Reports Search Reports Spatial Search Risk-cases Search Risk-cases Graph Traversal
58 results found in 10 ms Page 1 of 6
General and Creation Control of the Information Systems of the Ministry of Foreign Affairs
The objective of the audit was to assess general and creation control of the information systems of the Ministry of Foreign Affairs. Since the beginning of 2009, the Ministry of Foreign Affairs has ... achieved considerable progress in the management of the information systems. The auditors reviewed and assessed all key elements of the process. ... Overview of problems - area by area ... SAI Lithuania looked into all critical elements of a Ministry's information system, starting from IT architecture, through information security to automation of data processing.
Full description
National Audit Office of the Republic of Lithuania , issued in 2013
Risk cases: 4
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
. In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... of the commission’s fiscal years 2015 and 2014 financial statements. GAO’s objective was to determine the effectiveness of information security controls for protecting the confidentiality, integrity, and availability ... of SEC’s key financial systems and information. To do this, GAO examined information security policies, plans, and procedures; tested controls over key financial applications; interviewed agency officials ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
General Accountability Office , issued in 2016
Risk cases: 5
Effectiveness of internal controls in the protection of personal data in national databases
of internal controls which must ensure the accuracy and preservation of data and avoid information leaks. ... The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia , issued in 2008
Risk cases: 2
Identifying and meeting central government's skills requirements
Start with well managed responsibilities UK Departments have invested heavily in skills development. Government estimates that expenditure on formal training, including salary costs of departmental learning and development staff, was £275 million in 2009-10. NAO identified weaknesses of the system which start with devolved responsibilities, lead to: weak data, mis-profiled trainings, doubtful personal decisions, lack of well-targeted evaluation - and finish at more expensive buying-in and retaining key skills...
Full description
National Audit Office , issued in 2011
Risk cases: 6
Data security and positions with access to confidential information
. The 2007 Civil Service Data Information Security Decree (in Dutch: VIR 2007) is the legal foundation of the first part of this audit (data security). The Security Screening Act (in Dutch: WVO ... This government wide audit on information security and positions with access to confidential information has been performed at all ministries ans for each ministry also at one of the agencies ... ) is the foundation of the second part (positions with access to confidential information). Only four of the organizations we have audited show an acceptible level of compliance with the 2007 Civil Service Data ... ... Shortcomings in information security and in positions with access to confidential information ... Surprising weaknesses were revealed by the NCA in its Government-wide operational audit performed as part of the 2011 audit into the state of central government accounts: Poor quality of data ... protection policy and poor protection of information systems. Also, non vetted positions with access to confidential information.
Full description
Netherlands Court of Audits , issued in 2012
Risk cases: 3
Homeland Security. Oversight of Neglected Human Resources Information Technology Investment Is Needed
Human resources IT investments get stuck in management's lack of interest Although the Human Resources Information Technology (HRIT) investment was initiated about 12 years ago with the intent to consolidate, integrate, and modernize the department's human resources IT infrastructure, the Department of Homeland Security (DHS) has made very limited progress in achieving these goals. HRIT's minimally involved executive steering committee during a time when significant problems were occurring was a key factor in the lack of progress. This is particularly problematic given that the department's ability to efficiently and effectively carry out its mission is significantly hampered by its fragmented human resources. DHS's ineffective management of HRIT, such as the lack of an updated schedule and a life-cycle cost estimate, also contributed to the neglect this investment has experienced. DHS will be limited in efficiently tracking and reporting accurate, comprehensive performance and learning management data across the organization, and could risk further implementation delays.
Full description
US Government Accountability Office , issued in 2016
Risk cases: 1
Audit of the Government, Government-guaranteed and Municipal Debt Management Information Systems in the Ministry of Finance of the Republic of Bulgaria
? The audit covered the period from 01.01.2013 to 31.12.2013 and investigated four major areas: IT system strategy and general management; IT security and controls against disasters; Operational controls ... and Documentation; Application Controls. ... The main audit question studied during the audit was: Are the government, government-guaranteed (SDMS) and municipal debt management information systems (CMDR) at the Ministry of Finance effective ... ... Even effective and modern IT systems require improvements and updates to ensure their security and accountability ... the established system is effective and provides updated, complete and correct information. Nevertheless the audit report points out areas of security, application controls as well as documentation as the subjects ... For the management of the government, government-guaranteed and municipal debt the Ministry of Finance has established an advanced integrated information infrastructure. According to Bulgarian SAI ... that need further improvement and optimization.
Full description
Bulgarian National Audit Office , issued in 2014
Risk cases: 3
FEMA Needs to Address Management Weaknesses to Improve Its Systems
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
General Accountability Office , issued in 2016
Risk cases: 4
Report to the Public AccountsCommittee on mitigation of cyber attacks
security controls that can increase security and mitigate cyber attacks. International studies have concluded that three central security controls can prevent the majority of the currently known types ... have addressed the risk of cyber attacks and whether they have implemented these three security controls. ... This report concerns the action taken by Danish government bodies to prevent cyber attacks. Behaving sensibly in cyberspace to avoid attacks is important, but should be supplemented by technical ... Three basic security measures are often neglected ... Government agencies are open for cyber attacks because they often forget to respect three basic IT security measures. The three measures are: 1. technical restriction on programs downloading; 2 ... . limited use of local administrators rights; 3. systematic software updates.
Full description
National Audit Office of Denmark , issued in 2013
Risk cases: 3
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark , issued in 2016
Risk cases: 3
58 results found. Page 1 of 6 next