Upload
manu-bobola
View
218
Download
0
Embed Size (px)
Citation preview
7/27/2019 c64_Item05(2)-FifeCouncilResponse
http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 1/4
Standards and Audit Committee
23rd August 2011
Agenda Item No.
Response to IT Service and Support ManagementExternal Audit Report
Report by: Michael Enston, Executive Director, Corporate Services
Wards Affected: All
Purpose
This report responds to the External Audit report and provides additional assuranceon the improvement actions.
Recommendation(s)
It is recommended that Committee considers the content of this report in conjunctionwith the External Audit report and notes the actions being taken to address theissues raised.
Resource Implications
There are resource implications for some of the actions identified in the audit report.These are being met from existing resources.
Legal & Risk Implications
The management actions identified seek to control and mitigate the areas of riskidentified within the report.
Impact Assessment
An Equality Impact Assessment is not required for responses to audit reports.
Consultation
IT Management and staff have been fully involved in making the improvementsidentified in this report.
7/27/2019 c64_Item05(2)-FifeCouncilResponse
http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 2/4
1.0 Background
1.1 In 2008/09 IT Services went through a root and branch restructuringcharacterised by a significant move away from in-house softwaredevelopment, investment in project delivery and IT process governancetogether with more flexible deployment of staff resource. These changesfollowed an earlier External Audit report on IT Services.
1.2 These changes did lead to improvements in IT service delivery andgovernance as recognised in the 2009/10 follow up review by the External Auditor. That report did highlight nonetheless that there remained scope for improvement and that a number of recommendations had still to beimplemented.
1.3 During 2009/10 the Council Management Team identified the need toimprove the effectiveness of IT in supporting transformation work across theCouncil. The Council’s IT Service is critical to the success of these changeprogrammes and associated savings and in turn the decision was made totransfer responsibility for IT to Corporate Services Directorate. This transfer was made in October 2010 coinciding with the completion of the contract of the Council’s interim Chief Information Officer.
2.0 Recent Changes
2.1 In June 2011 the Policy, Finance & Asset Management Committeeconsidered two reports which summarised proposals to improve and reform ITServices. These included :
• Introduction of a flatter management structure with the deletion of two tiers
of management.
• Agreement to an ICT Strategy 2011/14 setting out the basis for improving
IT delivery and cost management.
• Improved governance arrangements and performance reporting to senior
management and elected members.
2.2 These changes have been implemented and are addressing the specificissues identified in the audit report. The action plan in the Audit report will beincorporated fully into the ICT Strategy action plan. This will ensure proper performance monitoring and reporting of progress to senior management andPFAM Committee.
2.3 The audit report contains an assessment of the Council’s IT Service againstthe ISO 20000 standard and in turn recommends that IT Service implements
a formal IT service and support delivery best practice framework. IT Servicescurrently use two assurance frameworks ie Information TechnologyInfrastructure Library (ITIL) and Controlled Objectives for Information andrelated Technology (Cobit) though neither is fully implemented.
7/27/2019 c64_Item05(2)-FifeCouncilResponse
http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 3/4
2.4 One important difficulty with the External Audit report is that the basis for theassessment given against the ISO 20000 controls is unclear. The reportrelies on very specific case studies identified in part through discussions witha member of the Standards & Audit Committee. It is difficult to chart the
relationship between these case studies and the assessment against the ISOstandard. This presents a problem in using the gap analysis presented at thestart of the Audit report as a baseline.
3.0 Conclusions
3.1 The External Audit report confirms in overall terms some of the issues
identified by senior management around IT service delivery and processes.Despite the reservation expressed over the assessment against the ISO20000 standard, detailed actions have been agreed and are being addressed.
3.2 The two reports to the June 2011 PFAM Committee on structure and strategyrespectively provide a solid basis for improvement while the recentappointment of a permanent Head of ICT provides a focus for improvingleadership and direction.
3.3 While the revised arrangements should provide assurance to members, theStandards and Audit Committee may wish to call for an early report on
progress against the action plan. This would be in addition to the proposedreport to PFAM against the ICT Strategy.
Background Papers
The following papers were relied on in the preparation of this report in terms of the LocalGovernment (Scotland) Act, 1973:
• Directorate Management Structure – Policy, Finance & Asset Management
16
th
June 2011• ICT Strategy – Policy, Finance & Asset Management 16th June 2011
• IT Service and Support Management Audit Report by Scott-Moncrieff, August
2011.
Report Contact
Author Name Edmund Whiffen Author’s Job Title IT Management S/DMWorkplace Carleton House, MarkinchTelephone: 08451 55 55 55 442346 Ext No 444278
7/27/2019 c64_Item05(2)-FifeCouncilResponse
http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 4/4
Email: [email protected]