14
results found in
10 ms
Page 1
of 2
Cyber Attacks: Securing Agencies’ICT Systems
agencies compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual (ISM). The audit also considered the overall ICT security ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
agencies compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual (ISM). The audit also considered the overall ICT security ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Working of Inland Container Depots and Container Freight Stations
NEW! Online report on audit of SAI India With this first digital audit report of the Comptroller and Auditor General of India, new chapter has been opened in our profession: the online form is primary versus printable pdf. Advantages: high level of readability, live responsive charts, easy browsing and search of what users find interesting. The reported performance audit concerned 'dry ports', or multimodal logistics centres, which play growing role in domestic and international trade. It shows how gaps in concept and lax attitude to internal control can result on capacities, speed of trade, and enviromental safety.
Full description
NEW! Online report on audit of SAI India With this first digital audit report of the Comptroller and Auditor General of India, new chapter has been opened in our profession: the online form is primary versus printable pdf. Advantages: high level of readability, live responsive charts, easy browsing and search of what users find interesting. The reported performance audit concerned 'dry ports', or multimodal logistics centres, which play growing role in domestic and international trade. It shows how gaps in concept and lax attitude to internal control can result on capacities, speed of trade, and enviromental safety.
Full description
Comptroller and Auditor General of India
, issued in 2017
Risk cases: 5
Report on the government’s processing of confidential data on persons and companies
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
Centralisation of support services of state authorities
Most goals of centralisation of support services were achived Centralisation of support services of state authorities has generally been successful, the quality of accounting has improved, and accounting has become more effective. The objective of saving on costs was not achieved. It would be beneficial to analyse the implementation of a similar model in local governments, i.e. concentrating the accounting services to central units in order to improve the quality of accounting and make work more effective. It would allow saving working time on doing routine accounting procedures and use this time more for financial management, which helps to use public funds better and more expediently.
Full description
Most goals of centralisation of support services were achived Centralisation of support services of state authorities has generally been successful, the quality of accounting has improved, and accounting has become more effective. The objective of saving on costs was not achieved. It would be beneficial to analyse the implementation of a similar model in local governments, i.e. concentrating the accounting services to central units in order to improve the quality of accounting and make work more effective. It would allow saving working time on doing routine accounting procedures and use this time more for financial management, which helps to use public funds better and more expediently.
Full description
National Audit Office of Estonia
, issued in 2018
Risk cases: 2
Australian Taxation Office: Administration of Australian Business Number Registrations
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
The Australian National Audit Office
, issued in 2003
Risk cases: 3
Products sold on the European market: unravelling the system of CE marking
Problems with general picture The Netherlands National Court of Audit was interested in finding out whether anyone keeps track of all the actors involved in the process of system of European Union product markings. The interest was aroused by an observation that the vast majority of the questions raised about the system were prompted by incidents and that the questioners did not generally appear to be interested in the operation of the system as a whole...
Full description
Problems with general picture The Netherlands National Court of Audit was interested in finding out whether anyone keeps track of all the actors involved in the process of system of European Union product markings. The interest was aroused by an observation that the vast majority of the questions raised about the system were prompted by incidents and that the questioners did not generally appear to be interested in the operation of the system as a whole...
Full description
The Netherlands Court of Audit
, issued in 2017
Risk cases: 5
Performance measurement by regulators
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
National Audit Office
, issued in 2016
Risk cases: 2
Building and Implementing the Phoenix Pay System
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Office of theAuditor Generalof Canada
, issued in 2018
Risk cases: 3
Central government staff costs
Results of staff reductions The British NAO found that departments had significantly reduced numbers of their civil servants and of course salary costs at the same time. But they reduced staff numbers mainly by minimising recruitment, and the age profile of the civil service has changed. NAO pays a lot attention to what effect this has had on the future pipeline of talent and skills. It reminds also that the departments need long-term operating models to work efficiently with the staff reduced.
Full description
Results of staff reductions The British NAO found that departments had significantly reduced numbers of their civil servants and of course salary costs at the same time. But they reduced staff numbers mainly by minimising recruitment, and the age profile of the civil service has changed. NAO pays a lot attention to what effect this has had on the future pipeline of talent and skills. It reminds also that the departments need long-term operating models to work efficiently with the staff reduced.
Full description
National Audit Office
, issued in 2015
Risk cases: 5
Identifying and meeting central government's skills requirements
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
National Audit Office
, issued in 2011
Risk cases: 6