24
results found in
22 ms
Page 1
of 3
Audit on the current management and supervision of information protection and cyber security in the financial sector
- Evaluation of management and supervision of information protection and cyber security in the financial sector - Evaluation of current state of security management system in the financial sector ... - Based on a sample of 10 public institutions and 9 financial institutions. ... Information Protection and cyber security in the financial sector ... SAI Korea reviewed 10 public and nine financial institutions. Their analysis shows how the lack of evaluation at management level can result in decrease of stakeholders' confidence or even ... in economic damage.
Full description
- Evaluation of management and supervision of information protection and cyber security in the financial sector - Evaluation of current state of security management system in the financial sector ... - Based on a sample of 10 public institutions and 9 financial institutions. ... Information Protection and cyber security in the financial sector ... SAI Korea reviewed 10 public and nine financial institutions. Their analysis shows how the lack of evaluation at management level can result in decrease of stakeholders' confidence or even ... in economic damage.
Full description
Board of Audit and Inspection of Korea
, issued in 2011
Risk cases: 2
Effectiveness of internal controls in the protection of personal data in national databases
of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Coordination of Infrastructure Works by Metropolitan Municipalities
of Interior, as administrative trusteeship, improves policies and legal arrangements relating to coordination of infrastructure works to bring in necessary measures with a view to leveraging effectiveness ... Rapid population growth at metropoles as well as dense and planless structuring, especially in İstanbul and Ankara, have lead to an increase in demand for utilities services and consequently ... , in the resources used for the construction and maintenance of utilities. Moreover, in cities with dense population, damages to roads and sidewalks during the construction and maintenance of utilities cause problems ... ... ... Start geographic information system with cooperation rules and digital maps ... Organization of geographic and infrastructure information systems is an especially difficult task when bacause vast and intense coordination is necessary. The Turkisch Court of Accounts lists ... problems that reduce use and rise costs of this fundamental task.
Full description
of Interior, as administrative trusteeship, improves policies and legal arrangements relating to coordination of infrastructure works to bring in necessary measures with a view to leveraging effectiveness ... Rapid population growth at metropoles as well as dense and planless structuring, especially in İstanbul and Ankara, have lead to an increase in demand for utilities services and consequently ... , in the resources used for the construction and maintenance of utilities. Moreover, in cities with dense population, damages to roads and sidewalks during the construction and maintenance of utilities cause problems ... ... ... Start geographic information system with cooperation rules and digital maps ... Organization of geographic and infrastructure information systems is an especially difficult task when bacause vast and intense coordination is necessary. The Turkisch Court of Accounts lists ... problems that reduce use and rise costs of this fundamental task.
Full description
Turkish Court of Accounts
, issued in 2008
Risk cases: 2
Effectiveness of the Tax Administration of the Republic of Slovenia in the execution of modernisation projects of the Slovenian duty information system and decreasing the number of duty sub-accounts
and decreasing the number of duty sub-accounts, had created severe difficulties for the Tax Authority, the taxpayers, duties recipients and other stakeholders. ... The Tax Administration of the Republic of Slovenia (hereinafter: the Tax Administration) is responsible for collecting taxes, fees and other compulsory levies (hereinafter: duties ... ). These are the revenue of the state budget, municipal budgets, the Health Insurance Institute of Slovenia, the Institute for Pension and Disability Insurance of Slovenia (hereinafter: duties recipients) and indirectly ... ... Shaky coordination of investments in important systems ... Slovenian SAI traced a series of problems in management of crucial IT investments in tax administration. Apart from promising goals, unclear business case gave a start to many problems at next stages ... of the project, involving additional spendings, delays and errors in data processing.
Full description
and decreasing the number of duty sub-accounts, had created severe difficulties for the Tax Authority, the taxpayers, duties recipients and other stakeholders. ... The Tax Administration of the Republic of Slovenia (hereinafter: the Tax Administration) is responsible for collecting taxes, fees and other compulsory levies (hereinafter: duties ... ). These are the revenue of the state budget, municipal budgets, the Health Insurance Institute of Slovenia, the Institute for Pension and Disability Insurance of Slovenia (hereinafter: duties recipients) and indirectly ... ... Shaky coordination of investments in important systems ... Slovenian SAI traced a series of problems in management of crucial IT investments in tax administration. Apart from promising goals, unclear business case gave a start to many problems at next stages ... of the project, involving additional spendings, delays and errors in data processing.
Full description
Court of Audit of the Republic of Slovenia
, issued in 2014
Risk cases: 7
THE CYBER SECURITY ENVIRONMENT IN LITHUANIA
The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... ... Cyber-security is much more than preventing incidents ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... ... Cyber-security is much more than preventing incidents ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 6
Performance measurement by regulators
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
Performance measurement for regulators Primary adressees of this good practice guide - by the British NAO - are regulators, the public institutions established for making sure that an industry or system works legally and fairly. But we are sure that many more can find this guidance useful - including auditors. NAO presents a comprehensible framework for performance measurement and hints how to focus on influence that regulators can use.
Full description
National Audit Office
, issued in 2016
Risk cases: 2
Digital transformation in government
Support exemplars, provide consistent guidance... and do not lose focus As the NAO states: Government faces significant challenges in providing public services. While many government services are now available online, public administration is struggling to manage more complicated programmes and to improve the complex systems and processes that support public services.
Full description
Support exemplars, provide consistent guidance... and do not lose focus As the NAO states: Government faces significant challenges in providing public services. While many government services are now available online, public administration is struggling to manage more complicated programmes and to improve the complex systems and processes that support public services.
Full description
National Audit Office
, issued in 2017
Risk cases: 4
Australian Taxation Office: Administration of Australian Business Number Registrations
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
The Australian National Audit Office
, issued in 2003
Risk cases: 3
Products sold on the European market: unravelling the system of CE marking
Problems with general picture The Netherlands National Court of Audit was interested in finding out whether anyone keeps track of all the actors involved in the process of system of European Union product markings. The interest was aroused by an observation that the vast majority of the questions raised about the system were prompted by incidents and that the questioners did not generally appear to be interested in the operation of the system as a whole...
Full description
Problems with general picture The Netherlands National Court of Audit was interested in finding out whether anyone keeps track of all the actors involved in the process of system of European Union product markings. The interest was aroused by an observation that the vast majority of the questions raised about the system were prompted by incidents and that the questioners did not generally appear to be interested in the operation of the system as a whole...
Full description
The Netherlands Court of Audit
, issued in 2017
Risk cases: 5
Online fraud
Uneven response to online fraud This type of fraud can affect everyone, but yet it is not a strategic priority for local police forces and the response from industry is uneven. UK NAO underlines: For too long, as a low-value but high-volume crime, online fraud has been overlooked by government, law enforcement and industry. It is a crime that can affect everyone. Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response. Yet fraud is not a strategic priority for local police forces, and the response from industry is uneven.
Full description
Uneven response to online fraud This type of fraud can affect everyone, but yet it is not a strategic priority for local police forces and the response from industry is uneven. UK NAO underlines: For too long, as a low-value but high-volume crime, online fraud has been overlooked by government, law enforcement and industry. It is a crime that can affect everyone. Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response. Yet fraud is not a strategic priority for local police forces, and the response from industry is uneven.
Full description
National Audit Office
, issued in 2017
Risk cases: 6