28
results found in
9 ms
Page 1
of 3
Coordinated Audit on Information Technology Governance
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
Risk cases: 5
Parallel Audit on Biometric Passports - Overall Results (anonymised)
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found
Full description
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found
Full description
Swiss Federal Audit Office
, issued in 2015
Risk cases: 4
The Board of Audit and Inspection (BAI) conducted an audit on the information systems in the area of service delivery to improve the system’s efficiency and convenience.
Korea was recognized as an Information Technology (IT) powerhouse by the international community of the UN in 2010. Such an achievement is attributable to the significant investments that the Korean ... government has commissioned toward improving the country’s information infrastructure within a short period of time.<br/> The government is investing 1 trillion won every year in an e-government project ... for citizens in the welfare and employment sectors by utilizing the renewed information infrastructure.<br/> However, the information system of some government ministries proved to have overlapping functions ... Enormous IT investments require tremendous coordination ... Korean government is investing 1 trillion won in e-government projectsevery year. Thus, the country has earned a reputation for the IT powerhouse. Apart from undeniable advantages, the huge scale ... and the speed, the information technologies are implemented with, cause some problems to be tackled. The SAI Korea turns special atention to two of them: overlapping functionalities and interconnectivity issues.
Full description
Korea was recognized as an Information Technology (IT) powerhouse by the international community of the UN in 2010. Such an achievement is attributable to the significant investments that the Korean ... government has commissioned toward improving the country’s information infrastructure within a short period of time.<br/> The government is investing 1 trillion won every year in an e-government project ... for citizens in the welfare and employment sectors by utilizing the renewed information infrastructure.<br/> However, the information system of some government ministries proved to have overlapping functions ... Enormous IT investments require tremendous coordination ... Korean government is investing 1 trillion won in e-government projectsevery year. Thus, the country has earned a reputation for the IT powerhouse. Apart from undeniable advantages, the huge scale ... and the speed, the information technologies are implemented with, cause some problems to be tackled. The SAI Korea turns special atention to two of them: overlapping functionalities and interconnectivity issues.
Full description
Board of Audit and Inspection of Korea
, issued in 2011
Risk cases: 3
Improved Planning and Performance Measures Are Needed to Help Ensure Successful Technology Modernization
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
General Accountability Office
, issued in 2012
Risk cases: 3
Performance measurement by regulators
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
National Audit Office
, issued in 2016
Risk cases: 2
Australian Taxation Office: Administration of Australian Business Number Registrations
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
The Australian National Audit Office
, issued in 2003
Risk cases: 3
Conflicts of interest
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
National Audit Office
, issued in 2015
Risk cases: 8
Federal Agencies Need to Address Aging Legacy Systems
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
General Accountability Office
, issued in 2016
Risk cases: 3
Does the state administration effectively use the stored information?
State administration could use the accumulated information more effectively Latvian auditors found that government institutions have a good cooperation in the area of data use, but there are still several areas wherein a person still has to perform the function of a 'courier'. Many channels of data exchange and distribution used in state administration create a fragmented and complicated environment for maintenance of ICT, while responsible ministry does not become actively involved and does not coordinate cooperation of institutions.
Full description
State administration could use the accumulated information more effectively Latvian auditors found that government institutions have a good cooperation in the area of data use, but there are still several areas wherein a person still has to perform the function of a 'courier'. Many channels of data exchange and distribution used in state administration create a fragmented and complicated environment for maintenance of ICT, while responsible ministry does not become actively involved and does not coordinate cooperation of institutions.
Full description
State Audit Office of the Republic of Latvia
, issued in 2017
Risk cases: 4
Has Public Administration Used All Opportunities for Efficient Management of ICT Infrastructure?
Efficient Management of ICT Infrastructure Centralised management of ICT services and infrastructure would allow the institutions to optimise in long run their resources – financial, human, material and technical. However, we observed during the audit that the move towards ICT centralisation and single data centres has ceased. The different ministries and even the institutions subordinated to the same ministry do not cooperate sufficiently with each other regarding the ICT management, maintenance, and infrastructure placement. They rather choose to maintain their own, sometimes even several, data centres.
Full description
Efficient Management of ICT Infrastructure Centralised management of ICT services and infrastructure would allow the institutions to optimise in long run their resources – financial, human, material and technical. However, we observed during the audit that the move towards ICT centralisation and single data centres has ceased. The different ministries and even the institutions subordinated to the same ministry do not cooperate sufficiently with each other regarding the ICT management, maintenance, and infrastructure placement. They rather choose to maintain their own, sometimes even several, data centres.
Full description
State Audit Office of the Republic of Latvia
, issued in 2019
Risk cases: 3