RiR 2007:10 Government control of information security work within the public administration
|
|
- Eugene Perry
- 5 years ago
- Views:
Transcription
1 RiR 2007:10 Government control of information security work within the public administration Summary Responsibility for the control and management of security of information within the Swedish public administration is apportioned among the Swedish Riksdag (parliament), the Swedish Government, the supervisory and support agencies appointed by the Government (the expert agencies) and the management of the individual agencies. The Swedish National Audit Office (SNAO) has chosen in this audit to focus on the Government s responsibility for making requirements of and following up the work of the their agencies (the public administration) with respect to security of information, and for taking the initiative for measures aimed at improving the conditions for the work of the public administration within this area. The audit has been carried out in the light of the problems that have emerged in the SNAO s audits of eleven public agencies performance of their responsibilities for information security. An analysis of these problems is also presented in the audit report. Have the agencies done enough? The agencies are responsible for protecting their information assets. The conclusion come to by the SNAO, based on the eleven audits, is that on the basis of current standards the agencies are not working systematically on their internal management and control of information security. The SNAO s audits have revealed the following serious incidents in the agencies operations: There are examples of agencies that have failed to avert virus attacks, as a result of which they have been unable to function, sometimes for days. The officials were without access to necessary information. Serious incidents have occurred when agencies have changed their IT systems or introduced new IT systems. Government services on the Internet that are important to society, to citizens and to businesses, were closed down for up to two weeks. Officials had difficulties in carrying out their duties in the new systems. Deficiencies in the protection of agencies websites have led to unauthorised persons gaining access to integrity-sensitive information and also being able to change that information. These incidents have been caused by among other things deficiencies in the work on information security done by the top management of the agencies concerned. The most important management problems are: Management are uncertain as to what their tasks are in the information security work and how those tasks should be carried out. Management do not request any clear documentation showing the kind of risks and threats that exist for the agency concerned. Management do
2 not therefore have sufficient insight into what measures they should prioritise to protect the agency. Management s decisions regarding security measures are not complied with. Also, management do not follow up to ensure that the security fulfils management s requirements. Management do not make sure that they are informed that important measures such as continuity plans, reporting and handling of incidents have been carried out and are functioning as intended. Management underestimate the importance of staff training and information, including training of and information to other management personnel and boards. Is the Government performing its responsibilities? The SNAO deems the problems described above to be serious and that they imply a risk of significant negative consequences for government commitments such as electronic government and national emergency management. As a result of the Government s investment in electronic government, growing numbers of agency services are becoming available on the Internet, agencies are joining together to create coordinated e-services, and there is a general increase in IT-based development work. In order for this reform of the public administration to succeed, citizens and businesses must have confidence in the e- services provided on the Internet. There is a risk of a lessening of confidence in the agencies e-services if the information cannot be protected. It may be a case of unauthorised persons gaining access to sensitive information or changing data or in some other way acting so that the services cannot be used. If that happens, there is a considerable risk of the entire investment in e-government being jeopardised. Deficiencies in information security can also affect national emergency management systems. Central government agencies have as a rule an important role to play in society s ability to forestall, prevent and manage emergencies. The agencies are therefore assumed to have a certain basic capability to enable them to fulfil their role and to help society cope with emergencies. This basic capability is dependent on how well designed the agency s information security is. In the light of the above, the SNAO considers that the Government s control of information security is of great importance. The SNAO s overall assessment is that the Government has not followed up to ensure that the internal management and control of information security in the public administration is satisfactory. The Government has not taken sufficient initiative to improve the conditions for the administration s work on information security. These conditions are treated in the following. Inexplicit requirements and mandate The SNAO has established that the Government has taken measures with respect to the technical conditions for agencies information security work, such as e-signatures, e-identification, secure Internet, etc. On the other hand, no measures have as yet been taken to support the agencies internal management and control of information security. The top management of the audited agencies have no clear understanding of what requirements and rules apply to their information security work, for example as regards management accountability and the agencies risk analyses. In the SNAO s view, this may be due among other things to the fact that the statutes in this area do not provide
3 complete and explicit guidance 1. In 2001, the Government pledged an overhaul of the regulations in the area of information security. This overhaul has not yet been carried out. The SNAO takes the view that an overhaul of the regulations is urgently needed, particularly against the background of the investment in e-government. The Government s strategy for information security provides no explicit guidance either. It is aimed at society as a whole and does not lay down specific requirements for the agencies. In support of the public administration and in support of its work on managing the agencies, the Government has set up a number of expert agencies 3 with responsibility for various issues relating to information security. The Government has not however given the expert agencies a sufficiently explicit mandate, which has meant that they have had difficulties in giving the Government a complete picture of the information security problems at the agencies. An explicit mandate is also needed in order for the expert agencies to provide appropriate regulations detailing the Government s requirements for the agencies work on information security. The Government has not followed up the agencies work on information security The audit shows that over the past ten years the Government has been broadly aware of certain management problems in the sphere of information security, but the picture has been unclear with respect to central government agencies and the Government has been unable to present any complete picture of the problems affecting the public administration. The Government has not required the central government agencies to report on the principal problems affecting information security. The Emergency Management Agency s annual assessment of the information security situation is an important source for the Government s assessment of information security work in society. The SNAO has established that the Government has not required the Emergency Management Agency to provide the information in a form that will allow the circumstances relating to central government agencies to be clearly distinguished from, for example, municipalities and county councils. At the same time, the Agency does not consider itself to have a mandate to exercise supervision of the agencies information security work that the Agency considers is needed in order to give the Government a good foundation for its management of the public administration. Management issues in the central government agencies have not been touched upon in the directives to the government investigations relating to information security issues. 1 See separate analysis in Appendix 2. 3 The Emergency Management Agency, the Security Service, the National Post and Telecom Agency, the National Defence Radio Establishment, the Administrative Development Agency (Verva), the Armed Forces, and the Defence Materiel Administration.
4 Deficiencies in the Government s preparation of information security issues According to the SNAO, the Government s organisation of the work done by the Government Offices on information security issues and the management of the expert agencies is together insufficient to handle the agencies problems with their information security. No Government Office is explicitly responsible for carrying out an overall assessment of the agencies internal management and control of information security. The audit shows that as a result of the principles for apportioning responsibility and preparing issues within the Government Offices, strong signals are required (such as serious security incidents) for the Government Offices to become aware of deficiencies in individual agencies. Strong signals are also required in order to identify general problems in the public administration. No such signals have reached the Government, for example via the Emergency Management Agency s annual situation assessment, and the Government has not realized that there is a need to tackle problems in the agencies information security work. The SNAO has also found that the eleven agency audits that have been carried out over a period of two years have also, evidently, given insufficiently strong signals for the Government to draw the conclusion that there is a general problem in the public administration. The SNAO s recommendations Recently, the Government has taken a number of measures designed to better enable the public administration, and society in general, to maintain effective information security. However, in the SNAO s view these measures are not sufficient to solve the problems that the agencies top managements are having with the information security work. Therefore, the SNAO recommends that the Government take the following action to improve the internal management and control of information security in the public administration. The Government should focus more clearly on information security issues The SNAO s eleven audits of the agencies information security work have not been understood by the Government as signalling a more general problem. The Government s investment in e-government also requires it to take action to focus on information security issues. The Ministry of Defence and the Ministry of Finance in particular should coordinate their work more closely in all issues concerning the agencies information security. Give the expert agencies an explicit mandate to follow up and report on the agencies work on information security The expert agencies have hitherto been unable to supply the Government with the information required to give it sufficient insight into the most serious problems affecting the agencies work on their information security. The Government should therefore make plain the expert agencies remit so that some are given an explicit mandate to follow up and report on the agencies management and control of the information security work. In connection with this, the Government should define the purpose and aim of the annual situation assessments. Give the agencies better conditions - set more explicit requirements for information security work
5 The agencies themselves are responsible for their own information security. The SNAO s audits have however shown that the agencies management are unsure how to deal with information security issues. In the SNAO s view, this may be because they have not been given sufficiently explicit requirements from the Government. In 2001, the Government pledged an overhaul of the regulations relating to information security. An enquiry into information security in 2005 resulted in proposals for an ordinance in the sphere of information security. The Government has still not carried out the overhaul of the regulations nor has it made any decision on the proposals produced by the enquiry. The SNAO takes the view that an overhaul of the regulations is urgently needed, particularly against the background of the investment in e- government. The Government s strategy in the sphere of information security should be made plain in order to give the Government a better foundation for its management within the public administration and in order to provide the agencies with better information on the content of government policy. Since the Government has tasked the Emergency Management Agency with developing an action plan to implement the Government s strategy, in the SNAO s opinion the Government s remit should also include paying regard to the agencies internal management and control of the information security work. The Government should also include the agencies information security work in the management by objectives and performance of the individual agencies. The requirements set for the individual agencies should be adapted to their particular circumstances.
Security for dangerous goods
RiR 2008: 29 Summary Security for dangerous goods Summary According to the Swedish Emergency Management Agency, acts of terrorism involving chemical, biological or radioactive substances constitute one
More informationThe relocation of Kiruna and Malmberget
RiR 2017:34 The relocation of Kiruna and Malmberget the Government and LKAB had inadequate decision-support data Summary and recommendations The state-owned Luossavaara Kiirunavaara Aktiebolag (LKAB) is
More informationSummary of report: Government s administration and governance of six State-owned enterprises (RiR 2004:28)
Summary of report: Government s administration and governance of six State-owned enterprises (RiR 2004:28) Riksrevisionen (the Swedish National Audit Office) has audited the way in which the Government
More informationReview of agreed-upon procedures engagements questionnaire
Review of agreed-upon procedures engagements questionnaire Review code Reviewer Review date Introduction Standards on Related Services (ASRSs) detail the responsibilities of an assurance practitioner,
More informationAudit. Committee. Guide
Version 1.1 May 2018 1 Audit Committee Guide 1 Case 2017-7987 Contents 1. Introduction... 3 2. Setting up an Audit Committee... 5 2.1. Independent Audit Committee... 5 2.2. Audit Committee Functions Undertaken
More informationBriefing Note on the Human Tissue Bill
Briefing Note on the Human Tissue Bill Introduction pending Second Reading in the House of Lords on 22 July 2004 The Human Tissue Bill was introduced to Parliament in December 2003. This legislation regulates
More informationInstructions for Sveriges Riksbank
Instructions for Sveriges Riksbank Introduction Article 1 The General Council of the Riksbank has adopted Rules of Procedure for the Riksbank. The Rules of Procedure specify the Riksbank's overall organisation
More informationIncident Management Framework. Part One: Overview and Policy. Final Draft. other plans. incident management framework. business as usual (BAU)
Final Draft Incident Management Framework Part One: Overview and Policy business as usual (BAU) incident management framework other plans Crisis Solutions 18 Hanover Square London, W1S 1HX Tel 0845 130
More informationPublic Internal Control Systems in the European Union
Public Internal Control Systems in the European Union Illustrating essential Internal Control elements Discussion Paper No. 8 Ref. 2017-1 The information and views set out in this paper are those of the
More information1. Introduction 1. INTRODUCTION. Summary
1. Introduction Summary Civil defence emergency management (CDEM) planning is essential if the impacts of emergencies on people and our communities are to be managed and reduced. Contents The section contents
More informationENVIRONMENTAL MANUAL. Page 1 of 26 Uncontrolled when printed NCH Env Manual Vers 11.0 date 01/02/18
ENVIRONMENTAL MANUAL Page 1 of 26 Uncontrolled when printed NCH Env Manual Vers 11.0 date 01/02/18 Document Control Identification and Approval Status Document Title: Environmental Manual Version Number:
More informationWe suggest the Consultative Document consider a two prong approach which:
Ernst & Young Global Limited Becket House 1 Lambeth Palace Road London, SE1 7EU Tel: +44 (0)207 980 0004 Fax: +44 (0)207 980 0275 www.ey.com 21 June 2013 Secretariat of the Basel Committee on Banking Supervision
More informationRole Profile. Deputy Operations Manager
Role Description Work as part of the Contact & Incident Control Management team, providing supervision, leadership and motivation to help the department provide a high quality service. Provide a key liaison,
More informationThe Swedish Government s Action Plan to reduce administrative burden for enterprises
The Swedish Government s Action Plan to reduce administrative burden for enterprises THE GOVERNMENT S ACTION PLAN TO REDUCE ADMINISTRATIVE BURDEN FOR ENTERPRISES 1 GENERELLA REGELFÖRENKLINGAR FINANSIERING
More informationSelf-assessment of the performance of the board of directors and of the audit committee of banks
www.pwc.ch/banks Appendix 2 (Status: 1 January 2018) Self-assessment of the performance of the board of directors and of the audit committee of banks Collective performance how well is your board of directors
More informationInternal Audit report
Financial Conduct Authority Internal Audit report A review of the design and effectiveness of the FCA s external communications strategy Findings identified Major 0 Moderate 3 Minor 1 October 2014 1 1
More informationThe FIN-FSA s thematic evaluation of the organisation of the compliance function in supervised entities
Supervisory letter 1 (8) Investment firms, fund management companies, AIF managers The FIN-FSA s thematic evaluation of the organisation of the compliance function in supervised entities The Financial
More informationSRI LANKA AUDITING STANDARD 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) CONTENTS
SRI LANKA AUDITING STANDARD 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) (Effective for audits of group financial statements for periods beginning
More informationGet ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie
Get ready A Guide to the General Data Protection Regulation (GDPR) elavon.ie The General Data Protection Regulation (GDPR) will regulate the privacy and handling of the personal data of individuals in
More informationCommittee Terms of Reference
Committee Terms of Reference Comprehensive review of Boverket s Building Regulations etc. ToR 2017:22 Decision at a government meeting on 23 February 2017 Summary A committee of inquiry is to conduct a
More informationAPPENDIX 1 COMMENTS ON EACH QUESTION
APPENDIX 1 COMMENTS ON EACH QUESTION Question 1. Should EU corporate governance measures take into account the size of listed companies? How? Should a differentiated and proportionate regime for small
More informationTo act as the nominated competent Health and Safety Manager and provide leadership for the Energy Services Directorate.
Job description Job title: CDM / Health and Safety Manager Department: Commercial & Operations Service: Highway and Energy Infrastructure Grade: GLCP-J Post reference number: JE1000004705 1. Job purpose
More informationAPCC Policy Statement
Purpose APCC Internal Data Security Policy Statement: APCC Business 1. The APCC is committed to being transparent about how it collects and uses the personal data of its workforce and to meeting its data
More informationSARBANES-OXLEY INTERNAL CONTROL PROVISIONS: FILE NUMBER 4-511
SARBANES-OXLEY INTERNAL CONTROL PROVISIONS: FILE NUMBER 4-511 Submission from the Financial Reporting Council Introduction 1. The Financial Reporting Council (FRC) is the independent regulator responsible
More informationAligning Records Management with ICT/ e-government and Freedom of Information in East Africa
Aligning Records Management with ICT/ e-government and Freedom of Information in East Africa James Lowry and Anne Thurston, International Records Management Trust Abstract This paper provides an overview
More informationCHAPTER 3 - ELEMENTS OF A COMPREHENSIVE SAFETY, HEALTH AND ENVIRONMENTAL MANAGEMENT PROGRAM
CHAPTER 3 - ELEMENTS OF A COMPREHENSIVE SAFETY, HEALTH AND ENVIRONMENTAL MANAGEMENT PROGRAM A. INTRODUCTION... 1 B. RESPONSIBILITIES... 1 C. SAFETY PROGRAM ELEMENTS.... 2 D. MANAGEMENT COMMITMENT.... 2
More informationDrafting conventions for Auditing Guidelines and key terms for public-sector auditing
PSC INTOSAI Professional Standards Committee Drafting conventions for Auditing Guidelines and key terms for public-sector auditing Introduction These drafting conventions were developed by the ISSAI Harmonisation
More informationConsultation on the UK Corporate Governance Code and Guidance on Board Effectiveness
Rolls-Royce Holdings plc 62 Buckingham Gate, London SW1E 6AT Telephone: +44 (0) 20 7222 9020 Consultation on the UK Corporate Governance Code and Guidance on Board Effectiveness Rolls-Royce welcomes the
More informationTHE LEGAL CONVERGENCE CRITERION AND THE CZECH REPUBLIC
THE LEGAL CONVERGENCE CRITERION AND THE CZECH REPUBLIC ZOLTÁN ANGYAL Faculty of Law, University of Miskolc Abstract The Maastricht criteria are to ensure the convergence of economic performance as a basis
More informationResilience The total defence concept and the development of civil defence
The Swedish Defence Commission secretariat inofficial summary Resilience The total defence concept and the development of civil defence 2021-2025 In this report the Swedish Defence Commission presents
More informationThe Role of Oversight Bodies in Promoting Good Regulatory Practices: Key Findings from the Regulatory Policy Outlook 2018
2018/SOM3/EC/CONF/016 The Role of Oversight Bodies in Promoting Good Regulatory Practices: Key Findings from the Regulatory Policy Outlook 2018 Submitted by: OECD Conference on Good Regulatory Practices
More informationAuditing of Swedish Enterprises and Organisations
Auditing of Swedish Enterprises and Organisations March 1st 2018 version 2018:1 1 General Application 1.1 These General Terms govern the relationship between the auditor ( the Auditor ) and the client
More informationThe role of Evidence and Research in Local Government. Local Government Knowledge Navigator. Tim Allen, Clive Grace and Steve Martin
Local Government Knowledge Navigator The role of Evidence and Research in Local Government Results of a Local Government Knowledge Navigator survey initiated by the Society of Local Authority Chief Executives
More informationInternational Standard on Auditing (UK) 600 (Revised June 2016)
Standard Audit and Assurance Financial Reporting Council June 2016 International Standard on Auditing (UK) 600 (Revised June 2016) Special Considerations Audits of Group Financial Statements (Including
More informationST. LOUIS COUNTY EMPLOYEE GRIEVANCE POLICY AND PROCEDURE
********************************************************* ST. LOUIS COUNTY EMPLOYEE GRIEVANCE POLICY AND PROCEDURE ********************************************************* Revised: December 1, 1970 December,
More informationWHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT
WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT WHAT IS GDPR? The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Within this document we ll explore what
More informationIdentifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk
Title Description of document The sets out the process by which the Trust identifies, manages, reduces and mitigates risks to achieving the organisational objectives. It sets out the framework required
More informationWorking with the external auditor
Working with the external auditor 0 Audit committees have an essential role to play in ensuring the integrity and transparency of corporate reporting. The PwC Audit Committee Guide is designed to help
More informationAssessment of the Capability Review programme
CABINET OFFICE Assessment of the Capability Review programme LONDON: The Stationery Office 14.35 Ordered by the House of Commons to be printed on 2 February 2009 REPORT BY THE COMPTROLLER AND AUDITOR GENERAL
More informationNHS Lambeth Clinical Commissioning Group Constitution
NHS Lambeth Clinical Commissioning Group Constitution Our mission is to improve the health and reduce health inequalities of Lambeth people and to commission the highest quality health services on their
More informationJoint Report: Changes to the Public Finance Act and State Sector Act to accommodate organisational forms other than the department
16 December 2011 ST-2-2 Joint Report: Changes to the Public Finance Act and State Sector Act to accommodate organisational forms other than the department Executive Summary The Better Public Services Advisory
More informationCEIOPS-DOC-04/06. May 2006
CEIOPS-DOC-04/06 Recommendation on Independence and Accountability May 2006 CEIOPS e.v. - Sebastian-Kneipp-Str. 41-60439 Frankfurt Germany Tel. + 49 69-951119-20 Fax. + 49 69-951119-19 email: secretariat@ceiops.org;
More informationHealth and Safety Policy
Paragon Asra Housing Limited Health and Safety Policy November 2017 Owning manager Chris Whelan, Executive Director Development & Sales Department Business Development Approved by Board - 24 November 2017
More informationSouth Wales Fire and Rescue Authority Report by the Auditor General for Wales. Preliminary Corporate Assessment August 2010
South Wales Fire and Rescue Authority Report by the Auditor General for Wales Preliminary Corporate Assessment August 2010 Wales Audit Office 24 Cathedral Road Cardiff CF11 9LJ Tel: 029 2032 0500 Fax:
More informationANNUAL GOVERNANCE STATEMENT 2016/17 AUDIT AND RISK COMMITTEE. 28 March Report by Chief Executive
ANNUAL GOVERNANCE STATEMENT 2016/17 Report by Chief Executive AUDIT AND RISK COMMITTEE 28 March 2017 1 PURPOSE AND SUMMARY 1.1 This report proposes that the Audit and Risk Committee considers and approves
More informationannual report dsb a safe and robust society where everone takes responsibility
annual report dsb 2007 a safe and robust society where everone takes responsibility Foto // Trond Isaksen DSB shall ensure that everyone takes responsibility Modern society is characterized by interdependence.
More informationA functioning society in a changing world. The MSB s report on a unified national strategy for the protection of vital societal functions
A functioning society in a changing world The MSB s report on a unified national strategy for the protection of vital societal functions A functioning society in a changing world The MSB s report on a
More informationReport to the Riksdag 2004
Riksrevisionen The Swedish National Audit Office s Report to the Riksdag 2004 rir 2004:20 RiR 2004:20 Riksrevisionen The Swedish National Audit Office s Report to the Riksdag 2004 ISBN 91 7086 023 8 RiR
More informationAuditing and Assurance Standards Council
Auditing and Assurance Standards Council Philippine Standard on Auditing 600 (Revised and Redrafted) SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS)
More informationPreparing an audit report for Limited Partnerships
AUDIT AND ASSURANCE FACULTY HELPSHEET This helpsheet was last updated in July 2017 and is based on the relevant laws and regulations that apply as at 1 June 2017. Preparing an audit report for Limited
More informationDESERT LION ENERGY LIMITED CHARTER OF THE BOARD OF DIRECTORS
DESERT LION ENERGY LIMITED 1. PURPOSE The Board of Directors (the Board ) of Desert Lion Energy Limited (the Company ) is responsible for the stewardship of the business and for acting in the best interests
More informationGeneral Information on Authorised Economic Operator (AEO)
1. Who is an AEO General Information on Authorised Economic Operator (AEO) An AEO is an economic operator who, by virtue of satisfying certain criteria, is considered to be reliable in their customs related
More informationThe protection of valuable forest
RiR 2018:17 The protection of valuable forest Summary and recommendations Background, grounds for assessment and issues Protection of valuable forest land is an important means of achieving the environmental
More informationL 360/64 Official Journal of the European Union
L 360/64 Official Journal of the European Union 19.12.2006 COMMISSION REGULATION (EC) No 1875/2006 of 18 December 2006 amending Regulation (EEC) No 2454/93 laying down provisions for the implementation
More informationHome Rule in S.C. 9/19/2016. Forms and Powers of Municipal Government in S.C.
Forms and Powers of Municipal Government in S.C. Jeff Shacker, Field Services Manager Municipal Association of South Carolina Home Rule in S.C. 1967 Constitutional Study Committee Legislature approved
More informationIT in public administration
THE SWEDISH NATIONAL AUDIT OFFICE RiR 2011:4 IT in public administration - have government agencies made a reasonable assessment of whether outsourcing contributes to increased efficiency? Summary Every
More informationEffective Relations: Roles of Mayors, Councilmembers, and Appointed Officials
: Roles of Mayors, Councilmembers, and Appointed Officials One of the most important aspects of effective government is defining, understanding, and accepting the appropriate roles of elected and appointed
More informationSA 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL
Part I : Engagement and Quality Control Standards I.169 SA 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING
More informationData Protection Policy for the Grimsby Institute of Further & Higher Education
Data Protection Policy for the Grimsby Institute of Further & Higher Education Data Protection Policy Change Control Version: V1.1 New or Replacement: Approved by: Replacement Executive Management Team
More informationThird Evaluation Round
Adoption : 6 December 2013 Publication : 6 December 2013 Public Greco RC-III (2013) 24E Third Interim Report Third Evaluation Round Third Interim Compliance Report on Sweden Transparency of Party Funding
More informationRegulations of the Audit committee of Invalda INVL, AB
Regulations of the Audit committee of Invalda INVL, AB GENERAL PART 1. Following audit committee regulations (hereinafter referred to as the Regulations) of public limited liability company Invalda INVL
More informationLeeds Health Commissioning and System Integration Board. Terms of Reference
APPENDIX A Leeds Health Commissioning and System Integration Board Terms of Reference Version: 15.0 DRAFT Approved by: Date approved: Date issued: Responsible Director: Review date: [+6 months from approval]
More informationCHAPTER 8 INTEGRATION OF QMS AND LMS
152 CHAPTER 8 INTEGRATION OF QMS AND 8.1 QUALITY MANAGEMENT SYSTEM There are various reasons for implementing a quality system that conforms to an ISO standard. The primary reason is that customers are
More informationWILTSHIRE POLICE FORCE POLICY
Template v4 WILTSHIRE POLICE FORCE POLICY BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS) Date of Publication: January 2017 Version: 3.0 Next Review Date: January 2019 POLICY STATEMENT Wiltshire Police has
More informationSTATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
Governance Digi.Com Berhad Annual Report 2017 73 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL IN ACCORDANCE WITH PARAGRAPH 15.26 (b) OF THE MAIN MARKET LISTING REQUIREMENTS OF BURSA MALAYSIA SECURITIES
More informationOPINION OF THE EUROPEAN CENTRAL BANK. of 31 October 2002
EN OPINION OF THE EUROPEAN CENTRAL BANK of 31 October 2002 at the request of the Finnish Ministry of Finance on a proposal to amend the Emergency Powers Act (CON/2002/27) A. Background 1. On 16 September
More informationREPUBLIC OF LITHUANIA LAW ON PUBLIC ADMINISTRATION. 17 June 1999 No VIII-1234 Vilnius. (As last amended on 3 June 2014 No XII-903)
REPUBLIC OF LITHUANIA LAW ON PUBLIC ADMINISTRATION 17 June 1999 No VIII-1234 Vilnius (As last amended on 3 June 2014 No XII-903) CHAPTER I GENERAL PROVISIONS Article 1. Purpose of the Law This Law shall
More informationNES/11/72. The Christie Commission on the Future Delivery of Public Services (the Christie Commission)
NES Item 8a August 2011 NES/11/72 (Enclosure) NHS Education for Scotland Board Paper Summary 1. Title of Paper The Christie Commission on the Future Delivery of Public Services (the Christie Commission)
More informationInternal Quality Auditing Procedure
Bundaberg Regional Council Organisational Services Issue Date: 12-08-2014 Review Date: 28-01-2018 Internal Quality Auditing Procedure PD-8-004. Rev. 3 1.0 PURPOSE The purpose of this procedure is to provide
More informationChartered Accountants Regulatory Board
Chartered Accountants Regulatory Board Response to the joint BIS and FRC Consultation - Proposals to Reform the Financial Reporting Council, October 2011 January 2012 Introduction The Chartered Accountants
More informationThe Swedish model by Governor Sven Lindgren, Kalmar County, Sweden
1 European Association of State Territorial Representatives 2 nd Observatory in Leuven, Belgium 22 October 2009 The Swedish model by Governor Sven Lindgren, Kalmar County, Sweden In Sweden the Government
More informationRole Profile. FCR - Call Handler /Radio Dispatcher
Role Description This describes the main areas of responsibility associated with this post along with the knowledge, skills and experience required of the post holder. In addition it describes the key
More informationIbstock plc. (the Company) Audit Committee - Terms of Reference
Ibstock plc (the Company) Audit Committee - Terms of Reference 1. PURPOSE 1.1 The role of the Audit Committee (the Committee) is to: monitor the integrity of the financial statements and related announcements
More informationqmbff1zj.zdg.docx Manage Work in Confined Spaces
Overview This national occupational standard focuses on planning, organising and managing work safely in including legislative roles and responsibilities, health and safety considerations and equipment
More informationJOB DESCRIPTION. Agenda for Change Band 8a equivalent
JOB DESCRIPTION JOB TITLE: GRADE: DEPARTMENT: LOCATION: RESPONSIBLE TO: Quality Manager Agenda for Change Band 8a equivalent Reference Services @ STH Guy s and St Thomas Hospital Service Delivery Manager
More informationOpinions of the National Audit Office
Opinions of the National Audit Office Interoperability in government ICT contracts There has been continuous growth in the role of ICT service contracts and software procurement and they will become increasingly
More informationAssociation of Secretaries General of Parliaments
UNION INTERPARLEMENTAIRE INTER-PARLIAMENTARY UNION Association of Secretaries General of Parliaments COMMUNICATION from Ms K. FLOSSING Secretary General of the Swedish Riksdag on Roadmap 2014: ongoing
More informationComparison of the Engagement Quality Review Requirements in Extant ISQC 1 1 and ISA 220 to Proposed ISQM 1 2 and Proposed ISQM 2 3
IAASB Main Agenda (December 2018) Agenda Item 4 E Comparison of the Engagement Quality Review Requirements in Extant ISQC 1 1 and ISA 220 to Proposed ISQM 1 2 and Proposed ISQM 2 3 Objective of this Agenda
More informationReport on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2015 Inspection of Paredes, Zaldívar, Burga & Asociados Sociedad Civil de (Headquartered
More informationManaging CDM in Network Rail Telecom
Issue 1 1 st January, 2016 Managing CDM in Network Rail Telecom Simon Atterwell Director - Network Rail Telecom AUTHORISATION Approved by: Neil Marsh Head of Safety & Sustainable Development Authorised
More informationReview of the Electronic Communications Regulatory Framework. Executive Summary 6: NRAs and BEREC
Review of the Electronic Communications Regulatory Framework Executive Summary 6: NRAs and BEREC 1. General context and objectives An efficient governance with modernised institutions is essential in order
More informationEXPLANATORY MEMORANDUM
EXPLANATORY MEMORANDUM NOTE: This explanatory memorandum gives an overview of the current rules and the relevant Commission decision-making practice. It also outlines the possible scope for amendments
More informationCorporate Governance and Assurance in NHS Lothian (Version 7-30 January 2017) 1. INTRODUCTION
1. INTRODUCTION Why has this document been prepared? This document has been prepared to help Board members, management and other employees understand how NHS Lothian s system of corporate governance, risk
More informationTHE SWEDISH CODE OF CORPORATE GOVERNANCE
THE SWEDISH CODE OF CORPORATE GOVERNANCE Applicable from 1 February 2010 --------------- III. RULES FOR CORPORATE GOVERNANCE 1 The shareholders meeting Shareholders influence in the company is exercised
More informationNamibian civil-military relations in the new millennium
Namibian civil-military relations in the new millennium Introduction Erastus I. Negonga Sound civil-military relations are pre-requisite to political control over the armed forces in a democratic society.
More informationBEST PRACTICES FOR AUDIT COMMITTEES
BEST PRACTICES FOR AUDIT COMMITTEES Introduction This document summarises key international best practices with respect to Audit Committees. In particular it presents the principles governing: the purpose
More informationReport on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2016 (Headquartered in Berlin, Federal Republic of Germany) Issued by the Public Company
More informationIssue: A proposal for a proactive and continuous programme of inbound secondments to the ICO to supplement our established workforce.
Meeting: Senior Leadership Team Date: 10 July 2017 Agenda Item: 5 Time: 10 minutes Proactive Internal Publication: Yes Publication: Yes Communications options: key messages / SLT extra / Blog / external
More informationPreparing an audit report for Limited Liability Partnerships (LLPs)
AUDIT AND ASSURANCE FACULTY HELPSHEET This helpsheet was last updated in July 2017 and is based on the relevant laws and regulations that apply as at 1 June 2017. Preparing an audit report for Limited
More informationDATA PROTECTION POLICY VERSION 1.0
VERSION 1.0 1 Department of Education and Skills Last updated 21 May 2018 Table of Contents 1. Introduction... 4 2. Scope & purpose... 4 3. Responsibility for this policy... 5 4. Data protection principles...
More informationReport to the European Commission on the Application of Group Supervision under the Solvency II Directive
EIOPA 17-648 22 December 2017 Report to the European Commission on the Application of Group Supervision under the Solvency II Directive EIOPA Westhafen Tower, Westhafenplatz 1-60327 Frankfurt Germany -
More informationRisk Management and Corporate Governance in Local Government
Local Government Seminar: Addressing Risks through Public Enablement - A renewal of the Local Authority Engineer's role Risk Management and Corporate Governance in Local Government Brian Cassidy CENG,
More informationStatement on the Financial Conduct Authority s further investigative steps in relation to RBS GRG
Statement on the Financial Conduct Authority s further investigative steps in relation to RBS GRG July 2018 Executive Summary The mistreatment of small and medium-sized (SME) customers within RBS s Global
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationImproved participation in the planning process?
May 2003 Briefing Environmental Law Foundation Improved participation in the planning process? It is 15 months since the Government announced an overhaul of the land use planning system to tackle a regime
More informationTerms of Reference Audit Committee. Adyen N.V.
Terms of Reference Audit Committee Adyen N.V. 4 June 2018 Contents Contents... 2 Introduction... 2 1 Composition... 2 2 Duties and Powers... 2 3 Duties regarding the External Auditor... 4 4 Meetings...
More informationConwy County Borough Council Report by the Auditor General for Wales. Preliminary Corporate Assessment August 2010
Conwy County Borough Council Report by the Auditor General for Wales Preliminary Corporate Assessment August 2010 Many aspects of corporate arrangements now support improvement but the current uncertainty
More informationCase Report from Audit Firm Inspection Results
Case Report from Audit Firm Inspection Results July 2014 Certified Public Accountants and Auditing Oversight Board Table of Contents Expectations for Audit Firms... 1 Important Points for Users of this
More informationCITY OF PALO ALTO COUNCIL PROTOCOLS
CITY OF PALO ALTO COUNCIL PROTOCOLS All Council Members All members of the City Council, including those serving as Mayor and Vice Mayor, have equal votes. No Council Member has more power than any other
More informationStocktake of IT risk supervision practices
Stocktake of IT risk supervision practices IT supervision outside European banking supervision 1 Introduction Between December 2015 and July 2016 the ECB organised working visits with the prudential banking
More information