Parallel Audit on Biometric Passports - Overall Results (anonymised)
and implementing the regulation on standards for security features and biometrics in passports and travel documents issued by the member states. The aim is to develop and maintain efficient and secure biometric ... A biometric passport (or ePassport) contains biometric information which serves to authenticate the identity of travellers. Biometric passport management is the process of establishing ... passport production procedures (see page 5). ... EUROSAI ITWG: Parallel Audit on Biometric Passports ... Swiss SAI summed up results of audits concluded in seven countries (Belgium, Latvia, Lithuania, Norway, Portugal, Switzerland). The evaluation of the reported results showed that the overall passport ... process is generally under control while a couple of high-risk findings were identified in the non-process-specific assessments. In the non-process-specific assessments, most of the countries found ... deficiencies and weaknesses related to the IS/IT system and the IT management. Medium risks have been identified in the area of laws and regulations, cost-benefit realisation and transparency, as well
Full description

State funds spent on development, operation and using of data centres services
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... supply of services, as well as opposite results of workforce reduction.
Full description

Management and protection of assets in the field of the information-communication technologies at the ME SR
) with emphasis on the use of the information technology (IT) services provided by the third parties. The vast amount of irregularities was found, especially many cases of failure to comply with the standards ... The Supreme Audit office of the Slovak Republic (SAO SR) has conducted the audit at the Ministry of Environment of the Slovak Republic (ME SR) for the audit period 2011 and 2012 to examine ... the compliance with the generally binding legal regulations and the general statues in the field of the information-communication technologies (ICT) and the information systems of the public administration (ISPA ... ... Started from contracting, ended in security ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept ... and ended in exposing the organization to high security risks.
Full description

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA
The purpose of the audit was to assess whether cyber security is being ensured in Lithuania. In view of this goal, we assessed whether: (1) an effective cyber security system has been set up; (2 ... ) cyber security is ensured in public establishments. During the audit, the SAI Lithuania analysed current regulation, strategic planning and management practices in the field of cyber security ... and electronic information security as well as the funds allocated and used in this area. The SAI evaluated whether the cyber security and electronic information security objectives detailed in planning documents ... ... Cyber-security is much more than preventing incidents ... SAI Lithuania determined that the issue of ensuring and increasing cyber security and resilience has not been effectively addressed at the national level. The focus has primarily been on reacting ... to and preventing incidents in cyber space, which means that traditional issues related to electronic information security (confidentiality, integrity, accessibility) have been neglected, and from 2015, not enough ... attention has been paid to development, legislation, improvement of organisational structure, etc. in this field.
Full description

Incorrect payments in social insurance - Control activities of the Swedish Social Insurance Agency
In 2014 the social insurance system accounted for six per cent of GDP. The long-term sustainability of a system of that magnitude requires that the public perceives its purpose to be important ... , that it is well administered and that it is as free of abuse as possible. It must also be financially stable over time, since major fluctuations impact other areas of the central government budget. When ... these things function as they should, the system is perceived to be legitimate and enjoys public confidence.<br/> According to available estimations, almost SEK 20 billion had been paid out incorrectly from ... Balance of priorities needed to reduce incorrect payments ... Role of social insurance in public finance is so substantial that reduction of incorrect payments' volume is matter of huge savings. The Swedish NAO noted positive initiatives by the Social Insurance ... Agency in this regard. However they found also, that serious problems can stem from giving higher priority to the speed of payment and customers satisfaction. They both are undoubtedly important features ... of each system, still, the prevention of incorrect payments needs strategic support to be really effective.
Full description

Management and protection of assets in the field of the information-communication technologies at the AO SR
The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... with the state assets, the compliance with the generally binding legal regulations and the general statues in the field of the ISPA. There were 24 irregularities found, mainly in the field of the protection ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking.
Full description

Prevention Activities Against Traffic Accidents
Performance Audit Studies covering certain IT Issues related to Prevention Activities Against Traffic Accidents. It aims to contribute to the continuous improvement of prevention activities against ... traffic accidents, which are dramatically leading to loss of life and property. Examination and evaluation of the Traffic Information Systems (TIS) under the traffic control headline. TIS' main purpose ... is to conduct the traffic control activities efficiently with the help of systematic data. Objective of this audit was to contribute to the continuous improvement of prevention activities against traffic ... ... ... You need a way more than IT, to make an IT system successful ... SAI of Turkey examined the Traffic Information Systems and found out that not only IT infrastructure determined the audited IT project's outcomes. There were also non-IT issues that decided: low ... quality of driving education, poor technical infrastruture, as well as lack of monitoring and coordination at prioritization stage.
Full description

The National Offender Management Information System (NOMIS)
This report examines the reasons for the delays and cost increases to the original integrated information system and, since the moratorium imposed by the Minister of State in order to seek options ... for project’s cost reduction, the aims of the revised National Offender Management Service (NOMS) and the progress made, the impact of the delays and rescoping on the costs and benefits achieved, and NOMS ... ’ fitness to deliver. The aim of one integrated information system (C-NOMIS i.e. National Offender Management Information System) was to improve information sharing about offenders; address the lack ... Rescoping necessary, but not fully successful ... An initiative to build a single offender management IT system for the prison and probation services has not delivered value for money. The NAO investigation found the project had been hampered ... by poor management leading to a three-year delay, a doubling in project costs and reductions in scope and benefits.
Full description

Management and implementation of 1BestariNet
1BestariNet Service Project (1BestariNet) is an initiative undertaken by the Malaysian Ministry of Education (MOE) to replace and enhance ICT connectivity in schools. It is an enhancement ... to the SchoolNet service which terminated on 31 December 2010 with emphasis on end-to-end solutions (E2E) network services together with Virtual Learning Environment (VLE). Under this project, 10,000 primary ... and secondary public schools in Malaysia are equipped with high-speed 4G Internet access and a virtual learning platform, providing high-speed internet connectivity and access to a world-class Integrated Learning ... ... To answer big risks in IT systems development you need all levels of organisation ... Audit of 1BestariNet is presented by the Malaysian National Audit Department together with other IT projects reviewed. A result is this concise and instructive list of lessons learnt and failures ... to be avoided. To maximize performance and minimize vendor lock-in you need a lot of concerted effort by top and line management, as well as users ready to work with new tools.
Full description

Is the project 'E-health in Latvia' a step towards the right direction?
Objective of the audit was to verify efficiency and productivity of the actions by the institutions in charge for implementation of the e-health, as well as to audit economy and productivity of use ... of funds invested in the project for achievement of set objectives and gaining the planned benefits. Audit covered such main questions: 1) Will the e-health policy be able to solve problems and achieve ... the objective? 2) Are the actual activities performed by the National Health Service justified for achievement of the set objectives? 3) Will necessary information security and personal data protection be ensured ... E-health is a step forward in right direction, but not all objectives will be reached! ... Project “E-health in Latvia” supports healthy lifestyle, it will provide valuable and accessible information and will promote more efficient provision of services to patients. It is undoubtedly ... a step towards the right direction then. However, as found the Latvian SAI, the e-health policy will not be implemented within the initially planned scope and deadline and within set data security levels ... , thus the objective of this policy – to promote more effective provision of healthcare services will be attained only partially.
Full description