Minutes:
The Committee received a presentation from the Audit Manager, Principal Auditor (IT) and Trainee IT Auditor that advised of the role of an IT auditor and the work they complete (for copy see file of Minutes).
The Principal Auditor advised the Committee of the following:
· What is IT Audit – definitions from Information Systems Audit and Control Association (ISACA) and Chartered Institute of Public Finance Accountants (CIPFA)
· Why do we need IT Audits – to provide assurance that IT controls are in place
· Legal requirements, policies and guidance
· Types of Audit – assurance, advice and consultancy existing systems and advice and consultancy new systems
· 2014/15 Audit Plan and Other Audits
The Chairman thanked the team for their presentation and invited questions from Members.
Councillor L Armstrong was informed that the Assistant Chief Executive was the Data Controller.
Councillor O Temple asked how big of a part IT Audit plays and how much IT enables fraud. The Audit Manager advised that as new systems develop and are reviewed, IT audit would identify risks and ensure that controls are in place. Councillor Temple asked if IT systems introduce a risk or reduce the risk of fraud. The Principal Auditor explained that provided controls were in place it would reduce the risk. IT audits ensure that passwords are in place and that user access is monitored but advised that all IT systems are susceptible to fraud.
Councillor C Carr asked how long it takes to remove someone from the system once they had left the authority. The Head of ICT Services advised that as soon as IT are notified that someone has left their passwords are removed immediately.