Citizens Property Insurance Corporation April 2012 Meeting Reports: Audit Commitee, Information Systems Advisory Committee
Apr 11, 2012
Citizens Property Insurance Corporation’s (“Citizens”) Audit Committee, as well as its Information Systems Advisory Committee met recently. Following are summaries of each meeting:
Audit Committee names top five candidates for Internal Auditor
At its April 6, 2012 meeting, Citizens Audit Committee (“Committee”) reviewed the qualifications of five job applicants as top candidates for the position of Citizens’ Internal Auditor.
To view the meeting materials, click here.
Citizens’ Interim Chief Executive Officer Tom Grady will now negotiate with the candidates and return a recommendation to the Committee, which, in turn will make its own recommendation to the Citizens Board of Governors (“Board”). The Committee’s intent is to have a recommendation for the Board by April 25, 2012.
The top candidates are Robert Taft, Richard Carris, Joe Martins, John Harris, and Steven Davis.
With no further business before the Committee, the meeting was adjourned.
Citizens’ Information Systems Advisory Committee reviews systems updates, approves consent items
During its April 5, 2012 teleconference, Citizens’ Information Systems Advisory Committee (“ISAC”) heard summaries of three recent technology audits, as well as status updates on Citizens’ Long Term Data Center project and Guidewire/Core System implementation.
To view the agenda and meeting materials, click here.
The three audit summaries included the Financial Statement Audit Support-Application Controls Audit, the General Computer Controls Audit, and the Disaster Recovery Audit.
As a result of the January 2012 Financial Statement Audit Support-Application Controls Audit recommendations, Citizens’ Information Security Office will expand the Computer Account Management program and address concerns related to application and server security configurations, security monitoring processes, and privileged and terminated account processes.
The General Computer Controls Audit-also concluded in January 2012-found that this area needs improvement. It encompasses all of Citizens’ Information Technology (“IT”) policies and procedures specific to planning and organization, systems development lifestyle, customer support, operations, physical and logical security, and many other areas. The Audit’s overall rating was “Needs Improvement.”
Further, the General Computer Controls Audit reviewed four areas: Systems Development Life Metrics, Systems Development Project Costs, Change Coordinator Overrides, and Notification-Rated Change Tickets. All received a “Medium Rating.” It was noted that a management action plan for improvement of the current Change Management procedures will be developed.
The overall effectiveness rating of Citizens’ Disaster Recovery processes was “Needs Improvement.”
This audit reviewed four areas: disaster recovery testing, disaster recovery implementation risk, plan development, and tracking cost of disaster recovery program. Each category received a “Medium Rating.”
It was recommended that a disaster recovery cost center be established to track costs, that risk be evaluated annually relative to the cost of recoverability of processes, and that the disaster recovery costs be reported directly to executive and senior management periodically.
After the summary reports on the three audits concluded, ISAC members then heard an update on the Long-Term Data Center Facilities program from Robert Sellers, Citizens’ Vice President of IT Strategy and Architecture. The program is a Citizens’ initiative to consolidate its data center operations into a “purposed and protected” environment.
Mr. Sellers explained that the program has been running for several years from a strategy and development standpoint. He said he recently visited four different facilities and ranked and scored them as possible choices for the consolidation. The Jacksonville vendor with which Citizens will negotiate has already been selected.
He explained that the program has several phases, the first being the consolidation discussed above. The second phase is the overall program and project management that is driving the resources needed to perform the activities. The third phase is data center migration, he added. The actual move is anticipated to take place late in 2012.
The goal is to present this plan to Citizens’ Board in June 2012 for the final selection and contract approvals for the Data Center itself, he added.
Migration to the new facility will span the 2012 Hurricane Season. Should a storm occur during the transition, being able to deploy to Citizens’ Tampa Disaster Recovery Center in Tampa is part of the plan, Mr. Sellers noted.
The program involves the consolidation of five data centers into two. One in Jacksonville has already been decommissioned, and a second, also in Jacksonville, is close to being decommissioned, Mr. Sellers stated. A third data center in Tallahassee and a fourth in Jacksonville will be included in the consolidation. The fifth data center in Tampa used for disaster recovery will continue to be used for such until the migration is well underway and those facilities can be transferred elsewhere, he noted.
“The concern is that with both of these things, there are a lot of moving parts to this program and again, keeping our readiness in place for disaster recovery and to support catastrophic events are at the top of our priority list as we do this migration activity,” Mr. Sellers said.
Kelly Booten, Citizens’ Vice President of Enterprise Planning and Project Portfolio Management, gave a brief update on the Guidewire/Core System Implementation.
She said 80 percent of the work involved to define the high-level requirements has been completed for the inception phase. All contracts are finalized and in place; staffing was adjusted for an April 2 deadline; a communication plan has been implemented for underwriting, claims, consumer, agent services, and finance; enterprise risk management has completed its first round of assessment interviews and an internal audit was presented to the program governance team.
A summary of estimated Guidewire/Core System costs follows:
- Guidewire System — 15-year total expenditures: $47 million
- Project Staff Augmentation – 10-year total: $12 million
- Technical Infrastructure — production/development, testing/training: $20 million
- Software: $2.3 million
Ms. Booten said financial benefits are expected to accrue due to improved operational efficiencies from implementation of the Core System. Task durations or outsourced services due to improved processes and reduced labor are expected to cut costs, she said.
In other business, ISAC members voted to:
- Accept the ISAC’s existing charter, with no proposed changes
- Approve a $2 million one-year contract renewal with Computer Science Corporation , which will cover the required software and technical maintenance
- Approve contracts with EMC Value Added Resellers ($5.7 million); HP and HP Value Added Resellers ($500,000); Cisco and Cisco Value Added Resellers ($750,000); and Florida Department of Management Services ($970,000) for the purchase of hardware, software, and services required to provision systems that are at the end of their life and will not be relocated to the new facility.
With no other business before the ISAC, the meeting was adjourned.
Should you have any questions or comments, please contact Colodny Fass.
Click here to follow Colodny Fass on Twitter (@CFTLAWcom)
To unsubscribe from this newsletter, please send an email to Brooke Ellis at bellis@cftlaw.com.