49
results found in
13 ms
Page 1
of 5
FEMA Needs to Address Management Weaknesses to Improve Its Systems
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
General Accountability Office
, issued in 2016
Risk cases: 4
Electronic Health Records - VA Needs to Identify and Report Existing System Costs
Difficulties after 30 years of decentralized development The US Department of Veterans Affairs provides health care services to approximately 9 million veterans and their families. However, the IT system they use is more than 30 years old, is costly to maintain, and does not fully support exchanging health data. The US GAO, analyzed the system's modenization plans and found serious problems with definition and cost estimation.
Full description
Difficulties after 30 years of decentralized development The US Department of Veterans Affairs provides health care services to approximately 9 million veterans and their families. However, the IT system they use is more than 30 years old, is costly to maintain, and does not fully support exchanging health data. The US GAO, analyzed the system's modenization plans and found serious problems with definition and cost estimation.
Full description
US Government Accountability Office
, issued in 2019
Risk cases: 3
Cost-intensive data centres stood idle for years
Idle data centres As found by the German SAI, some of costly Federal data centres stood largely idle. The Ministry failed to adequately assess the project risks. The Ministry needs to avoid similar shortcomings in the proposed federal IT consolidation project.
Full description
Idle data centres As found by the German SAI, some of costly Federal data centres stood largely idle. The Ministry failed to adequately assess the project risks. The Ministry needs to avoid similar shortcomings in the proposed federal IT consolidation project.
Full description
Bundesrechnungshof
, issued in 2016
Risk cases: 1
Improved Planning and Performance Measures Are Needed to Help Ensure Successful Technology Modernization
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
General Accountability Office
, issued in 2012
Risk cases: 3
Coordinated Audit on Information Technology Governance
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
Risk cases: 5
Protection of automatically processed personal data
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2013
Risk cases: 2
Cyber Attacks: Securing Agencies’ICT Systems
Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... . In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Management and protection of assets in the field of the information-communication technologies at the ME SR
The Supreme Audit office of the Slovak Republic (SAO SR) has conducted the audit at the Ministry of Environment of the Slovak Republic (ME SR) for the audit period 2011 and 2012 to examine ... the compliance with the generally binding legal regulations and the general statues in the field of the information-communication technologies (ICT) and the information systems of the public administration (ISPA ... ) with emphasis on the use of the information technology (IT) services provided by the third parties. The vast amount of irregularities was found, especially many cases of failure to comply with the standards ... ... Started from contracting, ended in security ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept ... and ended in exposing the organization to high security risks.
Full description
The Supreme Audit office of the Slovak Republic (SAO SR) has conducted the audit at the Ministry of Environment of the Slovak Republic (ME SR) for the audit period 2011 and 2012 to examine ... the compliance with the generally binding legal regulations and the general statues in the field of the information-communication technologies (ICT) and the information systems of the public administration (ISPA ... ) with emphasis on the use of the information technology (IT) services provided by the third parties. The vast amount of irregularities was found, especially many cases of failure to comply with the standards ... ... Started from contracting, ended in security ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept ... and ended in exposing the organization to high security risks.
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2012
Risk cases: 4
For the sake of security – intelligence sharing between the Police Authority and the Swedish Security Service
Cooperation between Police and Security Service The Swedish NAO audited whether the Police Authority and the Swedish Security Service share intelligence effectively to prevent and combat violent extremism and terrorism. In this highly non-typical environment, some universal rules turned out to be still valid. We would like to emphasise role of : organizational patterns, information access rights and sincere feedback.
Full description
Cooperation between Police and Security Service The Swedish NAO audited whether the Police Authority and the Swedish Security Service share intelligence effectively to prevent and combat violent extremism and terrorism. In this highly non-typical environment, some universal rules turned out to be still valid. We would like to emphasise role of : organizational patterns, information access rights and sincere feedback.
Full description
Swedish National Audit Office
, issued in 2018
Risk cases: 3
Building and Implementing the Phoenix Pay System
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Office of theAuditor Generalof Canada
, issued in 2018
Risk cases: 3