
Why This Audit Matters Since Toronto’s amalgamation in 1998, City divisions have used various work management systems. These systems mostly operate separately from each other and are difficult to upgrade as approaching their end of life. The Enterprise Work Management Solution (EWMS) program was initiated in 2013 to improve the work management process across the […]
The purpose of this report is to: Communicate to Audit Committee and City Council that the Auditor General has commenced a review of a Toronto Fire Services’ critical system; and Recommend that the Chief Technology Officer continue expediting the Auditor General’s prior cybersecurity-related audit recommendations, so the City is ready to prevent, detect and respond […]
Over the past decade, the City of Toronto, like other large organizations, is increasingly conducting business and key operations online in a networked environment. This makes operations more efficient and citizens are served better. The purpose of this report is to communicate security incidents that occurred at a City division and a City organization and […]

Why This Review Matters In early 2020, Auditor General became aware of a security incident in the City’s HR system through a Fraud Hotline complaint. The HR system collects and stores significant information relating to users, such as employees and elected officials. Given the importance of information privacy and cybersecurity, the Auditor General immediately initiated […]
Over the past decade, the City of Toronto, like other large organizations, is increasingly conducting business and key operations online and in a networked environment. This makes operations more efficient and citizens are served better. The City stores a vast amount of confidential and sensitive data, such as information about employees and citizens’ personal records. […]
In our report entitled “Audit of Information Technology Vulnerability and Penetration Testing – Phase 1: External Penetration Testing” we highlighted to the City management that insufficient preparation to manage cyber threats is widely considered as one of the most critical operational risks facing the organizations. The City, as well as its agencies and corporations are […]
The Auditor General completed an audit of the management of telecommunication service contracts and payments at the TTC in May 2018. The audit report entitled “Toronto Transit Commission: Managing Telecommunication Contracts and Payments” was tabled at the TTC’s May 29, 2018, Audit & Risk Management Committee. The report is included as Attachment 2 to this […]
The City spends a significant amount of money on managing information technology. The I&T Division’s 2018 Operating budget is $130.4 million and its 10 year Capital Plan is $421 million. The purpose of this audit was to review how technology expenditures are carried out to improve City operations. By The Numbers $5.5 million spent on […]
Why This Audit Matters The Information & Technology Division has prepared an IT Portfolio Integrated Plan for achieving the eCity goals, which were established in 2012. The purpose of this plan was to improve online service delivery and to update the City’s overall IT environment to ensure it is aligned with the City’s IT vision. […]