information Security policy or update the policy to reflect the current Windows password settings. Additionally, justification for not configuring password complexity should be documented. The implementation of password complexity was completed on August 27, Deficiency M9-02: Information Technology - Data Center Physical Access Based on our test work, we noted one individual with inappropriate access to the data center. Additionally, we noted the Systems Maintenance Supervisor maintained four extra badges, which are provided when technician staff personnel leave their card at home or when a day consultant requires access to the room. The assignment of these badges is not logged. Subsequent to year-end, the access has been corrected. E&t (or Potential Effect) Inappropriate individuals may access the data center and compromise LACMTA Infomation Technology (IT)Assets. We recommend that management implement a periodic review of data center access to verify access to the data center is limited to appropriate individuals. The Computer Center access list is reviewed quarterly. One individual was granted access to work on a project that was no longer needed. Also, the four extra badges, which were not used, were turned in as noted above.
6 Page 3 Deficiency #09-03: Information Technology - Administrative Access to M3 Based on our online observation of the Administrative users within the M3 system, we noted that the SpezrAdmin and SpearMaster Superuser accounts are shared. As such, unauthorized changes may be made without accountability. These accounts are required by system functionality and cannot be assigned to individual users. The SpearMaster Superuser account has access to migrate changes into production including functions, tables, and procedures. The SpearAdwtn is able to add and remove users and is able to look at and update data tables. We noted that an informal review of the account activity is completed, but the review is not perfomed on a regular basis and evidence is not retained. Effect for Pute~tiaE Effect) Unauthorized changes or transactions may be pasted without accountability. Given that these administrative accounts are required by the system, we recommend IT research to determine if the passwords can be changed to ensure unauthorized individuals cannot access these powerhl Ds. If so, we recommend the passwords be changed on a regular basis. We additionally recommend that the periodic review of the administrative account activity be formalized and documented similar to the monitoring control in place over database administration. The SpearMaster Supemser account is controlled by the Database Administration (DBA) group. Only one person is authorized to access M3 using this account within the group, This account is controlled and audited on a regular basis. A weekly audit report generates the SpearMaster account activity. The SpearAdrnin account is used by developers to promote changes into the database. A weekly audit log provides an audit trail of the users authorized to access the system with this account. The OS-username along with the action taken under the SpearAdmin account is tracked. Deficiency #09-04: Information Technology - Periodic User Access Review - M3 Based on our inspection of the periodic access reviews for the M3 application, we were unable to determine if or when periodic reviews were performed. Currently, access listings are sent to the business users, but evidence of review and updates to security based on the review was not retained. As such, inappropriate access may not be identified in a timely manner. Effect (or Potential Effect) Users may have inappropriate access to the M3 application allowing the ability to process unauthorized transactions.
7 Page 4 We recommend LACMTA IT require the business users to send positive confirmation to JT indicating they have reviewed the user listings and have no changes. The confirmation and any requested changes should be retained. IT will work with Fleet Management Services to annually conduct a review of the M3 user access list(s) pertaining to the various line of business areas. All such confirmations will be kept on file. Deficiency #09-05: Information Technology - Separated Users During the performance of testing over separated users, we noted four network user IDS were active for greater than 30 days after date of separation. For the network, since the IDS were removed, we could not determine if the IDS were used between the termination date and the date the IDS were removed. Effect (or Potential Effeco Unauthorized transactions may be processed by separated employees or their accounts may be maliciously used by other employees. We understand that there may be a delay between the processing of the H um Resources department (HR) paperwork and notification to IT of the separation. We recommend IT work with Audit and HR to identi@ the root cause of the delay and implement procedures to ensure separated employees are removed within 30 days. HR acknowledged that they do not always receive the required separation paper work Erom the divisions in a timely mmm, which results in a processing delay. To improve in this area, HR will track the process more closely and rernind tardy divisions of the need to remove separated employees fiom the systems as soon as possible. Deficiency #09-06: Information TecbnoIogy - Administrative Access (TOTS) Based on our inspection of users with access to TOTS Application with management, we noted that the Program Version Control System (PVCS) administrator who has access to migrate changes into production also has access to modify code. Changes made by this individual, may not be authorized as there is a lack of separation of duties. We were able to review system logs to verify the PVCS administrator did not perform iaappropriate duties. Zffect (or Potential Effect) Unauthorized changes or transactions may be posted without accountability.
8 Page 5 Due to limited resources, we understand that the PVCS administrator requires access to migrate changes and modify code. We recommend a monitoring control similar to the control in place to monitor database administrator access be implemented. IT will implement a review process of the PVCS administrator access similar to the process used to monitor database administrator access. Deficiency #09-07: Capitalization of Buses Condition and Cante;rct According to LACMTA's capitalization policy, buses must be placed in service before they are depreciated. LACMTA generally makes 3 pxogxess payments for the purchase of buses (1096, 60%, and 30%). During our audit, we noted that buses, for which progress payments had been made, and were not yet received, inspected, and accepted, were inappropriately depreciated. 'While management routinely makes subsequent adjustments to correct the timing difference, there appears to be a time lag, generally 2 to 5 months, between the time the buses are received and the time adjustments are made. There are cases in which it may stretch between fiscal years. Based on the guidelines noted in Governmental Accounting Standards Boasd (GASB) Z400.lQ4, "capital assets should be depreciated over their estimated useful lives unless they are either inexhaustible or are infrastructure assets reported using the modified approach." The estimated usefit1 life of a bus commences when the bus is placed in service at which point it should begin to be depreciated. We noted that a timing difference exists between the the the depreciation expease is incurred and ultimately recognized. Management performed an analysis in order to assess the prior period impact on depreciation and identified 101 buses in the Enterprise Fund, which were inappropriately depreciated in the prior period. As a result, the $410 million in depreciation expense recognized in the Enterprise Fund in fiscal year 2008 was overstated by $2.3 million, or 0.5%. E'ect (or Potential Egect) Untimely capitalization of buses may result in a misstatement to depreciation expense and consequently a misstatement to net assets. We recommend that management adhere to internal policies and procedures and establish controls to ensure that buses are received, inspected, and accepted prior to being capitalized, per the capitalization policy. Capitalization and subsequent depreciation of purchased rolling stock is recognized upon its receipt and acceptance in accordance with past practice and procedures. The fiscal year 2008 mistake of early capitalization and depreciation of purchased buses was an oversight due mainly to shortage of resources in the department and had been corrected in fiscal year 2009.
9 Page 6 Management believes that this $2.3 miliion overstatement of depreciation expense out of a total depreciation expense for the year of $410.5 million was immaterial and did not constitute a material misstatement of net assets.
Auditing IT General Controls
Auditing IT General Controls Amanthi Pendegraft and Nadine Yassine September 27, 2017 Agenda Introduction and Objectives IT Audit Fundamentals IT General Controls Overview Access to Programs and Data Program
More informationPeopleSoft Finance Access and Security Audit
PeopleSoft Finance Access and Security Audit City of Minneapolis Internal Audit Department September 20, 2016 1 Contents Page Background... 3 Objective, Scope and Approach... 3 Audit Results and Recommendations...
More informationDISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA
DISADVANTAGED BUSINESS ENTERPRISE PROGRAM Unified Certification Program OKLAHOMA TABLE OF CONTENTS General... 1 Ratification Process... 1 Implementation Schedule... 2 Regulatory Requirements... 2 DBE Directory...
More informationTHE CARTER CENTER, INC. Supporting Psychosocial Health and Resilience in Liberia Project from the International Development Association (World Bank)
Supporting Psychosocial Health and Resilience in Liberia Project Statements of Revenue and Expenses Years Ended June 30, 2017 and 2016 (With Independent Auditors Report Thereon) KPMG LLP Suite 2000 303
More informationSTATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA FAYETTEVILLE STATE UNIVERSITY
STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA FAYETTEVILLE STATE UNIVERSITY INFORMATION TECHNOLOGY GENERAL CONTROLS INFORMATION SYSTEMS AUDIT JANUARY 2016 EXECUTIVE SUMMARY PURPOSE
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationREVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009
APPENDIX 1 REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto
More information26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Office of the Secretary Public
More informationPostal Inspection Service Mail Covers Program
Postal Inspection Service Mail Covers Program May 28, 2014 AUDIT REPORT Report Number HIGHLIGHTS BACKGROUND: In fiscal year 2013, the U.S. Postal Inspection Service processed about 49,000 mail covers.
More informationREPORT 2015/010 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/010 Audit of information and communications technology strategic planning, governance and management in the Investment Management Division of the United Nations Joint
More informationAPPROVE CONTRACT WITH COUNTY OF LOS ANGELES SHERIFF'S DEPARTMENT
Metro Los Angeies County One Gateway Plaza z3.gzz.zooo Tel Metropolitan Transportation Authority Los Angeles, CA goaz-2952 rnetro.net REVISED SYSTEMS SAFETY AND OPERATIONS COMMITTEE MAY 7,202 SUBJECT:
More informationFOLLOW-UP REPORT Industrial Control Systems Audit
FOLLOW-UP REPORT Industrial Control Systems Audit February 2017 Office of the Auditor Audit Services Division City and County of Denver Timothy M. O Brien, CPA The Auditor of the City and County of Denver
More informationREPORT OF THE INDEPENDENT ACCOUNTANT
Tel: 314-889-1100 Fax: 314-889-1101 www.bdo.com 101 South Hanley Road, Suite 800 St. Louis, MO 63105 REPORT OF THE INDEPENDENT ACCOUNTANT To the Management of CertiPath, Inc.: We have examined CertiPath,
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationMark Your Calendars: NY Cybersecurity Regulations to Go into Effect
Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect CLIENT ALERT January 25, 2017 Angelo A. Stio III stioa@pepperlaw.com Sharon R. Klein kleins@pepperlaw.com Christopher P. Soper soperc@pepperlaw.com
More informationPeriod from October 1, 2013 to September 30, 2014
Assurance Report on Controls Placed in Operation and Tests of Operating Effectiveness ISAE 3402 Type 2 Period from October 1, 2013 to September 30, 2014 Frankfurt/Main Table of Contents SECTION I Independent
More informationCONSTRUCTION MANAGEMENT CONSULTANT SUPPORT SERVICES CONTRACT
35 One Gateway Plaza Los Angeles, CA 90012-2952 213.922.2ooo Tel metro. net CONSTRUCTION COMMITTEE NOVEMBER 20, 2014 SUBJECT: ACTION: CONSTRUCTION MANAGEMENT CONSULTANT SUPPORT SERVICES CONTRACT INCREASE
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA AUDIT OF THE INFORMATION SYSTEMS GENERAL CONTROLS ELIZABETH CITY STATE UNIVERSITY JULY 2006 OFFICE OF THE STATE AUDITOR LESLIE MERRITT, JR., CPA, CFP STATE AUDITOR AUDIT OF THE
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationGeneral Information System Controls Review
General Information System Controls Review ECHO Application Software used by the Human Services Department, Broward Addiction Recovery Division (BARC) March 11, 2010 Report No. 10-08 Office of the County
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationNebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015
Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015 Definitions Cellular Telephone Service For the purposes of this policy, cellular telephone
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationLos Angeles County One Gateway Plaza 213.gzz.zooo Tel Metropolitan Transportation Authority Los Angeles, CA gooiz-2952 rnetro.net
@ Metro Los Angeles County One Gateway Plaza 213.gzz.zooo Tel Metropolitan Transportation Authority Los Angeles, CA gooiz-2952 rnetro.net OPERATIONS COMMITT'EE JUNE 18,2009 SUBJECT ACTION: DATA CENTER
More informationRequest for Qualifications for Audit Services March 25, 2015
Request for Qualifications for Audit Services March 25, 2015 I. GENERAL INFORMATION A. Purpose This Request for Qualifications (RFQ) is to solicit a CPA firm with which to contract for a financial and
More informationGeneral Information Technology Controls Follow-up Review
Office of Internal Audit General Information Technology Controls Follow-up Review May 19, 2015 Internal Audit Team Shannon B. Henry Chief Audit Executive Stacy Sneed Audit Manager Rod Isom Auditor Winston-Salem
More informationJudiciary Judicial Information Systems
Audit Report Judiciary Judicial Information Systems August 2016 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this report
More informationI. PURPOSE III. PROCEDURE
A.R. Number: 2.11 Effective Date: 2/1/2009 Page: 1 of 5 I. PURPOSE This policy outlines the procedures that third party organizations must follow when connecting to the City of Richmond (COR) networks
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationMetro REVISED SYSTEM SAFETY, SECURITY AND OPERATIONS COMMITTEE MARCH 19, 2015 SUBJECT: METRO RED LINE SCADA REPLACEMENT APPROVE CONTRACT MODIFICATION
Metro Los Angeles County Metropolitan Transportation Authority One Gateway Plaza Los Angeles, CA gooiz-2952 2~3 9zz z000 Tel rnetro.net REVISED SYSTEM SAFETY, SECURITY AND OPERATIONS COMMITTEE MARCH 19,
More informationState of West Virginia Department of Health and Human Resources (DHHR) Office of Management Information Services (OMIS)
1.0 PURPOSE Periodic security audits, both internal and external, are performed for the benefit of the and its employees to: (1) identify weaknesses, deficiencies, and areas of vulnerability in operations;
More informationTexas A&M University: Learning Management System General & Application Controls Review
Overall Conclusion Overall, the controls established over the primary learning management system at Texas A&M University, Blackboard Learn (ecampus), are effective in providing reasonable assurance that
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationCOUNTY OF LOS ANGELES DEPARTMENT OF AUDITOR-CONTROLLER
COUNTY OF LOS ANGELES DEPARTMENT OF AUDITOR-CONTROLLER J. TYLER McCAULEY AUDITOR-CONTROLLER KENNETH HAHN HALL OF ADMINISTRATION 500 WEST TEMPLE STREET, ROOM 525 LOS ANGELES, CALIFORNIA 90012-2766 PHONE:
More informationLEADER ICT System User Guide SharePoint Documents
LEADER ICT System User Guide SharePoint Documents 0 Documents Overview As part of the project management function within the LEADER ICT System a SharePoint document folder is being made available for each
More informationREPORT 2015/186 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/186 Audit of information and communications technology operations in the Secretariat of the United Nations Joint Staff Pension Fund Overall results relating to the effective
More informationVII. GUIDE TO AGENCY PROGRAMS
VII. GUIDE TO AGENCY PROGRAMS Executive Offices and Centers David L. Lakey, M.D., Commissioner Kirk Cole, Associate Commissioner Luanne Southern, Deputy Commissioner FTEs: 71.1 Commissioner FTEs: 1.5 The
More informationLIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Local Governments. Thirty first Edition (February 2016)
Route To: Partners Managers Staff File LIST OF SUBSTANTIVE CHANGES AND ADDITIONS PPC's Guide to Audits of Local Governments Thirty first Edition (February 2016) Highlights of This Edition The following
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationContracting for an IT General Controls Audit
Contracting for an IT General Controls Audit Lori Schubert, C.P.A. Internal Audit Manager age Waukesha County (WI) lschubert@waukeshacounty.gov Overview of Presentation Description of Waukesha County Information
More informationMetro Mot opo'"'" T""''"""~" '"'"""''
'"''"'''''c.,.., Metro Mot opo'"'" T""''"""~" '"'"""'' One Gateway Plaza Los Angeles, CA 90012-2952 2 13.922.2000 Tel metro. net 40 SYSTEM SAFETY AND OPERATIONS COMMITTEE JUNE 19, 2014 SUBJECT: ACTION:
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationAudit Guidelines Super Audio CD Player Patent License Agreement
EXHIBIT C1 Audit Guidelines Super Audio CD Player Patent License Agreement These audit guidelines are designed to lay down basic elements for the audits to be performed by Licensee s auditors. 1. Auditor
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More information4.2 Electronic Mail Policy
Policy Statement E-mail is an accepted, efficient communications tool for supporting departmental business. As provided in the Government Records Act, e-mail messages are included in the definition of
More informationInternational Standard on Auditing (Ireland) 505 External Confirmations
International Standard on Auditing (Ireland) 505 External Confirmations MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and promoting high
More informationCellular Phone Usage and Administration
Program Evaluation and Audit Cellular Phone Usage and Administration May 13, 2008 INTRODUCTION Background Many areas of the Metropolitan Council use cellular telephones to enhance and improve critical
More informationUNIVERSITY OF NORTH CAROLINA CHARLOTTE
STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA UNIVERSITY OF NORTH CAROLINA CHARLOTTE INFORMATION TECHNOLOGY GENERAL CONTROLS INFORMATION SYSTEMS AUDIT JULY 2017 EXECUTIVE SUMMARY
More informationAugust 2, 2004 Ohio Balance of State Homeless Management Information System (OBOSHMIS) Policy and Procedures Manual
August 2, 2004 Ohio Balance of State Homeless Management Information System (OBOSHMIS) Policy and Procedures Manual 1. Roles and Responsibilities HMIS Coordinator and System Administrator HMIS Support
More informationUNIVERSITY OF NORTH CAROLINA CHAPEL HILL
abd STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA UNIVERSITY OF NORTH CAROLINA CHAPEL HILL INFORMATION TECHNOLOGY GENERAL CONTROLS INFORMATION SYSTEMS AUDIT NOVEMBER 2017 EXECUTIVE
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationWebtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security
Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2016 through June 30, 2016 SOC 3 SM SOC 3 is a service
More informationChina Code of Ethics Certification 2018 CHECKLIST
China Code of Ethics Certification 2018 CHECKLIST Medical technology companies in China (both AdvaMed members and non-members) may participate in this certification program. T he certification affirms
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More informationSOUTHERN CALIFORNIA EDISON COMPANY
SOUTHERN CALIFORNIA EDISON COMPANY COMPLIANCE PROCEDURES IMPLEMENTING FERC ORDER 717C STANDARDS OF CONDUCT Version 1.2 Updated June 14, 2017 Purpose: To provide Southern California Edison s (SCE) overall
More informationREPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS
REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS To the Management of Starfield Technologies, LLC: Scope We have examined the assertion by the management of Starfield Technologies, LLC ( Starfield )
More informationDepartment of Public Safety and Correctional Services Information Technology and Communications Division
Audit Report Department of Public Safety and Correctional Services Information Technology and Communications Division January 2016 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationDepartment of Transportation Maryland Transit Administration
Audit Report Department of Transportation Maryland Transit Administration February 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationAudit Considerations Relating to an Entity Using a Service Organization
An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of
More informationDATE: JANUARY 24,2008 REAL ESTATE DIVISION
Executive Director's Report to the Board of Harbor Commissioners DATE: JANUARY 24,2008 FROM: REAL ESTATE DIVISION SUMMARY: The proposed Agreement with Meridian Management Corporation (Meridian) provides
More informationRich Powell Director, CIP Compliance JEA
Rich Powell Director, CIP Compliance JEA Review access control requirements CIP-003 and CIP-007 Discuss compliance considerations Implementation Strategies Hints/Tips for audit presentation Account Control
More informationIndependent Accountant s Report
Tel: 314-889-1100 Fax: 314-889-1101 www.bdo.com 101 South Hanley Road, Suite 800 St. Louis, MO 63105 Independent Accountant s Report To the Management of Visa U.S.A. Inc. ( Visa ): We have examined Visa
More informationAUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03
AUDIT REPORT Network Assessment Audit Audit Opinion: Needs Improvement Date: December 15, 2014 Report Number: 2014-IT-03 Table of Contents: Page Executive Summary Background 1 Audit Objectives and Scope
More informationSAS70 Type II Reports Use and Interpretation for SOX
SAS70 Type II Reports Use and Interpretation for SOX November 19, 2007 Presented by: Erin Erickson, Senior Manager Enterprise Governance and Brenda Karl, Director Technology Risk Management Agenda Background
More informationBattery Program Management Document
Battery Program Management Document Revision 5.1 February 2011 CTIA Certification Program 1400 16 th Street, NW, Suite 600 Washington, DC 20036 e-mail: certification@ctia.org Telephone: 1.202.785.0081
More informationFigure 1: Summary Status of Actions Recommended in June 2016 Committee Report. Status of Actions Recommended # of Actions Recommended
Chapter 3 Section 3.05 Metrolinx Regional Transportation Planning Standing Committee on Public Accounts Follow-Up on Section 4.08, 2014 Annual Report In November 2015, the Standing Committee on Public
More informationChapter 4 EDGE Approval Protocol for Auditors Version 3.0 June 2017
Chapter 4 EDGE Approval Protocol for Auditors Version 3.0 June 2017 Copyright 2017 International Finance Corporation. All rights reserved. The material in this publication is copyrighted by International
More informationTimber Products Inspection, Inc.
Timber Products Inspection, Inc. Product Certification Public Document Timber Products Inspection, Inc. P.O. Box 919 Conyers, GA 30012 Phone: (770) 922-8000 Fax: (770) 922-1290 TP Product Certification
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationTHE SOUTHERN BAPTIST THEOLOGICAL SEMINARY PORTABLE ELECTRONIC DEVICE POLICY
THE SOUTHERN BAPTIST THEOLOGICAL SEMINARY PORTABLE ELECTRONIC DEVICE POLICY Effective July 15, 2013 1.1 Program Overview The Seminary recognizes the benefit of using cellular phones and other portable
More informationOnline Filing Guide for Charities and Professional Fundraisers
South Carolina Secretary of State Online Filing Guide for Charities and Professional Fundraisers April 2010 1205 Pendleton Street, Suite 525 Columbia, South Carolina 29201 www.sos.sc.gov Charitable Organizations
More informationCONTROLS OVER ELECTRONIC DOCUMENT MANAGEMENT. Report No. D April 16, Office of the Inspector General Department of Defense
CONTROLS OVER ELECTRONIC DOCUMENT MANAGEMENT Report No. D-2001-101 April 16, 2001 Office of the Inspector General Department of Defense Form SF298 Citation Data Report Date ("DD MON YYYY") 16Apr2001 Report
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationCBOE Regulatory Circular RG C2 Regulatory Circular RG15-007
Date: To: CBOE and C2 Trading Permit Holders From: Regulatory Services Division RE: Transition of Certain Regulatory Services Performed on Behalf of the Exchanges by FINRA On December 19, 2014, CBOE and
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationInternal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit
Internal Audit Report Electronic Bidding and Contract Letting TxDOT Office of Internal Audit Objective Review of process controls and service delivery of the TxDOT electronic bidding process. Opinion Based
More informationPROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO
Section: Subject: Administration (AD) Data Governance AD.3.3.1 DATA GOVERNANCE PROCEDURE Legislation: Alberta Evidence Act (RSA 2000 ca-18); Copyright Act, R.S.C., 1985, c.c-42; Electronic Transactions
More informationCOUNTY OF EL DORADO, CALIFORNIA BOARD OF SUPERVISORS POLICY
PURPOSE: Page 1 of 8 This policy is intended to provide uniform and consistent standards for the application of cellular telephones, including devices often referred to as Smartphones (PDA s), to County
More informationCSR Computer Policy Statement
CSR Computer Policy Statement This is required reading for everyone with a CSR computer account. General Guidelines As an employee of the Center for Space Research, you are entitled to a computer account
More informationStandard mobile phone a mobile device that can make and receive telephone calls, pictures, video, and text messages.
Overview Fiscal Accountability Rule 10.9 Utilizing Mobile Devices to Conduct City Business establishes the mobile device rule for the City and County of Denver. This policy provides mobile device guidelines
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationOffice of Inspector General Office of Professional Practice Services
Office of Inspector General Office of Professional Practice Services Executive Summary In accordance with the Department of Education s fiscal year 2017-18 audit plan, the Office of Inspector General (OIG)
More informationCertification Body Audit Resources
Certification Body Audit Resources Policy 13 v4.01 Original Issue 20 May 2012 Revision Date Effective Date Policy Applicable To All CertiSource Staff and Certification Body Staff Policy Managed By Approved
More informationCalifornia ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011
www.pwc.com California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011 Agenda SSAE 16 Background Results of Audit Scope of Audit Looking Forward Closing Thoughts Slide 1
More informationAudit Absolutes DHS/USCG Perspectives. Jeff Bobich DHS Director of Financial Management Mark Rose USCG Comptroller 10 March 2016
Audit Absolutes DHS/USCG Perspectives Jeff Bobich DHS Director of Financial Management Mark Rose USCG Comptroller 10 March 2016 1 DHS Audit Requirements & Overview 2 DHS Audit Requirements Chief Financial
More informationNORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives
NORTH CAROLINA MANAGING RISK IN THE INFORMATION TECHNOLOGY ENTERPRISE NC MRITE Nominating Category: Nominator: Ann V. Garrett Chief Security and Risk Officer State of North Carolina Office of Information
More informationIIA EXAM - IIA-CGAP. Certified Government Auditing Professional. Buy Full Product.
IIA EXAM - IIA-CGAP Certified Government Auditing Professional Buy Full Product http://www.examskey.com/iia-cgap.html Examskey IIA IIA-CGAP exam demo product is here for you to test the quality of the
More informationIndependent Accountant s Report
KPMG LLP Mission Towers I Suite 100 3975 Freedom Circle Drive Santa Clara, CA 95054 To the Management of Starfield Technologies, LLC: Independent Accountant s Report We have examined Starfield Technologies,
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationPROGRAM 1 MANAGEMENT, COMMUNICATION & OPERATIONS ACTION STEPS RESPONSIBLE FREQUENCY per year
VREDEKLOOF COMMUNITY IMPROVEMENT DISTRICT 5 YEAR IMPLEMENTATION PLAN 1st July 2018 to 30th June 2019 PROGRAM 1 MANAGEMENT, COMMUNICATION & OPERATIONS 1. Successful day-to-day management and operations
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project / Work Data Sharing Audits Status Final Acting Director Chris Roebuck Version 1.0 Owner Rob Shaw Version issue date 19-Jan-2015 HSCIC Audit of
More informationIndependent Accountant s Report
KPMG LLP Mission Towers I Suite 100 3975 Freedom Circle Drive Santa Clara, CA 95054 To the Management of Starfield Technologies, LLC: Independent Accountant s Report We have examined Starfield Technologies,
More informationTHE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Computer Administrative Rights Report No
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Report No. 15-14 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive Edinburg, Texas
More informationInformation Technology Access Control Policy & Procedure
Information Technology Access Control Policy & Procedure Version 1.0 Important: This document can only be considered valid when viewed on the PCT s intranet/u: Drive. If this document has been printed
More informationProfessional Evaluation and Certification Board Frequently Asked Questions
Professional Evaluation and Certification Board Frequently Asked Questions 1. About PECB... 2 2. General... 2 3. PECB Official Training Courses... 4 4. Course Registration... 5 5. Certification... 5 6.
More information