54
results found in
10 ms
Page 1
of 6
Federal Institute for Risk Assessment purchased unnecessary software
Risk of poor requirements management The Germamn SAI audited the Federal Institute for Risk Assessment that introduce a new software. Time of implementation was nearly three times as long as originally scheduled. The costs also nearly trebled. Moreover, the Institute purchased unnecessary licences for expanding the software
Full description
Risk of poor requirements management The Germamn SAI audited the Federal Institute for Risk Assessment that introduce a new software. Time of implementation was nearly three times as long as originally scheduled. The costs also nearly trebled. Moreover, the Institute purchased unnecessary licences for expanding the software
Full description
Bundesrechnungshof
, issued in 2017
Risk cases: 2
Software management assessment in local governments and local government educational institutions
Objective of the audit was to verify compliance of software recording and management with regulatory enactments, as well as to assess the effectiveness of software management in local governments ... and local government educational institutions. ... ... Software management assessment in local governments and local government educational institutions ... Manage your software! Local governments and local government education institution neglect basic safety procedures, use outdated or illegal kinds of software, use two and more different software ... for the same function.
Full description
Objective of the audit was to verify compliance of software recording and management with regulatory enactments, as well as to assess the effectiveness of software management in local governments ... and local government educational institutions. ... ... Software management assessment in local governments and local government educational institutions ... Manage your software! Local governments and local government education institution neglect basic safety procedures, use outdated or illegal kinds of software, use two and more different software ... for the same function.
Full description
State Audit Office of the Republic of Latvia
, issued in 2013
Risk cases: 4
Management of Information Resources of the Ministry of the Interior
of the audit was to assess the management of information resources in the Ministry of the Interior. We assessed how the Ministry ensures planning and organisation, monitoring, assessment and coordination ... of their management. In addition, we assessed the IT management maturity in the Ministry. We analysed information resources managed by the Ministry (five state registers, eight state IS and three departmental registers ... Many activities of the Ministry of the Interior require the use of information resources that are of great significance to the entire State, such as the state and departmental registers, and public ... ... Process maturity examination can help in IT audit ... also flaws in change management and security processes. But the finding, which gave them the key to the root cause of problems, was connected with maturity assessment of the auditee's IT processes. ... Main risk areas in case of this audit were strategic and organisational - Ministry’s weak ownership of IT resources, insufficient audit and internal control function. SAI Lithuania auditors found
Full description
of the audit was to assess the management of information resources in the Ministry of the Interior. We assessed how the Ministry ensures planning and organisation, monitoring, assessment and coordination ... of their management. In addition, we assessed the IT management maturity in the Ministry. We analysed information resources managed by the Ministry (five state registers, eight state IS and three departmental registers ... Many activities of the Ministry of the Interior require the use of information resources that are of great significance to the entire State, such as the state and departmental registers, and public ... ... Process maturity examination can help in IT audit ... also flaws in change management and security processes. But the finding, which gave them the key to the root cause of problems, was connected with maturity assessment of the auditee's IT processes. ... Main risk areas in case of this audit were strategic and organisational - Ministry’s weak ownership of IT resources, insufficient audit and internal control function. SAI Lithuania auditors found
Full description
National Audit Office of the Republic of Lithuania
, issued in 2016
Risk cases: 4
Report to on the user-friendliness and user involvement in the development of e-government services in Denmark
is to provide an assessment of the authorities’ efforts to ensure that e-government services are user-friendly. The report answers the following questions: - Have the authorities involved the users ... in the development of the e-government services? - Have the authorities conducted post-launch assessments of the user-friendliness of the e-government services, and do the contracts with the suppliers of the solutions ... e-government services: - NemID (EasyID – the Danish public sector common digital signature solution), The Danish Agency for Digitisation (the Ministry of Finance); - TastSelv Borger (E-tax self ... ... User-friendliness of public services should be consistenty required and tested ... The Danish Rigsrevisionen is of the opinion that the user-friendliness of the services can be improved if the authorities meet all the requirements of the Danish Agency for Digitisation concerning ... the matter. The audit covered user-friendliness related problems in case of five systems, before and after the launch. The systems take-up was also considered, as well as communicating with citizens who ... are unable to use digital services.
Full description
is to provide an assessment of the authorities’ efforts to ensure that e-government services are user-friendly. The report answers the following questions: - Have the authorities involved the users ... in the development of the e-government services? - Have the authorities conducted post-launch assessments of the user-friendliness of the e-government services, and do the contracts with the suppliers of the solutions ... e-government services: - NemID (EasyID – the Danish public sector common digital signature solution), The Danish Agency for Digitisation (the Ministry of Finance); - TastSelv Borger (E-tax self ... ... User-friendliness of public services should be consistenty required and tested ... The Danish Rigsrevisionen is of the opinion that the user-friendliness of the services can be improved if the authorities meet all the requirements of the Danish Agency for Digitisation concerning ... the matter. The audit covered user-friendliness related problems in case of five systems, before and after the launch. The systems take-up was also considered, as well as communicating with citizens who ... are unable to use digital services.
Full description
National Audit Office of Denmark
, issued in 2013
Risk cases: 2
Audit to the Social Security Systems of Collection of Contributions and Quotes and Relationship with Banking and other Entities Engaged in Collection Initiatives
The audit aims to evaluate the effectiveness and efficiency of the processes implemented in respect of the processing schemes of contributions/quotas, whose Wages Statements (WS) entered ... into the system in the first quarter of 2007, test the reliability, stability and confidence level of the application systems developed and the respective values processed in the entire collection circuit ... and respective accounting, and also check compliance with the contracts celebrated with banking entities. ... ... Application level of Social Security IS analyzed ... Processes maturity and automation of controls appeared to be main problems in the system which reliability, stability and confidence level were tested.
Full description
The audit aims to evaluate the effectiveness and efficiency of the processes implemented in respect of the processing schemes of contributions/quotas, whose Wages Statements (WS) entered ... into the system in the first quarter of 2007, test the reliability, stability and confidence level of the application systems developed and the respective values processed in the entire collection circuit ... and respective accounting, and also check compliance with the contracts celebrated with banking entities. ... ... Application level of Social Security IS analyzed ... Processes maturity and automation of controls appeared to be main problems in the system which reliability, stability and confidence level were tested.
Full description
TRIBUNAL DE CONTAS DE PORTUGAL
, issued in 2008
Risk cases: 2
Coordinated Audit on Information Technology Governance
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
IT governance needs awareness and SAIs' support The OLACEFS auditors found that the greatest challenge for the SAIs is to raise the awareness of the audit institutions about the importance of IT governance and the benefits that could be obtained by improving its degree of maturity. The audit was conducted by 11 SAIs and coordinated by TCU of Brasil. They concluded: 'It is important, even urgent, to invest resources to implement or enhance: the IT committees; the IT planning process; strategic IT planning; monitoring the IT contracting process; the business continuity plan; the designation of a responsible person or unit to manage security information; a risk management process; an asset inventory process; an information security committee; and a policy for access control.'
Full description
Risk cases: 5
State aid for IT projects in social and health care
and Health. All in all approximately 250 million euros was tied to development projects carried out as national measures in 2000-2010, not including the self-funded portion of aid or loans granted ... In 2000-2009 about 180 million euros in national and European Union funds went to finance information technology projects in social and health care, not including the costs of developing national ... information system services (KanTa project) or the National Project for Social Services IT (Tikesos project). Financing has been provided by the Ministry of Social Affairs and H ealth, the Finnish Funding ... Difficult coordination of IT projects ... Finish Audit Office analyzed results of poor cooperation between authorities on national and local level in social and health care projects: difficult integration of information systems and poor ... coordination of the financing information technology projects, including double financing.
Full description
and Health. All in all approximately 250 million euros was tied to development projects carried out as national measures in 2000-2010, not including the self-funded portion of aid or loans granted ... In 2000-2009 about 180 million euros in national and European Union funds went to finance information technology projects in social and health care, not including the costs of developing national ... information system services (KanTa project) or the National Project for Social Services IT (Tikesos project). Financing has been provided by the Ministry of Social Affairs and H ealth, the Finnish Funding ... Difficult coordination of IT projects ... Finish Audit Office analyzed results of poor cooperation between authorities on national and local level in social and health care projects: difficult integration of information systems and poor ... coordination of the financing information technology projects, including double financing.
Full description
National Audit Office of Finland
, issued in 2011
Risk cases: 3
Parallel Audit on Biometric Passports - Overall Results (anonymised)
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well
Full description
A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well
Full description
Swiss Federal Audit Office
, issued in 2015
Risk cases: 4
Auditing the National Rationing System
to the rules and regulations in order to make an assessment of soundness of the Ration system and its related operations. ... The audit was to investigate the data quality, validity and reliability of two sub-systems (Ration Card and Ration Distribution) of a National Rationing System (Ration System) with the comparison ... Unreliable databases trigger all kinds of possible problems ... Ministry responsible for functioning of the National Rationing System developed to automate and optimize the delivery of essential subsidized commodities to eligible beneficiaries and providing state ... with reliable information fails its job.
Full description
to the rules and regulations in order to make an assessment of soundness of the Ration system and its related operations. ... The audit was to investigate the data quality, validity and reliability of two sub-systems (Ration Card and Ration Distribution) of a National Rationing System (Ration System) with the comparison ... Unreliable databases trigger all kinds of possible problems ... Ministry responsible for functioning of the National Rationing System developed to automate and optimize the delivery of essential subsidized commodities to eligible beneficiaries and providing state ... with reliable information fails its job.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 4
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3