84
results found in
12 ms
Page 1
of 9
Supply of food and medicinal products
Supply of food and medicinal products Deficiencies in emergency preparedness and weaknesses in governance are still found by the Swedish NAO in the system of safeguarding supply of food and medicinal products. The system is complex and NAO appreciates efforts made by responsible agencies. However, they found also insufficient clarity in division of responsibilities and weaknesses in coordinantion.
Full description
Supply of food and medicinal products Deficiencies in emergency preparedness and weaknesses in governance are still found by the Swedish NAO in the system of safeguarding supply of food and medicinal products. The system is complex and NAO appreciates efforts made by responsible agencies. However, they found also insufficient clarity in division of responsibilities and weaknesses in coordinantion.
Full description
Swedish National Audit Office
, issued in 2018
Risk cases: 2
Does the state administration effectively use the stored information?
State administration could use the accumulated information more effectively Latvian auditors found that government institutions have a good cooperation in the area of data use, but there are still several areas wherein a person still has to perform the function of a 'courier'. Many channels of data exchange and distribution used in state administration create a fragmented and complicated environment for maintenance of ICT, while responsible ministry does not become actively involved and does not coordinate cooperation of institutions.
Full description
State administration could use the accumulated information more effectively Latvian auditors found that government institutions have a good cooperation in the area of data use, but there are still several areas wherein a person still has to perform the function of a 'courier'. Many channels of data exchange and distribution used in state administration create a fragmented and complicated environment for maintenance of ICT, while responsible ministry does not become actively involved and does not coordinate cooperation of institutions.
Full description
State Audit Office of the Republic of Latvia
, issued in 2017
Risk cases: 4
Auditing the National Rationing System
The audit was to investigate the data quality, validity and reliability of two sub-systems (Ration Card and Ration Distribution) of a National Rationing System (Ration System) with the comparison ... to the rules and regulations in order to make an assessment of soundness of the Ration system and its related operations. ... Unreliable databases trigger all kinds of possible problems ... Ministry responsible for functioning of the National Rationing System developed to automate and optimize the delivery of essential subsidized commodities to eligible beneficiaries and providing state ... with reliable information fails its job.
Full description
The audit was to investigate the data quality, validity and reliability of two sub-systems (Ration Card and Ration Distribution) of a National Rationing System (Ration System) with the comparison ... to the rules and regulations in order to make an assessment of soundness of the Ration system and its related operations. ... Unreliable databases trigger all kinds of possible problems ... Ministry responsible for functioning of the National Rationing System developed to automate and optimize the delivery of essential subsidized commodities to eligible beneficiaries and providing state ... with reliable information fails its job.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 4
FEMA Needs to Address Management Weaknesses to Improve Its Systems
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
General Accountability Office
, issued in 2016
Risk cases: 4
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Coordinated Audit on Information Technology Governance
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
Risk cases: 5
Protection against fraud in migration activities at missions abroad
Migration activities can be a subject to fraud The audit showed that reports on alleged fraud in migration activities at missions abroad increased continually between 2014 and 2017. Altogether about 60 alleged cases of fraud were reported during the period, including selling interview appointments, stolen visa stickers, issuing visas on false grounds and prohibited searches in case management systems. Missions abroad, the Ministry for Foreign Affairs and the Swedish Migration Board are all responsible for migration activities at missions abroad. The division of responsibility between them is sometimes unclear and difficult to assess. According to the Swedish NAO this leads to particular challenges in ensuring satisfactory and common protection against fraud at missions abroad. Ensuring protection is made even more difficult in that the missions abroad vary regarding in terms of size, case volume, case mix and risk exposure. In addition, for the missions abroad the internal control requirements are notsufficiently explicit.
Full description
Migration activities can be a subject to fraud The audit showed that reports on alleged fraud in migration activities at missions abroad increased continually between 2014 and 2017. Altogether about 60 alleged cases of fraud were reported during the period, including selling interview appointments, stolen visa stickers, issuing visas on false grounds and prohibited searches in case management systems. Missions abroad, the Ministry for Foreign Affairs and the Swedish Migration Board are all responsible for migration activities at missions abroad. The division of responsibility between them is sometimes unclear and difficult to assess. According to the Swedish NAO this leads to particular challenges in ensuring satisfactory and common protection against fraud at missions abroad. Ensuring protection is made even more difficult in that the missions abroad vary regarding in terms of size, case volume, case mix and risk exposure. In addition, for the missions abroad the internal control requirements are notsufficiently explicit.
Full description
Swedish National Audit Office
, issued in 2018
Risk cases: 2
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... in place is essential to protecting these systems and the information they contain. <br/> This report details weaknesses GAO identified in the information security program at SEC during its audit ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... in place is essential to protecting these systems and the information they contain. <br/> This report details weaknesses GAO identified in the information security program at SEC during its audit ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
General Accountability Office
, issued in 2016
Risk cases: 5
Effectiveness of the Tax Administration of the Republic of Slovenia in the execution of modernisation projects of the Slovenian duty information system and decreasing the number of duty sub-accounts
The Tax Administration of the Republic of Slovenia (hereinafter: the Tax Administration) is responsible for collecting taxes, fees and other compulsory levies (hereinafter: duties ... ). These are the revenue of the state budget, municipal budgets, the Health Insurance Institute of Slovenia, the Institute for Pension and Disability Insurance of Slovenia (hereinafter: duties recipients) and indirectly ... of the European Union budget. In order to improve its operations, the Tax Authority decided to modernise the Slovenian duties’ collection information system. It used this opportunity to implement also a second ... ... Shaky coordination of investments in important systems ... Slovenian SAI traced a series of problems in management of crucial IT investments in tax administration. Apart from promising goals, unclear business case gave a start to many problems at next stages ... of the project, involving additional spendings, delays and errors in data processing.
Full description
The Tax Administration of the Republic of Slovenia (hereinafter: the Tax Administration) is responsible for collecting taxes, fees and other compulsory levies (hereinafter: duties ... ). These are the revenue of the state budget, municipal budgets, the Health Insurance Institute of Slovenia, the Institute for Pension and Disability Insurance of Slovenia (hereinafter: duties recipients) and indirectly ... of the European Union budget. In order to improve its operations, the Tax Authority decided to modernise the Slovenian duties’ collection information system. It used this opportunity to implement also a second ... ... Shaky coordination of investments in important systems ... Slovenian SAI traced a series of problems in management of crucial IT investments in tax administration. Apart from promising goals, unclear business case gave a start to many problems at next stages ... of the project, involving additional spendings, delays and errors in data processing.
Full description
Court of Audit of the Republic of Slovenia
, issued in 2014
Risk cases: 7
Report on the problems connected with the development and implementation of the digitally based Shared Medication Record
The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... . and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... . and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2