Summary
In 2008 we recommended that the Ministry of Service Alberta, in conjunction with all ministries and through CIO Council, develop and promote:
- a comprehensive IT control framework and guidance for implementing it
- well-designed and effective IT control processes and activities
An IT control framework is a set of policies, processes, standards and controls that help an organization identify risks to its IT strategy and then help eliminate or reduce those risks to an acceptable level. We assessed Service Alberta’s progress to implement this recommendation in 2010 and 2012 and found that, although its progress continued, the department was not ready for a final assessment. In October 2012 Service Alberta reiterated its commitment to finish implementing this recommendation. We conducted our follow-up audit in June and July 2013.
Conclusion
Information technology control framework—implemented