In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Similar documents
AUDITOR GENERAL S REPORT

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Management s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)

Data Governance Quick Start

SUBJECT: PRESTO operating agreement renewal update. Committee of the Whole. Transit Department. Recommendation: Purpose: Page 1 of Report TR-01-17

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

MN.IT Services and MNsure

Accelerate Your Enterprise Private Cloud Initiative

How Cisco IT Improved Development Processes with a New Operating Model

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

New Zealand Government IBM Infrastructure as a Service

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark

Cloud First Policy General Directorate of Governance and Operations Version April 2017

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

12 Approval of a New PRESTO Agreement Between York Region and Metrolinx

CHAIR AND MEMBERS CIVIC WORKS COMMITTEE MEETING ON NOVEMBER 29, 2016

Metadata Framework for Resource Discovery

Consolidation Committee Final Report

Three Key Challenges Facing ISPs and Their Enterprise Clients

Office of Acquisition Program Management (OAPM)

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Government IT Modernization and the Adoption of Hybrid Cloud

Data Governance Central to Data Management Success

State of South Carolina Interim Security Assessment

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Innovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture

STRATEGIC PLAN

Manchester Metropolitan University Information Security Strategy

MANAGING STATISTICAL DEVELOPMENT AND INFORMATION TECHNOLOGY IN THE STATISTICAL SYSTEM OF MALAYSIA

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

DOE OFFICE OF INDIAN ENERGY Program Overview May 5, Chris Deschene, Director

IT Modernization In Brief

New Zealand Government IbM Infrastructure as a service

Professional Services for Cloud Management Solutions

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Improving Cybersecurity through the use of the Cybersecurity Framework

The Journey Towards Serving a Digital Government

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

Information Security Continuous Monitoring (ISCM) Program Evaluation

Enabling Security Controls, Supporting Business Results

OVERVIEW BROCHURE GRC. When you have to be right

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

HRSD Position Description: UNIX Systems Administrator

The University of Queensland

ISO/ IEC (ITSM) Certification Roadmap

Position Description IT Auditor

Memorandum APPENDIX 2. April 3, Audit Committee

National Open Source Strategy

Architecture and Standards Development Lifecycle

ISE Canada Executive Forum and Awards

IT-CNP, Inc. Capability Statement

Cisco Director Class SAN Planning and Design Service

ROLE DESCRIPTION IT SPECIALIST

DHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD)

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

ENTERPRISE ARCHITECTURE

PCI Compliance and records management

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Securing Your Digital Transformation

Facilities Master Plan Toronto Public Library Board Consultation

Community Development and Recreation Committee

Convergence of BCM and Information Security at Direct Energy

Organizational Structure of the Toronto Environment Office

IT Consulting and Implementation Services

IS4H TOOLKIT. TOOL: ICT Assessment and Costing Consultancy Terms of Reference. Department of Evidence and Intelligence for Action in Health PAHO/WHO

FOR INFORMATION. Date: February 21, Update on the Shared Services Project

Check against delivery

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

OFFICE OF THE CIO MEMORIAL UNIVERSITY OF NEWFOUNDLAND A PRESENTATION FOR THE IM COMMUNITY

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning

Federal Government. Each fiscal year the Federal Government is challenged CATEGORY MANAGEMENT IN THE WHAT IS CATEGORY MANAGEMENT?

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Dell helps you simplify IT

INFORMATION TECHNOLOGY CYBERSECURITY CLOUD COMPUTING

Business Model for Global Platform for Big Data for Official Statistics in support of the 2030 Agenda for Sustainable Development

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Building UAE s cyber security resilience through effective use of technology, processes and the local people.

Cloud First: Policy Not Aspiration. A techuk Paper April 2017

TIER Program Funding Memorandum of Understanding For UCLA School of

for TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method

: Course : SharePoint 2016 Site Collection and Site Administration

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION

Data Governance Toolkit

HP Fortify Software Security Center

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

FACILITY SERVICES UILDINBUILDG

Transcription:

REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January 30, 2018 To: Audit Committee From: Auditor General Wards: All SUMMARY The Corporate Information & Technology (I&T) Division's role is to provide City-wide leadership in modernizing services through the strategic investment, development and management of the City's IT systems. In this role, the I&T Division prepared an IT Portfolio Integrated Plan for achieving the ecity goals, which are to ensure the City's businesses, services to the public, and political processes are effectively managed and enhanced by technology. The purpose of this plan was to improve online service delivery, and to update the City's overall IT environment to ensure it is aligned with the City's IT vision. In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets. This audit is still in progress. This interim report highlights several overarching issues. To successfully deliver the ecity Strategy, the City requires centralized IT governance and a Strategic Technology Roadmap to guide the acquisition and deployment of technology. The Auditor General has made 15 recommendations to enable the I&T Division and the City to make timely progress on the key actions to create and execute the Strategic Technology Roadmap for the IT environment. Additional findings related to this audit will be reported in a subsequent report expected to be issued by mid-2018. IT Infrastructure and Asset Management Review Page 1 of 6

RECOMMENDATIONS The Auditor General recommends that: 1. City Council request the City Manager, in consultation with the Chief Information Officer, to establish appropriate governance and accountabilities to ensure that divisions with IT services operating independently from the Information &Technology Division follow Corporate IT policies, procedures, and standards in acquiring and managing IT services. 2. City Council request the Chief Information Officer to: a. Ensure that the inventory in the corporate IT asset management system is updated (including assets directly managed by the Information &Technology Division, as well as assets managed by other City divisions). b. Perform periodic reviews and reconciliations of data captured within the corporate IT asset management system to ensure the system is accurate and complete. c. Implement available tools and reporting functionality within the corporate IT asset management system to support ongoing asset monitoring. d. Use the data available within the corporate asset management system to inform strategic technology planning, including maximizing the use of assets and managing the costs to maintain them throughout their lifecycle. 3. City Council request the Chief Information Officer to leverage data obtained through various network tools to inform the City s network and strategic planning teams. 4. City Council request the Chief Information Officer, in consultation with all relevant divisions, to: a. Develop a comprehensive list of applications and identify those applications and systems that have the potential to be consolidated and modernized, eliminating the need to procure, implement, and maintain duplicative systems in the future. b. Review existing decentralized IT services and, where possible, consolidate these services with the Information &Technology Division. 5. City Council request the Chief Information Officer to establish a strategic technology roadmap to modernize and transform the IT environment. The roadmap should clearly set out milestones and performance measures to assess progress in meeting the City s short-term and long-term IT goals. IT Infrastructure and Asset Management Review Page 2 of 6

6. City Council request the Chief Information Officer to develop and implement procedures to promote clarity in roles and responsibilities for creating, maintaining, and refreshing the IT infrastructure roadmap. 7. City Council request the Chief Information Officer to ensure that the Strategic Technology Roadmap identifies opportunities for harmonizing lifecycle management and standardizing technologies in IT infrastructure in order to achieve operational efficiencies, reduce costs, and source assets strategically. 8. City Council request the Chief Information Officer to conduct periodic architecture reviews to strengthen security, eliminate redundancies, and identify opportunities to modernize the IT environment. 9. City Council request the Chief Information Officer to expedite efforts to mature its processes and capabilities to support Cloud services. 10. City Council request the Chief Information Officer to ensure that all IT business cases describe how the new IT project or lifecycle management refresh aligns with the strategic technology roadmap; and include an evaluation of cloud versus on-premise solution. 11. City Council request the Chief Financial Officer, in consultation with the Chief Information Officer, to develop a tool to communicate the total cost impacts (operating and capital) of IT projects to provide clarity wherever increased operating budget pressures from cloud services are offset by savings in capital costs. 12. City Council request the Chief Information Officer, to coordinate with the Chief Purchasing Officer on implementing category management for the procurement of IT equipment, services and solutions, utilizing the strategic technology roadmap to lower the total cost of IT. 13. City Council request the Chief Information Officer, in consultation with the City Clerk, the City Solicitor, and where needed, the City s Accountability Officers, to include in the data governance model: a. Guidance on the City s enterprise-wide data strategy to provide direction for lifecycle management and classification of data in alignment with the Municipal Code. b. A special case data retention policy and procedure to address scenarios where archiving specific data is required, such as litigation needs. 14. City Council request the Chief Information Officer to enhance the existing process to monitor and update IT policies, procedures and standards on a periodic basis. IT Infrastructure and Asset Management Review Page 3 of 6

15. City Council request: a. The City Manager forward this report to agencies and corporations for review. b. The heads of the major agencies and corporations review the issues and recommendations included in this report and consider the relevance to their respective organizations for implementation. FINANCIAL IMPACT Although this audit has identified some potential for cost savings and cost avoidance, any quantification will be included in the final report expected to be issued by mid-2018. DECISION HISTORY The Auditor General has carried out a series of audits of the security and management of the City s information technology (IT) infrastructure and assets. The Auditor General initially focused on assessing the security of the City s information and systems. The main theme of these audits was the importance of having a single corporate view of cybersecurity across the City. The wrap-up report on vulnerability assessment of the City s network and infrastructure is available at: https://www.toronto.ca/legdocs/mmis/2017/au/bgrd/backgroundfile-101892.pdf The Auditor General s 2017 Audit Work Plan included a review of the information technology infrastructure and assets managed by the Corporate I&T Division. The Auditor General's 2017 Audit Work Plan is available at: https://www.toronto.ca/legdocs/mmis/2017/au/bgrd/backgroundfile-101843.pdf COMMENTS The Corporate Information & Technology (I&T) Division s role is to provide city-wide leadership in modernizing City services through the strategic investment, development, and management of the City s IT systems. The City s IT environment is comprised of a complex infrastructure of applications, networks, and computers spread over 700 locations, servicing more than 50 City divisions and as well as the millions of citizens who call Toronto home. In order for the City to achieve its strategic IT vision, the I&T Division needs to be clear on which technologies are needed, and how it will deploy them into the City s complex IT environment. This interim report highlights several overarching issues. To successfully deliver the ecity Strategy, the City requires: IT Infrastructure and Asset Management Review Page 4 of 6

A. Centralized IT governance B. A Strategic Technology Roadmap to guide the acquisition and deployment of technology to achieve the City's IT vision. A. Need for Centralized IT Governance The responsibility, control and accountability for the City's IT infrastructure and assets is not fully centralized. Issues arising from this partially decentralized model have been raised by the Auditor General since 2006. Although there have been some improvements to coordination and collaboration over time, similar issues persist. To address these ongoing issues, there needs to be a culture shift so that the Chief Information Officer is clearly in charge of governance and accountability for information technology City-wide. Centralizing governance allows for more coordinated planning and priority-setting, the establishment and assessment of compliance with IT standards, effective monitoring and control of IT assets, and centralized IT security governance. Wherever there is an operational need to continue with a decentralized approach, appropriate governance and accountabilities should be established to ensure these divisions adhere to corporate policies and procedures. B. Three Key Actions Are Needed To Achieve the City's Technology Vision 1. Define the gap The I&T Division needs to define the technology gap by better understanding the current state of the City's IT infrastructure and assets, and identify the City-wide strategic solutions needed to achieve the IT vision. 2. Establish a coordinated plan (technology roadmap) to close the gap The I&T Division should set out a Strategic Technology Roadmap that identifies the specific technology solutions needed to transform the City's IT environment. 3. Execute the plan The I&T Division is then positioned to deploy the Strategic Technology Roadmap, which will enable the IT vision to be achieved with costs and efficiencies in mind. The Strategic Technology Roadmap is a key tool needed for the strategic procurement of IT assets. Relevance to Agencies and Corporations Although agencies and corporations were not included within the scope of our audit, this report contains a number of findings and recommendations that are relevant to them. Based on our review, it is evident that strategic IT decision-making can be improved and savings are possible through improved collaboration and coordination across the entire organization. The Auditor General has recommended the sharing of relevant audit recommendations and any resulting IT strategy, roadmap, policies, procedures, and standards with all City agencies and corporations. IT Infrastructure and Asset Management Review Page 5 of 6

CONTACT Syed Ali, Audit Director, IT & Strategy, Auditor General s Office Tel: 416-392-8438, Fax: 416-392-3754, E-mail: Syed.Ali@toronto.ca SIGNATURE Beverly Romeo-Beehler Auditor General ATTACHMENTS Attachment 1: IT Infrastructure and IT Asset Management Review: Phase 1 Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management IT Infrastructure and Asset Management Review Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback