TAMRMS#: B02
8.6
REQUEST FOR DECISION
title
Internal Audit Steering Committee Recommendation: Cyber Security Audit Recommendations - Implementation Budget
Presented by: Darija Slokar, Strategic Services and Joanne Graham, Information Technology
label
REQUESTED MOTION
recommendation
That $132,000 be funded from the Internal Audit Steering Committee budget to implement the Cybersecurity Audit Recommendations directed by the Internal Audit Steering Committee.
body
PURPOSE OF REPORT
The purpose of this report is to bring to Council a recommendation arising from the Internal Audit Steering Committee (IASC) Agenda item of the April 4, 2025 IASC meeting. Please find the link to the IASC Agenda Package from the April 4, 2025 meeting of IASC attached to this report for additional information.
ALIGNMENT TO COUNCIL DIRECTION OR MANDATORY STATUTORY PROVISION
BYLAW 24/2023 - Internal Audit Steering Committee Bylaw
6(g) recommend to Council the budget approval required to fulfill the mandate of the Committee
6(k) recommend to Council any actions deemed appropriate by the Committee in accordance with this Bylaw
7(b) send the report to Council with or without recommendations, including budgetary recommendations to implement recommendations from an audit
BACKGROUND AND DISCUSSION
On August 22, 2024, the Internal Audit Steering Committee (IASC) was presented with the Cyber Security Audit Final Report completed by Ion United.
After the conclusion of the presentation and subsequent discussion, the Committee passed the motion to direct Administration to prepare a detailed workplan to implement recommendations, along with resources and budget requirements.
The Implementation Workplan was presented on April 4, 2025, at which time the Committee directed Administration to prepare and present a budget request to Council to ensure recommended actions from the Cyber Security Audit can be completed by the end of 2025.
After assessing the IT department’s resource capacity, capabilities, and operating budget, an estimated $132,000 additional funding is required to implement the recommendations from the Cyber Security Audit.
STAKEHOLDER COMMUNICATIONS OR ENGAGEMENT
Internal stakeholders were engaged during the Cyber Security Audit to help inform the recommendations provided in the final report.
IMPACTS OF RECOMMENDATION(S)
Financial:
The IASC currently has $191,500 remaining in their approved budget.
Once the remaining invoices from the current Resource Planning Model Review are processed, the Committee will have $169,500.
Funding $132,000 from the Internal Audit Steering Committee Budget would leave $37,500 in the Committee's budget that would be carried forward for future audits or implementation of recommendations.
Starting in 2026, the Committee will have an $100,000 base budget annually, as approved by Council.
Compliance & Legal:
Recommendations from the Cyber Security include items that will help the City advance cybersecurity practices and processes.
Program or Service:
Cybersecurity services for the organization will be advanced as a result of the audit recommendations being implemented.
Organizational:
Most recommendations impact the Cybersecurity IT team and their workplan has been prioritized to ensure implementation of recommendations from the Cybersecurity audit.
Risks
Information Technology - implementing recommendations from the Cybersecurity audit mitigates the cybersecurity risk.
ALIGNMENT TO PRIORITIES IN COUNCIL’S STRATEGIC PLAN
Not Applicable
ALIGNMENT TO LEVELS OF SERVICE DELIVERY
IT Security and Risk Management - Includes disaster recovery, business continuity, security strategy and management, risk management and access and identity management. Provision of the service ensures that the organization understands and effectively handles cyber, technology and project risk.
body
Report Date: July 15, 2025
Committee: Internal Audit Steering Committee