12
results found in
10 ms
Page 1
of 2
The protection of research data at the Danish universities
The protection of research data at the Danish universities It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.
Full description
The protection of research data at the Danish universities It is Rigsrevisionen’s assessment that the five largest universities are not adequately protecting their research data against unknown IT equipment. As a result, foreign actors may relatively easy gain unauthorized access to the universities’ research data.This is not considered satisfactory by Rigsrevisionen. The study shows that the five largest universities have defined guidelines for researchers’ use of software and hardware centrally, but that they have failed to centralise efforts to maintain a satisfactory level of security for research data. This is due mainly to the fact that, at some universities, researchers are allowed to bring their own devices,and at all the universities, researchers are allowed to have local administrator privileges, which gives them access to install software. Additionally, all five universities know of incidents where unknown hardware has been connected to their network.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
Effectiveness of internal controls in the protection of personal data in national databases
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Data security and positions with access to confidential information
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... ) is the foundation of the second part (positions with access to confidential information). Only four of the organizations we have audited show an acceptible level of compliance with the 2007 Civil Service Data ... ... Shortcomings in information security and in positions with access to confidential information ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information. ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data
Full description
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... ) is the foundation of the second part (positions with access to confidential information). Only four of the organizations we have audited show an acceptible level of compliance with the 2007 Civil Service Data ... ... Shortcomings in information security and in positions with access to confidential information ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information. ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data
Full description
Netherlands Court of Audits
, issued in 2012
Risk cases: 3
The effectiveness of Official Development Assistance expenditure
Need of more coordination and transparency The audit of the UK's Official Development Assistance revealed among others: fragmented responsibilities and difficulties in review and reporting. These led to difficulties in assessment of effectiveness of the assistance and of progress in implementing the UK Aid Strategy.
Full description
Need of more coordination and transparency The audit of the UK's Official Development Assistance revealed among others: fragmented responsibilities and difficulties in review and reporting. These led to difficulties in assessment of effectiveness of the assistance and of progress in implementing the UK Aid Strategy.
Full description
National Audit Office
, issued in 2019
Risk cases: 4
Conflicts of interest
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
National Audit Office
, issued in 2015
Risk cases: 8
Has Public Administration Used All Opportunities for Efficient Management of ICT Infrastructure?
Efficient Management of ICT Infrastructure Centralised management of ICT services and infrastructure would allow the institutions to optimise in long run their resources – financial, human, material and technical. However, we observed during the audit that the move towards ICT centralisation and single data centres has ceased. The different ministries and even the institutions subordinated to the same ministry do not cooperate sufficiently with each other regarding the ICT management, maintenance, and infrastructure placement. They rather choose to maintain their own, sometimes even several, data centres.
Full description
Efficient Management of ICT Infrastructure Centralised management of ICT services and infrastructure would allow the institutions to optimise in long run their resources – financial, human, material and technical. However, we observed during the audit that the move towards ICT centralisation and single data centres has ceased. The different ministries and even the institutions subordinated to the same ministry do not cooperate sufficiently with each other regarding the ICT management, maintenance, and infrastructure placement. They rather choose to maintain their own, sometimes even several, data centres.
Full description
State Audit Office of the Republic of Latvia
, issued in 2019
Risk cases: 3
Identifying and meeting central government's skills requirements
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
National Audit Office
, issued in 2011
Risk cases: 6
Central government staff costs
Results of staff reductions The British NAO found that departments had significantly reduced numbers of their civil servants and of course salary costs at the same time. But they reduced staff numbers mainly by minimising recruitment, and the age profile of the civil service has changed. NAO pays a lot attention to what effect this has had on the future pipeline of talent and skills. It reminds also that the departments need long-term operating models to work efficiently with the staff reduced.
Full description
Results of staff reductions The British NAO found that departments had significantly reduced numbers of their civil servants and of course salary costs at the same time. But they reduced staff numbers mainly by minimising recruitment, and the age profile of the civil service has changed. NAO pays a lot attention to what effect this has had on the future pipeline of talent and skills. It reminds also that the departments need long-term operating models to work efficiently with the staff reduced.
Full description
National Audit Office
, issued in 2015
Risk cases: 5
Building and Implementing the Phoenix Pay System
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Office of theAuditor Generalof Canada
, issued in 2018
Risk cases: 3
Use of consultants and temporary staff
New skills needed in a longer term UK NAO: Used well, consultants and temporary staff can be an important source of specialist skills and capabilities that are uneconomic for departments to maintain in their permanent staff. Since 2009-10, the government has used spending controls to reduce its use of consultants and temporary staff, and by 2014-15 spending had fallen by £1.5 billion. However, spending has increased by between £400 million and £600 million since 2011-12, suggesting that this was more of a short-term reduction than a sustainable strategy. In the longer term, departments will need to develop workforce, skills and capacity plans to reduce their dependence on external skills. They will need to improve their strategic workforce planning to determine where they can deploy existing staff, where they need to recruit, and where they need to engage temporary resources. Without this, departments cannot demonstrate that they are achieving value for money from the use of consultants and temporary staff.
Full description
New skills needed in a longer term UK NAO: Used well, consultants and temporary staff can be an important source of specialist skills and capabilities that are uneconomic for departments to maintain in their permanent staff. Since 2009-10, the government has used spending controls to reduce its use of consultants and temporary staff, and by 2014-15 spending had fallen by £1.5 billion. However, spending has increased by between £400 million and £600 million since 2011-12, suggesting that this was more of a short-term reduction than a sustainable strategy. In the longer term, departments will need to develop workforce, skills and capacity plans to reduce their dependence on external skills. They will need to improve their strategic workforce planning to determine where they can deploy existing staff, where they need to recruit, and where they need to engage temporary resources. Without this, departments cannot demonstrate that they are achieving value for money from the use of consultants and temporary staff.
Full description
National Audit Office
, issued in 2016
Risk cases: 7