by Lavina Chu
I spent my co-op term as an IT and business compliance analyst working with the IT Audit and Compliance team within the ITS department at the Toronto Transit Commission.
To ensure the City of Toronto acts responsibly and remains transparent to the taxpayers they serve, accountability offices such as the Auditor General’s office and internal audit teams conduct reviews of the various City Agencies and Corporations. The Auditor General’s office periodically releases audit reports detailing the findings and recommendations for the better management of the Agencies and Corporations. As a City Agency, these audit reports may include findings relevant to the TTC, or specifically to the TTC's ITS department.
One of my duties as part of the IT Audit and Compliance team was to summarize and provide updates to senior IT management regarding the audit reports relevant to the TTC ITS department. My team and I assisted senior IT management in responding to the AG’s Office’s findings by creating action plans to address the areas for improvement. To ensure that TTC ITS would be on track to meet the AG’s Office recommendations, my team and I would conduct follow-up audits to track the improvement progress.
In preparing for future assessments by the AG’s Office, my team and I would preform internal audits for the continual improvement of business processes based on industry standards. We conducted audits to determine the effectiveness, efficiency and the responsible use of public funds for all TTC IT-related projects and service management processes.
I became familiar with the industry standards outlined by the IT Infrastructure Library (called ITIL) and the Control Objectives for Information and Related Technologies (called COBIT). I adapted these private sector frameworks to fit needs of a public service agency. I analysed TTC’s IT service management processes against the ITIL and COBIT standards and identified areas for improvement. This included the analysis of policy and procedure documentation for the different business processes and building Excel spreadsheets to analyse raw data extracted from our tracked SLAs. My assessment findings were used to improve the IT service delivery of the business processes in our department.
My team and I would then present these results and recommendations to senior IT management and the CIO.
I had experience working in various IT operations roles from my previous work and joining the audit and compliance team at the TTC gave me an opportunity to look at the work the organization does from a level beyond that of the day to day business. I had the opportunity to conduct IT audits and improve my skills relating to research, data sampling and analysis, and using clear audit language when writing assessment reports. I am very grateful to my knowledgeable co-workers and team members for their mentorship and guidance, and of course very thankful to the University of Waterloo for providing this co-op opportunity.