34
results found in
9 ms
Page 1
of 4
Effectiveness of internal controls in the protection of personal data in national databases
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Open Data Trend Report 2015
How to activate the open data policy The Dutch SAI looks for ways to improve open data practice in the Netherlands. They point at experience of two leading countries: UK and US, and advise to: prepare a concrete action plan, to increase number of mandatory published data, to develop government-wide data inventory and to put open data to work.
Full description
How to activate the open data policy The Dutch SAI looks for ways to improve open data practice in the Netherlands. They point at experience of two leading countries: UK and US, and advise to: prepare a concrete action plan, to increase number of mandatory published data, to develop government-wide data inventory and to put open data to work.
Full description
Netherlands Court of Audits
, issued in 2015
Risk cases: 4
Protection of automatically processed personal data
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2013
Risk cases: 2
Whether Disclosure of the Public Sector Data Is Ensured
Strategy more important than declarations Why open data are so dificult to become reality? Lithuania possesses the elements required to disclose data but lacks a strategic approach. The report by SAI Lithuania reviews all critical elements of this problem. Most of them look like a pattern reproduced by other countries. And one important thing: the SAI Lithuania opened their own data - exactly on the day of publication of the audit report!
Full description
Strategy more important than declarations Why open data are so dificult to become reality? Lithuania possesses the elements required to disclose data but lacks a strategic approach. The report by SAI Lithuania reviews all critical elements of this problem. Most of them look like a pattern reproduced by other countries. And one important thing: the SAI Lithuania opened their own data - exactly on the day of publication of the audit report!
Full description
National Audit Office of the Republic of Lithuania
, issued in 2016
Risk cases: 9
The Swedish Transport Administrations support to research and innovation
Robust internal control required to manage innovations The Swedish agency dealing with transport innovations did not use sufficient control over its research funds, shows the audit of the Swedish National Audit Office. The deficiencies include risk analysis, administrative procedures and management of taxpayers' money.
Full description
Robust internal control required to manage innovations The Swedish agency dealing with transport innovations did not use sufficient control over its research funds, shows the audit of the Swedish National Audit Office. The deficiencies include risk analysis, administrative procedures and management of taxpayers' money.
Full description
Swedish National Audit Office
, issued in 2018
Risk cases: 3
Staff scheduling in government institutions
Scheduling irregular hours work Danish Rigsrevisionen shows in their study problems with staff scheduling in government institutions where employees are required to work irregular hours. Optimized staff scheduling contributed to reducing payroll costs. On the other hand, problems with rearrangement of work, recording working hours, optimisation of staffing levels and analysis of overtime triggers - add up to high costs of workforce. IT is not always used as ally either.
Full description
Scheduling irregular hours work Danish Rigsrevisionen shows in their study problems with staff scheduling in government institutions where employees are required to work irregular hours. Optimized staff scheduling contributed to reducing payroll costs. On the other hand, problems with rearrangement of work, recording working hours, optimisation of staffing levels and analysis of overtime triggers - add up to high costs of workforce. IT is not always used as ally either.
Full description
National Audit Office of Denmark
, issued in 2015
Risk cases: 5
Business Continuity Management
Business Continuity Management is a process whereby all necessary measures are taken to ensure that a company can accomplish its core tasks on time even in extraordinary situations. The Swiss Federal ... Audit Office (SFAO) previously carried out a cross-section audit in 2009 on the BCM measures at nine administrative units of the central Federal Administration. This year’s audit focused ... on the decentralised Federal Administration as well as the Swiss Federal Railways (rail transport and ticket sales) and Swiss Post (PostFinance, Swiss Post Solutions, PostBus). ... ... A cross-section audit on business continuity management (BCM) ... The audit points, among others, at a necessary but difficult process chain: Policy - Analysis - Strategy - Planning - Training.
Full description
Business Continuity Management is a process whereby all necessary measures are taken to ensure that a company can accomplish its core tasks on time even in extraordinary situations. The Swiss Federal ... Audit Office (SFAO) previously carried out a cross-section audit in 2009 on the BCM measures at nine administrative units of the central Federal Administration. This year’s audit focused ... on the decentralised Federal Administration as well as the Swiss Federal Railways (rail transport and ticket sales) and Swiss Post (PostFinance, Swiss Post Solutions, PostBus). ... ... A cross-section audit on business continuity management (BCM) ... The audit points, among others, at a necessary but difficult process chain: Policy - Analysis - Strategy - Planning - Training.
Full description
Swiss Federal Audit Office
, issued in 2010
Risk cases: 1
Opportunities Exist for FAA to Improve Airport Terminal Area Safety Efforts
Inefficient use of data The US GAO examined various issues related to runway safety and to update its prior work on airport terminal areas. Their findings point at inefficient use of data, which may lead to more risk and to inefficient targeting their limited resources.
Full description
Inefficient use of data The US GAO examined various issues related to runway safety and to update its prior work on airport terminal areas. Their findings point at inefficient use of data, which may lead to more risk and to inefficient targeting their limited resources.
Full description
US Government Accountability Office
, issued in 2019
Risk cases: 3
Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society
access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
National Audit Office of Denmark
, issued in 2015
Risk cases: 4
Australian Taxation Office: Administration of Australian Business Number Registrations
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
The Australian National Audit Office
, issued in 2003
Risk cases: 3