POL00089779
POL00089779
ICL Internal Audit Plan : 2000 Refi IA/PLA/oo3
Version: 13
Pothway Date: 05/07/00
Document Title: Internal Audit Plan : 2000
Document Type: Plan
Abstract: This document provides details of the ICL Pathway
Internal Audit Plan for 2000.
Status: Issue
Distribution: Martyn Bennett (IAC) Mike Stares
(IAC)
Tony Oppenheim Steve Muchow
Liam Foley John Dicks
Mike Coombs (IAC) Terry Austin
John Hobson Jim Flynn
David Groom Warren Spencer
(IAC) Internal Audit Committee members.
Library
Author: Lorraine Vaughan
Comments to: Lorraine Vaughan
Comments by:
COMMERCIAL IN CONFIDENCE Page 1 of 1
© 2000 ICL Pathway Ltd
POL00089779
POL00089779
ICL Internal Audit Plan : 2000 Refi IA/PLA/oo3
Version: 13
Pothway Date: 05/07/00
O Document controt
0.1 Document history
Version I Date Reason
o1 10/12/99 _ I Initial draft
0.2 18/01/00 I Preliminary Plan plus manday estimates
1.0 28/01/00 I Raised to Issue status - minus manday estimates
1 03/05/00 I Quarterly update and plan revision for Q2 audits
1.2 01/06/00 I Includes restructuring to Q2 & Q3 planned audits
13 05/07/00 I Updated status of audits
0.2 Approvel authorities (Internal Audit Committee)
Name Position Signature Date
M. Bennett Director Quality & Risk
M. Stares Managing Director
M. Coombs Programme Director
0.3 Associated documenty
Reference Vers I Date Title Source
fa] CR/FSP/006 Audit Trail Functional Specification Pathway
{2] IA/MAN/004 Horizon System Audit Manual (CSR) Pathway
[3] I IA/MAN/oe2 Pathway Internal Audit Manual Pathway
003
COMMERCIAL IN CONFIDENCE Page 2 of u
POL00089779
POL00089779
ICL Internal Audit Plan : 2000 Refi IA/PLA/oo3
Version: 13
Pothway Date: 05/07/00
0.4 Table of content
UMtrOMUCTION .....ccesesscesseeseeeseesesseeseesseesecsseeseesssssessucsseessssuessecsussseesessessessssseeseseseeses
QSCOPE ooeseececesesesesessesescsessescsescssssescscseessseseseseesssssescseeneessssssssueacscstessseseseeeeesseseeeeneneecee
ZAudit Plan Content.........cccccecsecssecsesssessesseessesseessesseeseesssssecsssseessssneesecsesssesseesseeseess
4Maintaining the Plan..
5Audit Plan Rationale...
5.1Implementation 1Week Plan.
5.2Horizon System HelpDesk .
Una PB
5.3Technical Integration
5.4Quality & Risk Management ...........sccssecesssecsesseesseesessseeseessesseeseessesseesseeseenee
wu
5.5Customer Services Management Processes ........:.sscssseesessesesseesssesesseseeenenes
aw
5.6Resource Management/Personnel ..........scessecssessesseeseesseeseessesseesesseeseessenseess
a
5.7Commercial & FinanCial ...... ccc eeseeessesessesseseesessesesseesssesesseenseneees
5.8CSR to CSR+ Migration .......cccccscesecsesessesesseessseessssesesseesssneseeseesssnssessesneseenes
5.QData Centres... .ccccccsscseeseseeseesssessersecsesessescecscsvsseseseseessacseeeerseasessnesesenenees
5 VOSS... eeeececssesesseesscsesesseneseseeeeseneeeseeneeeseassnsueeseesesesueacseseeneasaeeseeesasenensneeseneeeee
a
5.12Supplier Management
Yuu aa
5.13Business Development/Customer Requirement.........csceeeseeseeseeseeeseess
5.-gEvent Management..........c.ccssessessesecseesessesesseesseesessesesseesssneseeseeessnesceneeeseeees
N
5.15Release Management .........secsecsssssesssesesseessessessvessesseesessecssessecsessnesarenseeneeses
5.16Joint Audit with POCL ....ccssssssesesssseseseessessseassseenssteseeneseateseaeeteaeeneeee 7
Internal Audit Plan : 2000.......cesscssseeseeseesseeseessseseeeseeseesessessssseesecsseeseeseessesessesses B
NI
COMMERCIAL IN CONFIDENCE Page 3 of 1
ICL
POL00089779
POL00089779
Internal Audit Plaw : 2000 Ref: IA/PLA/oo3
Version: 13
Pothway Date: 05/07/00
Introductiow
Schedule Ao3 and Requirement 697 establish a right of audit access to ICL
Pathway by POCL, their external auditors or other agents operating on their
behalf. This could entail ICL Pathway being subject to a continual programme
of audits by external organisations and the potential for disruption in normal
operations. Audits carried out by these organisations will have their own
objectives and any benefit to ICL Pathway would be secondary.
The Internal Audit function in ICL Pathway has been established to meet two
key objectives :
a. To provide the interface between ICL Pathway and POCL in the
implementation of the requirements of the Audit Trail Functional
Specification [1].
b. To work with POCL in Joint Audits as described in the Horizon System
Audit Manual (CSR) [2].
c To provide an independent audit capability within ICL Pathway, as a
service to management, and on which POCL Internal Audit can
potentially place their reliance.
The ICL Pathway Internal Audit function is described in the Internal Audit
Manual [3].
Scope
This document describes a series of planned audits to be executed during 2000
in support of the objectives identified above.
The document does not include any sponsor organised audit activity.
Audit Plaw Content
The Plan contains the following information :
a. Identification of audit subject Area/System/Department.
b. Shared Reporting Indicator (SRI). [Y = shared; N = internal]
c Planned start date.
d. Actual start date.
e. Completion date. (Defined as date Report issued).
f. Audit Report Reference
COMMERCIAL IN CONFIDENCE Page 4 of
POL00089779
POL00089779
ICL Internal Audit Plaw : 2000 Refi IA/PLA/oo3
Version: 1.3
Pothway Date: 05/07/00
4 Maintaining the Plaw
The Plan will be updated on a quarterly basis to reflect any changes brought
about by sponsor request and to firm up on dates left deliberately vague at the
beginning of the year.
The details of Actual Start, Completion Date and Report Reference will also be
added.
S Audit Plaw Rationale
S.L Implementotion 11Week Plaw
This is the 1 week review period preceding the re-commencement of NRO
(24/01/00) during which the organisation and processes of Implementation
were subject to a major internal review activity. The audit will provide an
independent assessment of the outcome of the review activity for the Pathway
management team.
Basis : Risk.
5.2 Horizow System HelpDesk
This area has not been subject to any previous audit. Will include site security
audit.
Basis : ISO Coverage/Supplier Mgt/VFM/Risk/Security
5.3 Technical Integration
This area was not audited during the CSR+ Development audit. The Systems
Director has requested that this area be looked at. Full E2E activity to be
considered including live support.
Basis : Business Effectiveness.
5.4 Quality & RUk Management
This area has not been subject to any previous audit.
Basis : ISO Coverage
COMMERCIAL IN CONFIDENCE Page 5 of u
POL00089779
POL00089779
ICL Internal Audit Plaw : 2000 Ref; IA/PLA/o03
Version: 1.3
Pothway Date: 05/07/00
5.5 Customer Services Management Processes
Earlier audits of CS have identified significant amounts of detailed procedure but not
higher level management processes, eg. escalation, management information,
performance measures, supplier management. This audit aims to identify and assess
process at this level.
Basis : ISO Coverage
5.6 Resource Management/ Personnel
Pathway consumes a considerable amount of resource and there is a mix of
permanent and contract staff. The audit will assess the degree to which the
selection, allocation and management of resource, particularly contract, is
managed in the best interests of Pathway and ICL. Personnel will also be
considered since they have not been subject to any previous audit.
Basis : ISO Coverage/Supplier Mgt/VFM
5.7 Commercial & Financial
This area has not been subject to any previous audit.
Basis : ISO Coverage
5.8 CSR to CSR+ Migration
This area is identified on all Delivery Manager's risk registers as high risk. The
audit will consider how this is being managed. It will consider all aspects of
migration, not just technical.
Basis : Risk
5.7 Data Centrey
These areas have not been subject to any previous audit. Will include site
security audit.
Basis : ISO Coverage/Supplier Mgt/VFM/Risk/Security
5.10 SSC
This is a particularly sensitive area of Customer Services with unprecedented
access to live systems for support purposes. Previous audits have identified
potential control weaknesses which management declare have been addressed.
COMMERCIAL IN CONFIDENCE Page 6 of 1
POL00089779
POL00089779
ICL Internal Audit Plaw : 2000 Ref; IA/PLA/o03
Version: 1.3
Pothway Date: 05/07/00
The audit will confirm the current arrangements and assess the strength of the
controls in place. Will include a site security audit.
Basis : ISO Coverage/Risk/Security
COMMERCIAL IN CONFIDENCE Page 7 of u
POL00089779
POL00089779
ICL Internal Audit Plaw : 2000 Ref; IA/PLA/o03
Version: 1.3
Pothway Date: 05/07/00
5.11 PFI := T&M
The nature of the contract has changed from PFI to T&M. The audit will
consider the readiness of Pathway’s procedures, management controls and
systems for this change.
Basis : Effectiveness/Risk
5.12 Supplier Management
This audit will draw together the findings of previous audits that have looked at
individual supplier situations.
Basis : ISO Coverage/Supplier Mgt/VFM/Effectiveness
5.13 Busineyy Development/Customer Requirementy
Neither of these areas have been subject to previous audit. In addition there is
the likelihood that new business opportunities will be emerging from the
customer in the near future. The audit will consider the state of readiness for
this and existing controls in place.
Basis : ISO Coverage/Effectiveness
5.14 Event Management
It is by no means clear that an effective regime for the identification, selection,
monitoring and review of events exists.
Basis : Effectiveness
5.15 Release Management
During 1999 a new core business process, Release Management, was defined
for Pathway. The audit will consider the deployment of this process and
whether any benefit is accruing from its implementation.
Basis : Effectiveness
5.16 Joint Audit with POCL
POCL Internal Audit have notified us of their intention to review the process of
extracting transaction based information from the Data WareHouse for use in
Invoicing. This they plan to do in September 2000. This work will be conducted
COMMERCIAL IN CONFIDENCE Page 8 of
POL00089779
POL00089779
ICL Internal Audit Plaw : 2000 Ref; IA/PLA/o03
Version: 1.3
Pothway Date: 05/07/00
under the Joint Working Framework, described in the Internal Audit Manual
and agreed with POCL as part of Acceptance.
COMMERCIAL IN CONFIDENCE Page 9 of
ICL
Pothwoy
Internal Audit Plaw : 2000
Ref:
Version:
Date:
IA/PLA/o03
13
05/07/00
POL00089779
POL00089779
6 Internal Audit Plaw : 2000
Start Start
Implementation u Week Plan N_ I January 12/01/00 15/02/00 I IA/REP/o19 N/A
3/45, Planning Process (Programme Office) N_ I January 13/01/00 ui/o2/oo I IA/REP/o20 TA/CAP/o10
3/4/16 Horizon System HelpDesk N_ I February 16/02/00 I 28/04/00 I IA/REP/o22 TA/CAP/014
3/4/13 Technical Integration N_ I February 02/02/00 I 31/03/00 I IA/REP/o21 TA/CAP/on
3/4h7 Quality & Risk Management N_ I March 16/02/00 I 12/04/00 I IA/REP/o23 I IA/CAP/o12
3/4/18 Customer Services Management Processes N_ I March 03/04/00 I 20/04/00 I IA/REP/o25, TA/CAP/o13
3/4/19 Resource Mgt/Personnel (Includes Supp Mgt for Resources) N_ I May 06/06/00 I 09/06/00 I IA/REP/027 IA/CAP/016
3/4/22 CSR+ Migration N June 19/06/00 TA/REP/o16 IA/CAP/o13
3/4/27 Data Centres N I July 10/07/00 IA/REP/o26
3/4/14 Invoicing Process N I July
3/4/20 ssc N_ I August
3/4/24 Supplier Management N_ I August
3/4/26 Operations Services (Includes Supplier Management for OSD) N I tba.
3/4/28 Invoicing/Data WareHouse [POCL Initiated] Y I September
3/4/23 Business Development/Customer Requirements N IQ4
3/4/24 Event Management N I Q4
3/4/25 Release Management N I Q4
COMMERCIAL IN CONFIDENCE
Page 10 of
ICL
Pothwoy
Internal Audit Plaw : 2000
Ref:
Version:
Date:
IA/PLA/o03
13
05/07/00
POL00089779
POL00089779
COMMERCIAL IN CONFIDENCE
Page u of n