Protection of automatically processed personal data
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector. ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently
Full description

State funds spent on development, operation and using of data centres services
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... supply of services, as well as opposite results of workforce reduction.
Full description

Australian Taxation Office: Administration of Australian Business Number Registrations
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description

Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description

Use of European Union funds in promoting information society
The National Audit Office audited the use of the aid allocated from the structural funds of the European Union (hereinafter EU aid) in the information technology (IT) area of the state. The National ... Audit Office checked whether the distribution of funds for the development of the information society has been balanced and transparent, and whether the distribution of aid is adequately supervised ... . Balanced distribution of aid means that development of the information society entails paying attention (and ideally providing proportional funding) to information systems aimed at the public sector, private ... Riigikontroll auditeeris Euroopa Liidu struktuurifondidest ehk tõukefondidest eraldatud toetuste (edaspidi ELi toetusraha) kasutamist riigi infotehnoloogia (IT) valdkonnas. Uuriti, kas raha jagamine ... infoühiskonna arendamise eesmärgil on olnud tasakaalustatud ja läbipaistev ning kas toetuste jagamise üle tehakse piisavat järelevalvet. Riigikontrolli hinnangul on riik infoühiskonna arengukava rakendamiseks ... toetuste jagamisel keskendunud liiga riigile suunatud IT-arenduste rahastamisele ning jätnud tagaplaanile ettevõtete konkurentsivõime parandamisele ja kolmandale sektorile suunatud IT arendusprojektide ... Balance needed for success of Information Society Development Plan ... 50% of aid has been granted primarily for the development of information systems of state agencies, i.e. as much as the other two target groups - business and citizens - put together. Information ... , true suppervision and measurement of progress are listed by the Estonian SAI as next key elements necessary to keep balanced development of strategy for Information Society.
Full description

Conflicts of interest
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description

Management of State Information Resources
The objective of the audit was to assess effectiveness of the management of the state information resources and of the use of their possibilities: suitability of the chosen state resources management ... model; rationality of the use of the State Budget funds when managing information resources; use of the possibilities of the state information resources to improve the performance of the public sector ... . Audit procedures were performed in all major institutions which form and implement the policy of information resources: Ministry of Transport and Communications, Ministry of the Interior, Ministry ... Well targeted requirements, interconnected information resources and broad use - why so difficult to be gained? ... The leading idea of the 'Approach to Management of State Information Resources' programme was to entrench a comprehensive management of data resources. After five years preparations, the desired ... momentum was still not the case. SAI Lithuania analysed roots of the problems: concept, poor use of funds, lack of interconnections, unsatified users.
Full description

Centralisation of support services of state authorities
Most goals of centralisation of support services were achived Centralisation of support services of state authorities has generally been successful, the quality of accounting has improved, and accounting has become more effective. The objective of saving on costs was not achieved. It would be beneficial to analyse the implementation of a similar model in local governments, i.e. concentrating the accounting services to central units in order to improve the quality of accounting and make work more effective. It would allow saving working time on doing routine accounting procedures and use this time more for financial management, which helps to use public funds better and more expediently.
Full description

The protection of research data at the Danish universities
The protection of research data at the Danish universities It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.
Full description

Identifying and meeting central government's skills requirements
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description