21
results found in
9 ms
Page 1
of 3
Federal Human Resources Data
Internal control weaknesses may put mission at risk GAO audited the Enterprise Human Resources Integration payroll data warehose. The American auditors pointed at problems that may impede 'leverage of these data to meet its mission and allow others to make full use' of them. The critical internal contols areas to be improved in this cas are: completeness, accuracy, and validity of information, authorization, documentation, monitoring, results' evaluation.
Full description
Internal control weaknesses may put mission at risk GAO audited the Enterprise Human Resources Integration payroll data warehose. The American auditors pointed at problems that may impede 'leverage of these data to meet its mission and allow others to make full use' of them. The critical internal contols areas to be improved in this cas are: completeness, accuracy, and validity of information, authorization, documentation, monitoring, results' evaluation.
Full description
General Accountability Office
, issued in 2016
Risk cases: 2
IT Support in the Judicial Chain
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree. ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work
Full description
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree. ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work
Full description
Swedish National Audit Office
, issued in 2011
Risk cases: 3
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
National Audit Office of Denmark
, issued in 2015
Risk cases: 4
Use of consultants and temporary staff
New skills needed in a longer term UK NAO: Used well, consultants and temporary staff can be an important source of specialist skills and capabilities that are uneconomic for departments to maintain in their permanent staff. Since 2009-10, the government has used spending controls to reduce its use of consultants and temporary staff, and by 2014-15 spending had fallen by £1.5 billion. However, spending has increased by between £400 million and £600 million since 2011-12, suggesting that this was more of a short-term reduction than a sustainable strategy. In the longer term, departments will need to develop workforce, skills and capacity plans to reduce their dependence on external skills. They will need to improve their strategic workforce planning to determine where they can deploy existing staff, where they need to recruit, and where they need to engage temporary resources. Without this, departments cannot demonstrate that they are achieving value for money from the use of consultants and temporary staff.
Full description
New skills needed in a longer term UK NAO: Used well, consultants and temporary staff can be an important source of specialist skills and capabilities that are uneconomic for departments to maintain in their permanent staff. Since 2009-10, the government has used spending controls to reduce its use of consultants and temporary staff, and by 2014-15 spending had fallen by £1.5 billion. However, spending has increased by between £400 million and £600 million since 2011-12, suggesting that this was more of a short-term reduction than a sustainable strategy. In the longer term, departments will need to develop workforce, skills and capacity plans to reduce their dependence on external skills. They will need to improve their strategic workforce planning to determine where they can deploy existing staff, where they need to recruit, and where they need to engage temporary resources. Without this, departments cannot demonstrate that they are achieving value for money from the use of consultants and temporary staff.
Full description
National Audit Office
, issued in 2016
Risk cases: 7
Protection of automatically processed personal data
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector. ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently
Full description
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector. ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently
Full description
National Audit Office of the Republic of Lithuania
, issued in 2013
Risk cases: 2
Building and Implementing the Phoenix Pay System
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Office of theAuditor Generalof Canada
, issued in 2018
Risk cases: 3
Identifying and meeting central government's skills requirements
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
National Audit Office
, issued in 2011
Risk cases: 6
Federal Agencies Need to Address Aging Legacy Systems
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
General Accountability Office
, issued in 2016
Risk cases: 3
Products sold on the European market: unravelling the system of CE marking
Problems with general picture The Netherlands National Court of Audit was interested in finding out whether anyone keeps track of all the actors involved in the process of system of European Union product markings. The interest was aroused by an observation that the vast majority of the questions raised about the system were prompted by incidents and that the questioners did not generally appear to be interested in the operation of the system as a whole...
Full description
Problems with general picture The Netherlands National Court of Audit was interested in finding out whether anyone keeps track of all the actors involved in the process of system of European Union product markings. The interest was aroused by an observation that the vast majority of the questions raised about the system were prompted by incidents and that the questioners did not generally appear to be interested in the operation of the system as a whole...
Full description
The Netherlands Court of Audit
, issued in 2017
Risk cases: 5