4
Standards and Audit Committee 23 rd August 2011  Agenda Item No. Response to IT Service and Support Management External Audit Report Repor t by: Michae l Ensto n, Exec uti ve Directo r, Corpora te Serv ices Wards Affected: All Purpose This report responds to the External Audit report and provides additional assurance on the improvement actions. Recommendation(s) It is recommended that Committee considers the content of this report in conjunction with the External Audit report and notes the actions being taken to address the issues raised. Resource Implications There are resource implications for some of the actions identified in the audit report. These are being met from existing resources. Legal & Risk Implications The management actions identified seek to control and mitigate the areas of risk identified within the report. Impact Assessment  An Equality Impact Assess ment is not required for response s to audit reports. Consultation IT Management and staff have been fully involved in making the improvements identified in this report.

c64_Item05(2)-FifeCouncilResponse

Embed Size (px)

Citation preview

7/27/2019 c64_Item05(2)-FifeCouncilResponse

http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 1/4

Standards and Audit Committee

23rd August 2011

 Agenda Item No.

Response to IT Service and Support ManagementExternal Audit Report

Report by: Michael Enston, Executive Director, Corporate Services

Wards Affected: All

Purpose

This report responds to the External Audit report and provides additional assuranceon the improvement actions.

Recommendation(s)

It is recommended that Committee considers the content of this report in conjunctionwith the External Audit report and notes the actions being taken to address theissues raised.

Resource Implications

There are resource implications for some of the actions identified in the audit report.These are being met from existing resources.

Legal & Risk Implications

The management actions identified seek to control and mitigate the areas of riskidentified within the report.

Impact Assessment

 An Equality Impact Assessment is not required for responses to audit reports.

Consultation

IT Management and staff have been fully involved in making the improvementsidentified in this report.

7/27/2019 c64_Item05(2)-FifeCouncilResponse

http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 2/4

1.0 Background

1.1 In 2008/09 IT Services went through a root and branch restructuringcharacterised by a significant move away from in-house softwaredevelopment, investment in project delivery and IT process governancetogether with more flexible deployment of staff resource. These changesfollowed an earlier External Audit report on IT Services.

1.2 These changes did lead to improvements in IT service delivery andgovernance as recognised in the 2009/10 follow up review by the External Auditor. That report did highlight nonetheless that there remained scope for improvement and that a number of recommendations had still to beimplemented.

1.3 During 2009/10 the Council Management Team identified the need toimprove the effectiveness of IT in supporting transformation work across theCouncil. The Council’s IT Service is critical to the success of these changeprogrammes and associated savings and in turn the decision was made totransfer responsibility for IT to Corporate Services Directorate. This transfer was made in October 2010 coinciding with the completion of the contract of the Council’s interim Chief Information Officer.

2.0 Recent Changes

2.1 In June 2011 the Policy, Finance & Asset Management Committeeconsidered two reports which summarised proposals to improve and reform ITServices. These included :

• Introduction of a flatter management structure with the deletion of two tiers

of management.

•  Agreement to an ICT Strategy 2011/14 setting out the basis for improving

IT delivery and cost management.

• Improved governance arrangements and performance reporting to senior 

management and elected members.

2.2 These changes have been implemented and are addressing the specificissues identified in the audit report. The action plan in the Audit report will beincorporated fully into the ICT Strategy action plan. This will ensure proper performance monitoring and reporting of progress to senior management andPFAM Committee.

2.3 The audit report contains an assessment of the Council’s IT Service againstthe ISO 20000 standard and in turn recommends that IT Service implements

a formal IT service and support delivery best practice framework. IT Servicescurrently use two assurance frameworks ie Information TechnologyInfrastructure Library (ITIL) and Controlled Objectives for Information andrelated Technology (Cobit) though neither is fully implemented.

7/27/2019 c64_Item05(2)-FifeCouncilResponse

http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 3/4

2.4 One important difficulty with the External Audit report is that the basis for theassessment given against the ISO 20000 controls is unclear. The reportrelies on very specific case studies identified in part through discussions witha member of the Standards & Audit Committee. It is difficult to chart the

relationship between these case studies and the assessment against the ISOstandard. This presents a problem in using the gap analysis presented at thestart of the Audit report as a baseline.

3.0 Conclusions

3.1 The External Audit report confirms in overall terms some of the issues

identified by senior management around IT service delivery and processes.Despite the reservation expressed over the assessment against the ISO20000 standard, detailed actions have been agreed and are being addressed.

3.2 The two reports to the June 2011 PFAM Committee on structure and strategyrespectively provide a solid basis for improvement while the recentappointment of a permanent Head of ICT provides a focus for improvingleadership and direction.

3.3 While the revised arrangements should provide assurance to members, theStandards and Audit Committee may wish to call for an early report on

progress against the action plan. This would be in addition to the proposedreport to PFAM against the ICT Strategy.

Background Papers

The following papers were relied on in the preparation of this report in terms of the LocalGovernment (Scotland) Act, 1973:

• Directorate Management Structure – Policy, Finance & Asset Management

16

th

June 2011• ICT Strategy – Policy, Finance & Asset Management 16th June 2011

• IT Service and Support Management Audit Report by Scott-Moncrieff, August

2011.

Report Contact

 Author Name Edmund Whiffen Author’s Job Title IT Management S/DMWorkplace Carleton House, MarkinchTelephone: 08451 55 55 55 442346 Ext No 444278

7/27/2019 c64_Item05(2)-FifeCouncilResponse

http://slidepdf.com/reader/full/c64item052-fifecouncilresponse 4/4

Email: [email protected]