Appendix B: Background, Scope and Objectives

Background

The Security Incident Prevention and Mitigation audit is based on the risks identified through the 2019-2020 City of Windsor Internal Audit Risk Assessment and Plan approved by the Corporate Services Standing Committee on May 6, 2019. This was a value protection audit where the IA addressed risks including: Vandalism, Public Facilities, Terrorism, Training and development, and physical security of facilities.

Scope

The scope of this internal audit included an assessment of the controls in effect as of December 2019.

Internal audit objectives

The focus of this internal audit was to provide a current state assessment of the design and operating effectiveness of controls management has implemented to achieve the following objectives related to Staff Safety Incident Prevention and Mitigation managed by the City:

• Resource allocation, and Safety program (including physical factors, safety apparatus and building floor plans) related decisions considering safety hazards and security needs.

• Security/safety incident monitoring occurs periodically including logging, defined categorization of incidents (e.g. by location), and reporting processes to facilitate timely and appropriate updates to Safety programs.

• Regular and relevant capacity building/training/awareness provided to exposed positions for responding to safety/security related concerns or priorities.

Specific scope exclusions

Given the nature of the work and budgeted effort, the following elements are explicitly excluded from the scope of this internal audit:

• Emotional or verbal abuse unless threat of security to staff, logical security and access controls

• Developing/executing Business Continuity and Disaster Recovery Plans

• Investigations and reporting of incidents at an incident level

• Enterprise wide risk assessment process

• Nuclear Safety and Control Act (federal)

• Municipal Evacuation Plan

• Hazard Prevention and Mitigation

• Normal occupational hazards