Appendix A - Audit Criteria
| Objective | Criteria |
|---|---|
| 1. Provide reasonable assurance that VAC has implemented an effective management control framework which includes accountability, roles, responsibilities and monitoring to mitigate information management risks | A. The Department has implemented an effective governance framework and has bodies in place to ensure sufficient oversight of Information Management risks and initiatives. |
| B. The Department has clearly defined and communicated roles and responsibilities relating to Information Management. | |
| C. The Department has a performance monitoring and reporting process in place to evaluate and report on Information Management activities. | |
| 2. Provide reasonable assurance that VAC has implemented effective operational and technical controls through the organization which includes recordkeeping methodologies and tools as well as awareness and training activities to mitigate risks related to Information Management. | A. Department provides employees with the necessary training, tools, resources and information to support them in discharging their Information Management responsibilities. |
| B. The Department has the appropriate tools and processes in place to support recordkeeping requirements throughout the information life cycle. |
* The audit team confirmed that all of the above criteria were met unless otherwise stated in this audit report.