41
results found in
11 ms
Page 1
of 5
Extract from the report to the Public Accounts Committee on the access to IT systems that support the provision of essential services to the Danish society
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
The report is focused on the significant risk that is associated with inadequate management and control of domain administrator privileges, which makes it possible for unauthorized persons to obtain ... access to the IT systems and data of the institutions. Rigsrevisionen has not examined for what specific purposes unauthorized access to the institutions’ systems and data can be used. ... ... Inadequate management and control of domain administrator privileges ... The Danish report concerns the measures - taken by six government institutions of various branches of State activities - to protect IT systems and data that support the provision of essential ... services to the Danish society from unauthorized access, obtained on the basis of domain administrator privileges.
Full description
National Audit Office of Denmark
, issued in 2015
Risk cases: 4
State funds spent on development, operation and using of data centres services
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... supply of services, as well as opposite results of workforce reduction.
Full description
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... supply of services, as well as opposite results of workforce reduction.
Full description
Supreme Audit Office of Czech Republic
, issued in 2015
Risk cases: 7
Protection of automatically processed personal data
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2013
Risk cases: 2
Material–technical supply of the State Police
The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... . The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
The main aim of the audit was to obtain assurance about whether the State budget funds allocated for material–technical supply of functions of the State Police were legitimate and efficient ... . The audit included inspections performed at the State Police, the Ministry of the Interior and the Information Centre and focused on: the Biometric data processing system and the Criminal Procedure ... information system. ... ... Essential role of pre-project evaluation ... SAI of Latvia reveals chain of events that lead to unsuccessful implemenation of two important IS of the State police. What started with an absence of the strategy ended up with budget, time ... overruns and an IS not ready for effiecient use.
Full description
State Audit Office of the Republic of Latvia
, issued in 2013
Risk cases: 6
Submission of data to national databases in municipalities, towns and cities
must be clearly financed from the state budget. It was also assessed whether the measures taken by database managers have been sufficient to guarantee that local authorities submit all required data ... and that these data are correct. ... The National Audit Office analysed the activities of the database managers following a ruling made by the Supreme Court in 2010, which stated that the public functions assigned to local authorities ... ... Funds as basic factor of data processing ... The NAO of Estonia audited the activities of state agencies in the management of the database selected for the audit, to which local authorities are obliged to submit data. It was found that in most ... cases the state does not compensate the costs of data submission for local governments.
Full description
must be clearly financed from the state budget. It was also assessed whether the measures taken by database managers have been sufficient to guarantee that local authorities submit all required data ... and that these data are correct. ... The National Audit Office analysed the activities of the database managers following a ruling made by the Supreme Court in 2010, which stated that the public functions assigned to local authorities ... ... Funds as basic factor of data processing ... The NAO of Estonia audited the activities of state agencies in the management of the database selected for the audit, to which local authorities are obliged to submit data. It was found that in most ... cases the state does not compensate the costs of data submission for local governments.
Full description
National Audit Office of Estonia
, issued in 2013
Risk cases: 1
Effectiveness of internal controls in the protection of personal data in national databases
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Storage of Electronic Documents and Data at the National Archives of Latvia
Ever since electronic documents with legal force equivalent to that of paper documents have entered our daily lives and the majority of state administration processes have been transferred ... to electronic information systems, the role of the archives has become unclear — whether an inhabitant can rely on that the archives will be able to issue statements in the areas, which are currently processed ... in electronic form, many years later.<br/> The audit concerning the storage of electronic documents was carried out in order to assess the development of the area of electronic document circulation and storage ... ... Do Archives ensure the storage of e-documents? ... National archives fulfil an important function for storing the documentary heritage and became one of the most important sources of information. But after electronic documents have entered our daily ... lives and majority of state administration processes have been transferred to electronic information systems, the archives still have a lot of work to do for improving the storage of electronic documents ... . SAI Latvia analysed causes of over 12 years with no progress in this domain.
Full description
Ever since electronic documents with legal force equivalent to that of paper documents have entered our daily lives and the majority of state administration processes have been transferred ... to electronic information systems, the role of the archives has become unclear — whether an inhabitant can rely on that the archives will be able to issue statements in the areas, which are currently processed ... in electronic form, many years later.<br/> The audit concerning the storage of electronic documents was carried out in order to assess the development of the area of electronic document circulation and storage ... ... Do Archives ensure the storage of e-documents? ... National archives fulfil an important function for storing the documentary heritage and became one of the most important sources of information. But after electronic documents have entered our daily ... lives and majority of state administration processes have been transferred to electronic information systems, the archives still have a lot of work to do for improving the storage of electronic documents ... . SAI Latvia analysed causes of over 12 years with no progress in this domain.
Full description
State Audit Office of the Republic of Latvia
, issued in 2015
Risk cases: 3
Report on the government’s processing of confidential data on persons and companies
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... e-government and make government administration more efficient.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
Preparations and realization of the State A-levels
operation was performed from May to November 2011. The audited period extended from January 1, 2005, to June 30, 2011; where relevant, the data from the previous period and the period until the end ... The aim of the audit was to scrutinise the utilisation of the state budget and EU budget funds that had been spent on preparing and implementing the State A-levels examinations. The auditing ... of the auditing operation were also scrutinized. Among the audited bodies were the Ministry of Education, the Education Result Survey Centre, and the National Institute for Further Education. The auditing operation ... ... Begin with good strategy ... Analyzing problems of state examinations system, Czech Republic SAI found that commonplace strategy effected in shortsighted planning, poor procurement and disadvantageous contracting.
Full description
operation was performed from May to November 2011. The audited period extended from January 1, 2005, to June 30, 2011; where relevant, the data from the previous period and the period until the end ... The aim of the audit was to scrutinise the utilisation of the state budget and EU budget funds that had been spent on preparing and implementing the State A-levels examinations. The auditing ... of the auditing operation were also scrutinized. Among the audited bodies were the Ministry of Education, the Education Result Survey Centre, and the National Institute for Further Education. The auditing operation ... ... Begin with good strategy ... Analyzing problems of state examinations system, Czech Republic SAI found that commonplace strategy effected in shortsighted planning, poor procurement and disadvantageous contracting.
Full description
Supreme Audit Office of Czech Republic
, issued in 2011
Risk cases: 4
Report on the problems connected with the development and implementation of the digitally based Shared Medication Record
. and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
. and relevant health staff and the patients have direct digital access to updated medical data round the clock. The report answers the following questions: 1) Has the Ministry of Health and the NHA provided ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2