13
results found in
7 ms
Page 1
of 2
Report on the government’s processing of confidential data on persons and companies
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
Parallel Audit on Biometric Passports - Overall Results (anonymised)
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well
Full description
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well
Full description
Swiss Federal Audit Office
, issued in 2015
Risk cases: 4
Traffic Ticketing information system
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 3
Management of Police Information Resources
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 4
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Performance Audit of the Management of ICT in the Criminal Justice Sector
The Norwegian OAG has assesed how the Ministry of Justice and Public Security has discharged its responsibility for effiecient case processing through developing and applying Information ... and Communications Technology (ICT) in the criminal justice sector ... ... Unclear signals from a Ministry weaken development of ICT in the justice chain ... Points by SAI Norway: development of an overall rolling action plan based on the current ICT (Information and Communication Technology) strategy for the justice sector, performance-oriented ... reporting from the subordinate agencies, ensuring that the new ICT Police System takes into account other sub-sectors need for electronic interaction.
Full description
The Norwegian OAG has assesed how the Ministry of Justice and Public Security has discharged its responsibility for effiecient case processing through developing and applying Information ... and Communications Technology (ICT) in the criminal justice sector ... ... Unclear signals from a Ministry weaken development of ICT in the justice chain ... Points by SAI Norway: development of an overall rolling action plan based on the current ICT (Information and Communication Technology) strategy for the justice sector, performance-oriented ... reporting from the subordinate agencies, ensuring that the new ICT Police System takes into account other sub-sectors need for electronic interaction.
Full description
Office of the Auditor General of Norway
, issued in 2012
Risk cases: 2
Material–technical supply of the State Police
. The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
. The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
State Audit Office of the Republic of Latvia
, issued in 2013
Risk cases: 6
Results of the development of the state’s information systems
management and the state’s coordination mechanism in this process. ... The National Audit Office has repeatedly audited the management and development of the state’s information technology (IT) area in the last ten years. The last audit was performed in 2005. After that ... , several measures have been implemented in the state to organise the development better and to guarantee that the systems are compatible. This audit gives an opinion of the results of development project ... ... Success and failure depend on preparation ... Conclusions of performance IT audit based on a sample of government projects: business portal, land register, e-police, fire safety monitoring system, childcare information system and the document ... management system of the Defence Forces. Key problems and discussion with auditees are presented.
Full description
management and the state’s coordination mechanism in this process. ... The National Audit Office has repeatedly audited the management and development of the state’s information technology (IT) area in the last ten years. The last audit was performed in 2005. After that ... , several measures have been implemented in the state to organise the development better and to guarantee that the systems are compatible. This audit gives an opinion of the results of development project ... ... Success and failure depend on preparation ... Conclusions of performance IT audit based on a sample of government projects: business portal, land register, e-police, fire safety monitoring system, childcare information system and the document ... management system of the Defence Forces. Key problems and discussion with auditees are presented.
Full description
National Audit Office of Estonia
, issued in 2010
Risk cases: 3
IT Police Systems
Implementation by the Polish Police of two IT projects (E-police station and Command Support System - CSS) was audited. Both systems were to relieve the Police officers and increase the quality ... and effectiveness of their work. Audit explained the reason of failure in the case of E-police station project and success in the case of CSS. Although some irregularities occurred in both cases, careful planning ... and organization of the project turned out to make the difference. Accordance with the public procurement law was not part of the audit as a separate investigation in that matter was carried by respective Polish ... ... A textbook example of how not to implement the IT projects ... Polish NIK compared the implementation of two flagship IT projects of the Police HQ: successful 'Command Support System' and problematic 'E-police station'. List of interesting problems appeared...
Full description
Implementation by the Polish Police of two IT projects (E-police station and Command Support System - CSS) was audited. Both systems were to relieve the Police officers and increase the quality ... and effectiveness of their work. Audit explained the reason of failure in the case of E-police station project and success in the case of CSS. Although some irregularities occurred in both cases, careful planning ... and organization of the project turned out to make the difference. Accordance with the public procurement law was not part of the audit as a separate investigation in that matter was carried by respective Polish ... ... A textbook example of how not to implement the IT projects ... Polish NIK compared the implementation of two flagship IT projects of the Police HQ: successful 'Command Support System' and problematic 'E-police station'. List of interesting problems appeared...
Full description
Supreme Audit Office of Poland
, issued in 2013
Risk cases: 5
Federal Agencies Need to Address Aging Legacy Systems
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
General Accountability Office
, issued in 2016
Risk cases: 3