COI Report – Part VII
Page
351 of
425 1016. Leong Seng testified that a) Since April 2018, IHiS has setup a centralised audit liaison team to pool all audit issues from all audit reports from all Clusters. The reports are maintained in a shared platform with all audit issues being tracked. The GIA has access to this shared platform so that everyone is looking atone common list of audit issues. There will be a service management team (inside the Delivery Group) to handle audit management and be the single point to do the overall tracking of the response to the audit issues. b)
For specific audit findings, the Infrastructure team of the respective Cluster to which the finding related would come up with a remediation plan and deadline. That team has to execute the plan accordingly. The other Cluster Infrastructure teams (in respect of which the audit finding was not specifically made) would plan measures as well if the finding is relevant to their Cluster. c) The Infrastructure Services group is organised in a matrix manner, with a horizontal
Cluster Infrastructure Lead, and vertical Tower Leads for specific domain competency areas of system management,
security management, end-user and network. The Tower Lead would ensure that issues surfaced by an audit on anyone Cluster is propagated to the other Clusters. The Tower Lead would ensure harmonisation and standardisation of the way the Clusters remediated and put in place measures. A similar structure applied to the Applications group. The Tower Leads would drive the efforts to remediate issues within their respective competency areas in a standardised manner, but the specific remediation plans and plan timings would be planned by the horizontal Cluster Leads.
1017.
At senior management level, based on Benedict’s evidence, there appeared to be processes in place for surfacing audit findings and escalating problems with remediation. We note that in the case of the GIA’s
FY audit on 
