Summary of internal audit results
Based on the controls identified and tested, we have determined that there is reasonable evidence to indicate that:
| Report Classification | ||||||
|---|---|---|---|---|---|---|
| # | Objective | Optimally Controlled |
Managed | Some Improvement Opportunity |
Major Improvement Opportunity |
Unacceptable Risk Exposure |
| 1 | Resource allocation, and Safety program (including physical factors, safety apparatus and building floor plans) related decisions consider safety hazards and security needs |
x | ||||
| 2 | Security/safety incident monitoring occurs periodically including logging, defined categorization of incidents (e.g. by location), and reporting processes to facilitate timely and appropriate updates to Safety programs |
x | ||||
| 3 | Regular and relevant capacity building/training/awareness provided to exposed positions for responding to safety/security related concerns or priorities |
x | ||||
We identified areas where internal control weakness exists. One was noted as a significant control deficiency. If implemented, our recommendations would serve to provide a more consistent and solid security posture, clarity of responsibility, related framework and service provider governance.
Management has provided comprehensive action plans, which we believe will address the deficiencies noted. Below we provide a summary of the findings noted as part of our work: