41
results found in
9 ms
Page 1
of 5
Opportunities Exist for FAA to Improve Airport Terminal Area Safety Efforts
Inefficient use of data The US GAO examined various issues related to runway safety and to update its prior work on airport terminal areas. Their findings point at inefficient use of data, which may lead to more risk and to inefficient targeting their limited resources.
Full description
Inefficient use of data The US GAO examined various issues related to runway safety and to update its prior work on airport terminal areas. Their findings point at inefficient use of data, which may lead to more risk and to inefficient targeting their limited resources.
Full description
US Government Accountability Office
, issued in 2019
Risk cases: 3
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
. In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... of the commission’s fiscal years 2015 and 2014 financial statements. GAO’s objective was to determine the effectiveness of information security controls for protecting the confidentiality, integrity, and availability ... of SEC’s key financial systems and information. To do this, GAO examined information security policies, plans, and procedures; tested controls over key financial applications; interviewed agency officials ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
. In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... of the commission’s fiscal years 2015 and 2014 financial statements. GAO’s objective was to determine the effectiveness of information security controls for protecting the confidentiality, integrity, and availability ... of SEC’s key financial systems and information. To do this, GAO examined information security policies, plans, and procedures; tested controls over key financial applications; interviewed agency officials ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
General Accountability Office
, issued in 2016
Risk cases: 5
Federal Human Resources Data
Internal control weaknesses may put mission at risk GAO audited the Enterprise Human Resources Integration payroll data warehose. The American auditors pointed at problems that may impede 'leverage of these data to meet its mission and allow others to make full use' of them. The critical internal contols areas to be improved in this cas are: completeness, accuracy, and validity of information, authorization, documentation, monitoring, results' evaluation.
Full description
Internal control weaknesses may put mission at risk GAO audited the Enterprise Human Resources Integration payroll data warehose. The American auditors pointed at problems that may impede 'leverage of these data to meet its mission and allow others to make full use' of them. The critical internal contols areas to be improved in this cas are: completeness, accuracy, and validity of information, authorization, documentation, monitoring, results' evaluation.
Full description
General Accountability Office
, issued in 2016
Risk cases: 2
The Shared Services Centre
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The Australian National Audit Office
, issued in 2016
Risk cases: 2
IT Support in the Judicial Chain
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree. ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work
Full description
The Swedish National Audit Office has examined how well agencies in the judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided ... the agencies with sufficient prerequisites to expand and improve IT support. ... ... Needed: good conditions by government, better steering and control by authorities ... . The authorities, in their turn, need to improve their steering and control, as well as interact to a much higher degree. ... Despite many years’ of work to modernize the IT support within the judiciary, there are still many deficiencies. The Government has not given the authorities good conditions enough to lead the work
Full description
Swedish National Audit Office
, issued in 2011
Risk cases: 3
FEMA Needs to Address Management Weaknesses to Improve Its Systems
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
General Accountability Office
, issued in 2016
Risk cases: 4
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Improved Planning and Performance Measures Are Needed to Help Ensure Successful Technology Modernization
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
Massive modernization effort needs coordination Social security issues can touch lives of many. Information technology in this area are increasingly costly and difficult to maintain. GAO is recommending to develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities to help ensure effective oversight.
Full description
General Accountability Office
, issued in 2012
Risk cases: 3
Conflicts of interest
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
First, recognise the conflicts of interest are a real risk the British NAO gathered a significant amount of intelligence on conflicts, particularly in the health and education sectors. These are areas of government where services are increasingly commissioned and delivered by parties at arm’s-length to departments. Conflicts of interest can occur naturally as a product of the way a system is designed and most often arise from operational situations.
Full description
National Audit Office
, issued in 2015
Risk cases: 8
Prevention Activities Against Traffic Accidents
traffic accidents, which are dramatically leading to loss of life and property. Examination and evaluation of the Traffic Information Systems (TIS) under the traffic control headline. TIS' main purpose ... is to conduct the traffic control activities efficiently with the help of systematic data. Objective of this audit was to contribute to the continuous improvement of prevention activities against traffic ... Performance Audit Studies covering certain IT Issues related to Prevention Activities Against Traffic Accidents. It aims to contribute to the continuous improvement of prevention activities against ... ... ... You need a way more than IT, to make an IT system successful ... SAI of Turkey examined the Traffic Information Systems and found out that not only IT infrastructure determined the audited IT project's outcomes. There were also non-IT issues that decided: low ... quality of driving education, poor technical infrastruture, as well as lack of monitoring and coordination at prioritization stage.
Full description
traffic accidents, which are dramatically leading to loss of life and property. Examination and evaluation of the Traffic Information Systems (TIS) under the traffic control headline. TIS' main purpose ... is to conduct the traffic control activities efficiently with the help of systematic data. Objective of this audit was to contribute to the continuous improvement of prevention activities against traffic ... Performance Audit Studies covering certain IT Issues related to Prevention Activities Against Traffic Accidents. It aims to contribute to the continuous improvement of prevention activities against ... ... ... You need a way more than IT, to make an IT system successful ... SAI of Turkey examined the Traffic Information Systems and found out that not only IT infrastructure determined the audited IT project's outcomes. There were also non-IT issues that decided: low ... quality of driving education, poor technical infrastruture, as well as lack of monitoring and coordination at prioritization stage.
Full description
Turkish Court of Accounts
, issued in 2008
Risk cases: 4