Item - 2021.AU10.8
Tracking Status
- City Council adopted this item on November 9, 2021 without amendments and without debate.
- This item was considered by Audit Committee on November 2, 2021 and was adopted with amendments. It will be considered by City Council on November 9, 2021.
AU10.8 - Status of Audit Recommendations for the Technology Services Division
- Decision Type:
- ACTION
- Status:
- Adopted on Consent
- Wards:
- All
City Council Decision
City Council on November 9, 10 and 12, 2021, adopted the following:
1. City Council request the City Manager to report to the Audit Committee in the second quarter of 2022 with information from each City of Toronto division, agency and corporation on their Information Technology Disaster Recovery Plan should the City's systems, technology, communications or backups be made unavailable.
2. City Council request the Chief Technology Officer to report to the Audit Committee in the second quarter of 2022 on the status of the City of Toronto's Corporate Technology Services Disaster Recovery Plan, including implementation, testing and a full project plan for any outstanding work.
3. City Council direct that Confidential Attachments 1 and 2 to the report (October 19, 2021) from the Chief Technology Officer remain confidential in their entirety, as they pertain to the security of the property of the City of Toronto.
Confidential Attachments 1 and 2 to the report (October 19, 2021) from the Chief Technology Officer remain confidential in their entirety in accordance with the provisions of the City of Toronto Act, 2006, as as they pertain to the security of the property of the City of Toronto.
Confidential Attachment - The security of the property of the City of Toronto.
Background Information (Committee)
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172401.pdf
(October 1, 2021) Attachment 1 - Technology Services Division - Fully Implemented Audit Recommendations (Verified by the Auditor General)
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172200.pdf
(October 1, 2021) Attachment 2 - Technology Services Division - Fully Implemented Audit Recommendations (Not Verified by the Auditor General)
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172201.pdf
(October 1, 2021) Attachment 3 - Technology Services Division - Not Fully Implemented Audit Recommendations
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172400.pdf
(October 1, 2021) Confidential Attachment 1 - Technology Services Division - Fully Implemented and Not Fully Implemented Confidential Audit Recommendations
(October 1, 2021) Confidential Attachment 2 - Other Divisions Audit Recommendations - Supported by Technology Services Division
AU10.8 - Status of Audit Recommendations for the Technology Services Division
- Decision Type:
- ACTION
- Status:
- Amended
- Wards:
- All
Confidential Attachment - The security of the property of the City of Toronto.
Committee Recommendations
The Audit Committee recommends that:
1. City Council request the City Manager to report to the Audit Committee in the second quarter of 2022 with information from each City of Toronto division, agency and corporation on their IT Disaster Recovery Plan should the City's systems, technology, communications or backups be made unavailable.
2. City Council request the Chief Technology Officer to report to the Audit Committee in the second quarter of 2022 on the status of the City of Toronto's Corporate Technology Services Disaster Recovery Plan, including implementation, testing and a full project plan for any outstanding work.
3. City Council direct that Confidential Attachments 1 and 2 to the report (October 19, 2021) from the Chief Technology Officer remain confidential in their entirety, as they pertain to the security of the property of the City of Toronto.
Decision Advice and Other Information
The Audit Committee recessed its public session to meet in closed session to consider this item, as it pertains to the security of the property of the City of Toronto.
Origin
Summary
This report is pursuant to an Audit Committee motion on Item AU9.6, "Auditor General's Status Report on Outstanding Recommendations", at its meeting on July 7, 2021. At this meeting, the Audit Committee directed the Chief Technology Officer to report to the November 2, 2021 meeting of the Audit Committee with an update on the status of completed and uncompleted recommendations and explanations for why recommendations have not been completed.
In 2020, the Auditor General's Office (AGO) introduced an online audit management system, which allows Divisional management to view the audit recommendations assigned to their Divisions. Audit Management System includes all recommendations that are not fully implemented by the Division. Audit recommendations, closed as fully implemented prior to introduction of Audit Management System, are not part of Audit Management System.
Technology Services Division (TSD) has been assigned 87 recommendations in Audit Management System. These audit recommendations include recommendations directly assigned to TSD as well as those that are assigned to other Divisions with TSD in a supporting role. Table 1 below provides a summary of all the audit recommendations assigned to TSD in Audit Management System.
Table 1 - Number of Audit Recommendations Based on the Assigned Division as of October 1, 2021
Audit Recommendations assigned to TSD (as part of TSD Audit Reports) |
73 |
Audit Recommendations supported by TSD (as part of Other Divisions'* Audit Reports) |
14 |
Total Audit Recommendations for TSD in Audit Management System |
87 |
*Other Divisions include PMMD, People and Equity, Toronto Water, Financial Planning Division, Toronto Court Services, SSHA, and Toronto Transit Commission.
This report focuses on a status update and analysis of 73 audit recommendations assigned to TSD as part of TSD Audit Reports. Details of the 14 audit recommendations where TSD is in a supporting role are provided in Confidential Attachment 2. Audit recommendations assigned solely to Office of Chief Information Security Officer are not included in this report, as they are not assigned to TSD in Audit Management System.
Background Information
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172401.pdf
(October 1, 2021) Attachment 1 - Technology Services Division - Fully Implemented Audit Recommendations (Verified by the Auditor General)
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172200.pdf
(October 1, 2021) Attachment 2 - Technology Services Division - Fully Implemented Audit Recommendations (Not Verified by the Auditor General)
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172201.pdf
(October 1, 2021) Attachment 3 - Technology Services Division - Not Fully Implemented Audit Recommendations
https://www.toronto.ca/legdocs/mmis/2021/au/bgrd/backgroundfile-172400.pdf
(October 1, 2021) Confidential Attachment 1 - Technology Services Division - Fully Implemented and Not Fully Implemented Confidential Audit Recommendations
(October 1, 2021) Confidential Attachment 2 - Other Divisions Audit Recommendations - Supported by Technology Services Division
Motions
That:
1. City Council request the City Manager to report to the Audit Committee in the second quarter of 2022 with information from each City of Toronto division, agency and corporation on their IT Disaster Recovery Plan should the City's systems, technology, communications or backups be made unavailable.
2. City Council request the Chief Technology Officer to report to the Audit Committee in the second quarter of 2022 on the status of the City of Toronto's Corporate Technology Services Disaster Recovery Plan, including implementation, testing and a full project plan for any outstanding work.