99
results found in
11 ms
Page 2
of 10
Audit to the Social Security Systems of Collection of Contributions and Quotes and Relationship with Banking and other Entities Engaged in Collection Initiatives
The audit aims to evaluate the effectiveness and efficiency of the processes implemented in respect of the processing schemes of contributions/quotas, whose Wages Statements (WS) entered ... into the system in the first quarter of 2007, test the reliability, stability and confidence level of the application systems developed and the respective values processed in the entire collection circuit ... and respective accounting, and also check compliance with the contracts celebrated with banking entities. ... ... Application level of Social Security IS analyzed ... Processes maturity and automation of controls appeared to be main problems in the system which reliability, stability and confidence level were tested.
Full description
The audit aims to evaluate the effectiveness and efficiency of the processes implemented in respect of the processing schemes of contributions/quotas, whose Wages Statements (WS) entered ... into the system in the first quarter of 2007, test the reliability, stability and confidence level of the application systems developed and the respective values processed in the entire collection circuit ... and respective accounting, and also check compliance with the contracts celebrated with banking entities. ... ... Application level of Social Security IS analyzed ... Processes maturity and automation of controls appeared to be main problems in the system which reliability, stability and confidence level were tested.
Full description
TRIBUNAL DE CONTAS DE PORTUGAL
, issued in 2008
Risk cases: 2
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... in place is essential to protecting these systems and the information they contain. <br/> This report details weaknesses GAO identified in the information security program at SEC during its audit ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... in place is essential to protecting these systems and the information they contain. <br/> This report details weaknesses GAO identified in the information security program at SEC during its audit ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
General Accountability Office
, issued in 2016
Risk cases: 5
Report to the Public AccountsCommittee on mitigation of cyber attacks
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
National Audit Office of Denmark
, issued in 2013
Risk cases: 3
Cyber Attacks: Securing Agencies’ICT Systems
. In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
. In the government sector, the Australian Signals Directorate (ASD)3 has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 ... were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps.
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
Management and protection of assets in the field of the information-communication technologies at the ME SR
internal and security directives, unidentified critical and strategic Information Systems (IS), absolutely unsatisfying principles, procedures, conditions and policy relating to the data backuping (and ... control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... physical security of the areas related to the IT. All these irregularities are results of poor coordination, administration, organization, governance and operation management in the field of the ICT ... ... Started from contracting, ended in security ... and ended in exposing the organization to high security risks. ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept
Full description
internal and security directives, unidentified critical and strategic Information Systems (IS), absolutely unsatisfying principles, procedures, conditions and policy relating to the data backuping (and ... control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... physical security of the areas related to the IT. All these irregularities are results of poor coordination, administration, organization, governance and operation management in the field of the ICT ... ... Started from contracting, ended in security ... and ended in exposing the organization to high security risks. ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2012
Risk cases: 4
Management and protection of assets in the field of the information-communication technologies at the AO SR
and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... and security of assets of the information systems (IS), in the area of business continuity and the IS restoring and also several cases of lawbreaking in the field of accounting. ... The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking. ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO
Full description
and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... and security of assets of the information systems (IS), in the area of business continuity and the IS restoring and also several cases of lawbreaking in the field of accounting. ... The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking. ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2011
Risk cases: 4
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
Audit of the Government, Government-guaranteed and Municipal Debt Management Information Systems in the Ministry of Finance of the Republic of Bulgaria
? The audit covered the period from 01.01.2013 to 31.12.2013 and investigated four major areas: IT system strategy and general management; IT security and controls against disasters; Operational controls ... The main audit question studied during the audit was: Are the government, government-guaranteed (SDMS) and municipal debt management information systems (CMDR) at the Ministry of Finance effective ... and Documentation; Application Controls. ... ... Even effective and modern IT systems require improvements and updates to ensure their security and accountability ... the established system is effective and provides updated, complete and correct information. Nevertheless the audit report points out areas of security, application controls as well as documentation as the subjects ... For the management of the government, government-guaranteed and municipal debt the Ministry of Finance has established an advanced integrated information infrastructure. According to Bulgarian SAI ... that need further improvement and optimization.
Full description
? The audit covered the period from 01.01.2013 to 31.12.2013 and investigated four major areas: IT system strategy and general management; IT security and controls against disasters; Operational controls ... The main audit question studied during the audit was: Are the government, government-guaranteed (SDMS) and municipal debt management information systems (CMDR) at the Ministry of Finance effective ... and Documentation; Application Controls. ... ... Even effective and modern IT systems require improvements and updates to ensure their security and accountability ... the established system is effective and provides updated, complete and correct information. Nevertheless the audit report points out areas of security, application controls as well as documentation as the subjects ... For the management of the government, government-guaranteed and municipal debt the Ministry of Finance has established an advanced integrated information infrastructure. According to Bulgarian SAI ... that need further improvement and optimization.
Full description
Bulgarian National Audit Office
, issued in 2014
Risk cases: 3
Coordinated Audit on Information Technology Governance
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
Risk cases: 5
Parallel Audit on Biometric Passports - Overall Results (anonymised)
and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... as in security regulations relating to internal and external personnel. ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found
Full description
and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... as in security regulations relating to internal and external personnel. ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found
Full description
Swiss Federal Audit Office
, issued in 2015
Risk cases: 4