Item - 2021.AU10.8

The Audit Committee recommends that:

1.  City Council request the City Manager to report to the Audit Committee in the second quarter of 2022 with information from each City of Toronto division, agency and corporation on their IT Disaster Recovery Plan should the City's systems, technology, communications or backups be made unavailable.

2.  City Council request the Chief Technology Officer to report to the Audit Committee in the second quarter of 2022 on the status of the City of Toronto's Corporate Technology Services Disaster Recovery Plan, including implementation, testing and a full project plan for any outstanding work.

3.  City Council direct that Confidential Attachments 1 and 2 to the report (October 19, 2021) from the Chief Technology Officer remain confidential in their entirety, as they pertain to the security of the property of the City of Toronto.

The Audit Committee recessed its public session to meet in closed session to consider this item, as it pertains to the security of the property of the City of Toronto.

This report is pursuant to an Audit Committee motion on Item AU9.6, "Auditor General's Status Report on Outstanding Recommendations", at its meeting on July 7, 2021. At this meeting, the Audit Committee directed the Chief Technology Officer to report to the November 2, 2021 meeting of the Audit Committee with an update on the status of completed and uncompleted recommendations and explanations for why recommendations have not been completed.

In 2020, the Auditor General's Office (AGO) introduced an online audit management system, which allows Divisional management to view the audit recommendations assigned to their Divisions. Audit Management System includes all recommendations that are not fully implemented by the Division. Audit recommendations, closed as fully implemented prior to introduction of Audit Management System, are not part of Audit Management System.

Technology Services Division (TSD) has been assigned 87 recommendations in Audit Management System. These audit recommendations include recommendations directly assigned to TSD as well as those that are assigned to other Divisions with TSD in a supporting role. Table 1 below provides a summary of all the audit recommendations assigned to TSD in Audit Management System.

Table 1 - Number of Audit Recommendations Based on the Assigned Division as of October 1, 2021

*Other Divisions include PMMD, People and Equity, Toronto Water, Financial Planning Division, Toronto Court Services, SSHA, and Toronto Transit Commission.

This report focuses on a status update and analysis of 73 audit recommendations assigned to TSD as part of TSD Audit Reports. Details of the 14 audit recommendations where TSD is in a supporting role are provided in Confidential Attachment 2. Audit recommendations assigned solely to Office of Chief Information Security Officer are not included in this report, as they are not assigned to TSD in Audit Management System.