Embed Size (px)
Citation preview
Inte
rnal
Aud
it R
epor
t
IT S
ecur
ity a
nd N
etw
ork
Infr
astr
uctu
re R
evie
w(1
0/10
) fol
low
up.
Rep
ort s
tatu
sFi
nal
Rep
ort d
ate
13th
July
201
2
Fina
ncia
l Per
iod
2012
/13
Pre
pare
d by
Mar
k G
ee, A
udito
r (H
aine
s W
atts
)
37
Exec
utiv
e Su
mm
ary
Obj
ectiv
e of
the
audi
tTh
e ov
eral
l obj
ectiv
e of
the
audi
t was
to p
rovi
de a
n op
inio
n on
the
prog
ress
for
impl
emen
ting
agre
ed a
ctio
ns fr
om th
eIT
Sec
urity
and
Net
wor
k In
fras
truc
ture
Rev
iew
(10/
10.)
Key
back
grou
nd in
form
atio
n
Four
fin
ding
s w
ere
mad
e in
the
Augu
st20
11 r
epor
t. F
or e
ach
ofth
efin
ding
s an
act
ion
was
agr
eed
toco
ntro
l and
/or
miti
gate
the
iden
tifie
d ris
k.Fo
r ea
ch o
bser
vatio
n re
spon
sibili
ty f
orac
tion
was
acce
pted
by
the
IT&
IS M
anag
er.
One
obs
erva
tion
was
act
ione
dim
med
iate
ly.
All
agre
ed a
ctio
ns w
ere
due
tobe
com
plet
edbe
twee
n Se
ptem
ber 2
011
and
Mar
ch 2
012.
Whe
re a
pplic
able
we
have
not
ed in
bra
cket
s with
in th
e ac
tion
plan
the
desig
n of
con
trol
s to
furt
her a
ddre
ss th
e ris
ks ra
ised
with
in th
e20
11 re
port
.
Our
opi
nion
Ove
rall,
Inte
rnal
Aud
it ca
n gi
ve s
igni
fican
t ass
uran
ceth
at a
ll ac
tions
agre
edas
a r
esul
t of
the
IT S
ecur
ity a
nd N
etw
ork
Infr
astr
uctu
reRe
view
(10/
10) h
ave
been
impl
emen
ted.
Deta
iled
findi
ngs
are
set o
ut in
the
Follo
w u
p st
atus
sec
tion
of th
isre
port
.
38
Pag
e3
of7
Act
ion
Plan
Expl
anat
ion
ofpr
iorit
y ra
tings
:
Prio
rity
Expl
anat
ion
Hig
h:
Act
ion
that
is c
onsi
dere
d im
pera
tive
to e
nsur
e th
at th
e or
gani
satio
n is
not
exp
osed
to h
igh
risks
. M
ajor
adv
erse
impa
ct o
nac
hiev
emen
t of o
rgan
isat
iona
l obj
ectiv
es if
not
ade
quat
ely
addr
esse
d.
Med
ium
:
Act
ion
that
is c
onsi
dere
d ne
cess
ary
to a
void
exp
osin
g th
e or
gani
satio
nto
sig
nific
ant r
isks
.
Low
:
Act
ion
that
is c
onsi
dere
d de
sira
ble
and
shou
ld re
sult
in e
nhan
ced
cont
rol o
r bet
ter v
alue
for m
oney
. M
inim
al a
dver
seim
pact
on
achi
evem
ent o
f the
orga
nisa
tion’
s ob
ject
ives
if n
ot a
dequ
atel
y ad
dres
sed.
39
Pag
e4
of7
Orig
inal
Agr
eed
Actio
nIm
plem
enta
tion
stat
usPr
iorit
y of
new
reco
mm
enda
tion
(if a
pplic
able
)
Curr
entM
anag
emen
t Act
ion
1Co
nsid
er re
stric
ting
user
logi
nsp
ecifi
ed lo
gin
hour
s for
a n
umbe
r of
user
gro
ups.
Impl
emen
ted
Cons
ider
atio
n w
as g
iven
by
the
IT a
nd IS
man
ager
.
It w
asde
term
ined
that
the
incr
ease
dco
ntro
l offe
red
by ti
me
rest
rictin
g us
erlo
gin
is no
tben
efic
ial a
s it i
s fel
t it c
ould
com
prom
ise th
e fir
eau
thor
ity’s
dut
y as
an e
mer
genc
y se
rvic
e.
(n/a
)N
one
2Am
end
acce
ss fo
r tho
se u
sers
with
inap
prop
riate
Win
dow
s Dom
ain
Adm
inist
rato
r acc
ess p
rivile
ges
iden
tifie
d du
ring
the
audi
t.
Impl
emen
ted
An e
xerc
ise w
as c
ompl
eted
imm
edia
tely
afte
r the
prio
r aud
it in
Aug
ust 2
011
toen
sure
that
onl
y ap
prop
riate
use
rs h
ave
acce
ss to
Win
dow
s Dom
ain
Adm
inist
rato
r acc
ess p
rivile
ges.
(We
note
d th
at tw
o re
port
s hav
e be
ende
signe
d w
hich
are
exe
cute
d an
dre
view
ed o
n a
mon
thly
basis
by
ITm
anag
emen
t to
ensu
re th
at a
nych
ange
s to
this
revi
ewed
list
of
adm
inist
rato
r use
rs is
app
ropr
iate
.)
(n/a
)N
one
40
Pag
e5
of7
Orig
inal
Agr
eed
Actio
nIm
plem
enta
tion
stat
usPr
iorit
y of
new
reco
mm
enda
tion
(if a
pplic
able
)
Curr
entM
anag
emen
t Act
ion
3U
nder
take
an
annu
al re
view
of u
ser
acce
ss ri
ghts
to c
onfir
m o
ngoi
ngap
prop
riate
ness
.
Impl
emen
ted
A sy
stem
of a
nnua
l rev
iew
s has
bee
nun
dert
aken
. Th
is pr
oces
s beg
an w
ith a
revi
ew o
f HR
syst
em u
sers
in A
ugus
t20
11.
The
next
revi
ew h
as b
een
sche
dule
d fo
r Jul
y/Au
gust
201
2.
(It w
as n
oted
that
an
upda
ted
proc
edur
eno
te fo
r use
r acc
ess m
anag
emen
t has
rece
ntly
bee
n im
plem
ente
d in
5th A
pril
2012
. Th
is in
clud
esfo
rmal
ass
ignm
ent
of re
spon
sibili
ty fo
r rev
iew
ing
user
acce
ss ri
ghts
.)
(n/a
)N
one
4U
nder
take
an
annu
al re
view
of a
cces
sto
the
serv
er ro
om to
con
firm
ong
oing
appr
opria
tene
ss.
Impl
emen
ted
Serv
er ro
om a
cces
s rig
hts a
re re
view
edea
ch ti
me
a ch
ange
requ
est i
s mad
e to
eith
er a
dd o
r rem
ove
acce
ss ri
ghts
for
an e
mpl
oyee
.
(n/a
)N
one
41
Pag
e6
of7
App
endi
x A
–D
efin
ition
of a
ssur
ance
opi
nion
s
Leve
l of
Ass
uran
ceD
efin
ition
Subs
tant
ial
Ther
e is
a s
ound
sys
tem
of i
nter
nal
cont
rol d
esig
ned
to a
chie
ve th
esy
stem
obj
ectiv
es.
Ade
quat
eW
hile
ther
e is
a b
asic
ally
sou
nd s
yste
mof
inte
rnal
con
trol d
esig
ned,
ther
e ar
ew
eakn
esse
s, w
hich
put
som
e of
the
syst
em o
bjec
tives
at r
isk.
Lim
ited
Wea
knes
ses
in th
e de
sign
of t
he s
yste
mof
inte
rnal
con
trols
are
suc
h as
to p
ut th
esy
stem
obj
ectiv
es a
t ris
k.
Non
eC
ontro
l des
ign
is g
ener
ally
wea
k le
avin
gth
e sy
stem
ope
n to
sig
nific
ant e
rror o
rab
use.
42
Pag
e7
of7
The
mat
ters
rais
ed in
this
repo
rt ar
e on
ly th
ose
that
cam
e to
our
atte
ntio
n du
ring
the
cour
se o
f the
aud
it w
ork
and
are
not n
eces
saril
y a
com
preh
ensi
ve s
tate
men
t of a
ll th
e w
eakn
esse
sth
at e
xist
or o
f all
the
impr
ovem
ents
that
may
be
requ
ired.
Whi
lst
ever
y ca
re h
as b
een
take
n to
ens
ure
that
the
info
rmat
ion
in t
his
repo
rt is
as
accu
rate
as
poss
ible
, it
is b
ased
on
the
info
rmat
ion
prov
ided
and
doc
umen
ts r
evie
wed
.
No
com
plet
e gu
aran
tee
or w
arra
nty
can
be g
iven
with
rega
rd to
the
advi
ce a
nd in
form
atio
n co
ntai
ned
with
in th
e re
port.
We
emph
asis
e th
at th
e re
spon
sibi
lity
to im
plem
ent a
sou
nd s
yste
mof
inte
rnal
con
trols
res
ts w
ith m
anag
emen
t and
that
our
wor
k sh
ould
not
be
take
n as
a s
ubst
itute
for
this
res
pons
ibili
ty. O
ur w
ork
has
been
con
side
red
to id
entif
y m
ater
ial i
rregu
larit
yw
hich
has
a re
ason
able
pos
sibi
lity
of d
isco
very
, how
ever
, thi
s do
es n
ot p
rovi
de a
bsol
ute
assu
ranc
e th
at m
ater
ial e
rror
, los
s or
fraud
do
not e
xist
.
This
repo
rt is
inte
nded
sol
ely
for t
he u
se o
f the
Aud
it, P
erfo
rman
ce a
nd S
crut
iny
Com
mitt
ee a
nd S
enio
r Man
agem
ent o
f the
Fire
Aut
horit
y.Th
e di
ssem
inat
ion,
dis
tribu
tion,
cop
ying
or
disc
losu
re o
f thi
s re
port
or it
s co
nten
ts is
pro
hibi
ted
unle
ss p
rior w
ritte
n pe
rmis
sion
is o
btai
ned
byH
W C
ontro
ls &
Ass
uran
ce L
LP.
No
resp
onsi
bilit
y to
any
third
par
ty is
acc
epte
d as
the
repo
rt ha
s no
t bee
n pr
epar
ed a
nd h
as n
ot b
een
inte
nded
for a
ny o
ther
pur
pose
.
© 2
012
HW
Con
trol
s an
d A
ssur
ance
LLP
.All
right
s re
serv
ed.
HW
Con
trols
& A
ssur
ance
LLP
Reg
iste
red
in E
ngla
nd &
Wal
es, N
o. O
C32
3078
Reg
iste
red
Offi
ce: 3
0 C
amp
Roa
d, F
arnb
orou
gh, H
amps
hire
GU
14 6
EW.
43
44
