20
results found in
19 ms
Page 1
of 2
WannaCry Cyber Attack and the NHS
Why the British NHS became a victim of WannaCry The NAO's investigation points at the problem of insufficient powers of the cybersecurity coordinator across the health organisation. As a result no remedial actions were taken, and the cyber attack succeeded thanks to neglected precautions.
Full description
Why the British NHS became a victim of WannaCry The NAO's investigation points at the problem of insufficient powers of the cybersecurity coordinator across the health organisation. As a result no remedial actions were taken, and the cyber attack succeeded thanks to neglected precautions.
Full description
National Audit Office
, issued in 2017
Risk cases: 3
Data security and positions with access to confidential information
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... ) is the foundation of the second part (positions with access to confidential information). Only four of the organizations we have audited show an acceptible level of compliance with the 2007 Civil Service Data ... ... Shortcomings in information security and in positions with access to confidential information ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.
Full description
This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... . The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... ) is the foundation of the second part (positions with access to confidential information). Only four of the organizations we have audited show an acceptible level of compliance with the 2007 Civil Service Data ... ... Shortcomings in information security and in positions with access to confidential information ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.
Full description
Netherlands Court of Audits
, issued in 2012
Risk cases: 3
Supply of food and medicinal products
Supply of food and medicinal products Deficiencies in emergency preparedness and weaknesses in governance are still found by the Swedish NAO in the system of safeguarding supply of food and medicinal products. The system is complex and NAO appreciates efforts made by responsible agencies. However, they found also insufficient clarity in division of responsibilities and weaknesses in coordinantion.
Full description
Supply of food and medicinal products Deficiencies in emergency preparedness and weaknesses in governance are still found by the Swedish NAO in the system of safeguarding supply of food and medicinal products. The system is complex and NAO appreciates efforts made by responsible agencies. However, they found also insufficient clarity in division of responsibilities and weaknesses in coordinantion.
Full description
Swedish National Audit Office
, issued in 2018
Risk cases: 2
Report on the problems connected with the development and implementation of the digitally based Shared Medication Record
The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... . and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... . and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
Performance measurement by regulators
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
National Audit Office
, issued in 2016
Risk cases: 2
Federal Agencies Need to Address Aging Legacy Systems
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
General Accountability Office
, issued in 2016
Risk cases: 3
The Shared Services Centre
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The Australian National Audit Office
, issued in 2016
Risk cases: 2
Effectiveness of the execution of the eHealth project
The Court of Audit of the Republic of Slovenia has audited how effectively the Ministry of Health had managed the project eHealth - the national plan for developing information system support ... to the national public health system in the period between 1st of January 2004 and 26th of September 2013. The audit has focused on the effectiveness of the Ministry in achieving the project’s goals, time ... management, management of the human resources and financial oversight. The goal of the Ministry was to implement a modern information system, which would support secure eHealth operations and effective ... ... Clear concept, good planning and financial control are indispensable conditions for a successful IT project ... The Court of Audit of the Republic of Slovenia analysed a Government eHealth project. Its goal was to implement a modern information system, which would support the health services and health related ... data. The Court has pointed at a long list of project management fundamentals to be corrected.
Full description
The Court of Audit of the Republic of Slovenia has audited how effectively the Ministry of Health had managed the project eHealth - the national plan for developing information system support ... to the national public health system in the period between 1st of January 2004 and 26th of September 2013. The audit has focused on the effectiveness of the Ministry in achieving the project’s goals, time ... management, management of the human resources and financial oversight. The goal of the Ministry was to implement a modern information system, which would support secure eHealth operations and effective ... ... Clear concept, good planning and financial control are indispensable conditions for a successful IT project ... The Court of Audit of the Republic of Slovenia analysed a Government eHealth project. Its goal was to implement a modern information system, which would support the health services and health related ... data. The Court has pointed at a long list of project management fundamentals to be corrected.
Full description
Court of Audit of the Republic of Slovenia
, issued in 2013
Risk cases: 5
Activities of the state in implementing the e-health system - Do the state, doctors and patients benefit from ehealth?
Estonia’s population is aging and the share of elderly people is increasing, as fewer children are being born and people are living longer. This creates a constantly growing need for health ... and social services and patients are also becoming more and more demanding about the volume and quality of the services provided. The more extensive and systematic implementation of e-health solutions helps ... make the health system more efficient, improves people’s health via more effective prevention, raises the awareness of patients and also contributes to the more reasonable use of health resources ... ... Why state, doctors and patients do not benefit from e-Health as much as they could? ... The report reviews whether the objectives set to the e-Health – ambitious multiyear program of Estonian Government - have been achieved. They are: higher quality of the health service and more ... efficient organisation of health care. As SAI Estonia found out, wide range problems started from two basic points: lack of strategic manager and unrealisitc schedule.
Full description
Estonia’s population is aging and the share of elderly people is increasing, as fewer children are being born and people are living longer. This creates a constantly growing need for health ... and social services and patients are also becoming more and more demanding about the volume and quality of the services provided. The more extensive and systematic implementation of e-health solutions helps ... make the health system more efficient, improves people’s health via more effective prevention, raises the awareness of patients and also contributes to the more reasonable use of health resources ... ... Why state, doctors and patients do not benefit from e-Health as much as they could? ... The report reviews whether the objectives set to the e-Health – ambitious multiyear program of Estonian Government - have been achieved. They are: higher quality of the health service and more ... efficient organisation of health care. As SAI Estonia found out, wide range problems started from two basic points: lack of strategic manager and unrealisitc schedule.
Full description
National Audit Office of Estonia
, issued in 2014
Risk cases: 3
Conflicts of interest
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
National Audit Office
, issued in 2015
Risk cases: 8