Overview
Internal Audit selected a sample of two (2) of the eight (8) downtown properties and conducted site visits. The eight (8) downtown properties are listed as follows:
1. | 350 City Hall Square* | 5. | Windsor Museum and Art Gallery* |
2. | 400 City Hall Square* | 6. | Windsor Water World |
3. | The Windsor International Aquatic and Training Centre* | 7. | Pelissier Parking Garage |
4. | The Windsor International Transit Terminal* | 8. | Goyeau Parking Garage |
* These represent the five (5) sites for which an external security consulting firm has been retained to conduct security threat/vulnerability/risk assessments (TRVA).
During our visits, we inquired about and observed safety programs available for employees including safety/security related tools and systems that were in place. This included information related to external lighting, alarm system, access mechanisms, inspection system, monitoring by security guard, maintaining visitor logs, availability of emergency manuals, training and support provided to employees, incident reporting and management, security camera installation, etc.
To illustrate how joint/functional responsibility for managing corporate security risks we can summarize management’s activities into three (3) categories 1) managing the physical infrastructure 2) managing workplace health and safety and 3) managing contracted services.
The following comments are relevant to these three (3) managed services:
-
Physical infrastructure and workplace / occupational health and safety services are governed by the relevant legislative framework, policies, procedures and training content necessary for operationalizing security or safety programs and plans.
-
For contracted services, the contracts and relationships are the basis for assessing/managing the corporate security risks and supplemental documents (ie. security guard post orders) provide more site specific guidance.
-
Some controls are not being performed in a coordinated manner among the managed service groups. The recommendations in this report aim to improve the coordination and interaction thereof. The City may establish protocols for joint ownership of overlapping/common security policies and controls and improve interaction with health and safety teams.
The table on the following page specifies the department or function responsible for each of the managed service categories until a central owner for managing corporate security risks is defined.