Документ взят из кэша поисковой машины. Адрес оригинального документа : http://star.arm.ac.uk/~jgd/outgoing/Armagh_CU/WORD/Management_Information.doc
Дата изменения: Fri Dec 18 12:10:29 2015
Дата индексирования: Sun Apr 10 11:48:31 2016
Кодировка:
Поисковые слова: р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п р п

Management Information Policy

This policy was adopted by the Board of Directors of Armagh Credit Union
Limited.

Signed:-

Position ________________

Position ________________

Date:

Purpose
This Management Information Policy addresses the need for accurate and
complete information to enable the board of directors and the management
team to direct, control and manage the credit union's business effectively
and efficiently and to make informed strategic and operational decisions.
Other related policies are:

Information Security Policy
Internet Policy
Business Continuity Policy
Data Protection

Introduction
Management information required to enable the board of directors and the
management team to direct, control and manage the credit union's business
effectively and efficiently and to make informed strategic and operational
decisions shall be produced on a regular basis, but at least monthly.

The board of directors shall assess and review the information systems that
produce management information on a regular basis, at least annually, to
ensure that the information produced is accurate, reliable, consistent, and
timely and that the management information meets all legal and regulatory
requirements and guidance.

Policy
The credit union shall ensure that its information systems produce
management information and other reports that are accurate, reliable,
consistent, and timely so as to enable the board of directors and
management team to:

direct, control and manage the credit union's business efficiently and
effectively,
make informed strategic and operational decisions, and
provide accurate information to regulatory and legal bodies on a timely
basis, as and when required.
'Information systems', in relation to the business of the credit union,
means all the technical and non-technical methods of establishing,
implementing, documenting and maintaining data and information within the
credit union.

Reporting
Management information covers the following reporting at a minimum:

|Report |Frequency |Distribution | |
|Reports on the Financial Position of the Credit|Monthly |Board of | |
|Union | |Directors | |
|Past performance, trends, projections of the |Quarterly |Board of | |
|financial position of the Credit Union | |Directors | |
|Strategies proposed by the Manager |Quarterly |Board of | |
| | |Directors | |
|Updates on the performance of the credit union |Quarterly |Board of | |
|against projections targets and criteria set | |Directors | |
|out in the strategic plan | | | |
|Membership and accounts of the Credit Union |Monthly |Board of | |
| | |Directors | |
|Reports on the activities of each board |Monthly |Board of | |
|committee | |Directors | |
|Reports on the test results of the Business |Annually |Board of | |
|Continuity Plan | |Directors | |
|Reports of the Credit Committee |Monthly |Board of | |
| | |Directors | |
|Reports of the Credit Control Committee |Monthly |Board of | |
| | |Directors | |
|Reports of the Membership Committee |Monthly |Board of | |
| | |Directors | |
|Reports from the Risk Management Committee |Quarterly |Board of | |
| | |Directors | |
|Reports from the Compliance Committee |Quarterly |Board of | |
| | |Directors | |
|Reports from the internal audit function |Monthly | | |
| | |Board of | |
| | |Directors | |
|Information Security Assessment Report |Annually |Board of | |
| | |Directors | |
|Incident Management Report |As |Board of | |
| |Required |Directors | |
|Change Management Log |Quarterly |Board of | |
| | |Directors | |
|Information Systems Assets Report |Annually |Board of | |
| | |Directors | |
| | | | |
| | | | |
| | | | |

Procedures
To ensure the reliability, consistency, timeliness, accessibility and
comprehensiveness of management information, appropriate quality control
measures shall be implemented. Examples of quality control measures are
the analysis of data to identify any missing or irregular data entries,
statistical summaries, and checking for data that are inconsistent with
other similar data.
For the independent assurance that information systems produce accurate
management information, appropriate quality assurance and audit procedures
shall be implemented. Quality assurance and audits use the information
from quality control to analyse how and where anomalies in information
arise and help to define the actions to resolve any issues.
For the secure storage, back-up, transmission and disposal of management
information in line with all legal and regulatory requirements and
guidance, including data protection requirements and guidance, an
appropriate backup and recovery strategy shall be adopted and implemented.
The backup strategy must include regular backups and storage at a suitable
off-site storage location. This will facilitate retrieval of data
following minor operational failures as well as total and complete
disasters. The backup and recovery of IT systems shall be monitored and
tested to ensure that when they are required as a result of a major
incident, they will operate as needed. Monitoring and testing procedures
and protocols shall be defined in the Credit Union Business Continuity
Plan. As well as electronic data, all other important information and
documents shall be stored off-site. Retention durations of backups and non-
electronic information shall be based upon any legal and regulatory
requirements. Appropriate measures shall be put in place to dispose of
information, either electronic or non-electronic, after defined retention
periods have lapsed.
To ensure compliance with legislative and regulatory requirements including
data protection legislation, the Credit Union as a data controller shall
ensure that in respect of personal data kept on file, that it complies with
the Data Protection Act to the extent that the data is obtained and
processed fairly, that it is accurate and up to date, only used and kept
for lawful purposes, is not used or disclosed in any manner incompatible
with lawful purposes, and that it is not kept for longer than is necessary.

Error Logging and control
There shall be systems and procedures in place to identify any errors in
management information. Errors shall be logged and appropriate corrective
actions designed and implemented. Where appropriate, procedures shall be
updated accordingly to ensure that errors do not re-occur.

Policy Review
This policy is formally reviewed on an annual basis.