15
results found in
13 ms
Page 1
of 2
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
FEMA Needs to Address Management Weaknesses to Improve Its Systems
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
Controls in emergency management GAO audited the agency of the Department of Homeland Security, responsible for federal efforts to mitigate, respond to, and recover from disasters. American auditors recommend that the agency fully define its investment board’s roles and responsibilities and procedures for selecting and overseeing investments, update its strategic plan and complete plans for IT modernization, and establish time frames for completing workforce planning efforts. The agency should also establish policies and guidance for implementing key IT management controls.
Full description
General Accountability Office
, issued in 2016
Risk cases: 4
Use of consultants and temporary staff
New skills needed in a longer term UK NAO: Used well, consultants and temporary staff can be an important source of specialist skills and capabilities that are uneconomic for departments to maintain in their permanent staff. Since 2009-10, the government has used spending controls to reduce its use of consultants and temporary staff, and by 2014-15 spending had fallen by £1.5 billion. However, spending has increased by between £400 million and £600 million since 2011-12, suggesting that this was more of a short-term reduction than a sustainable strategy. In the longer term, departments will need to develop workforce, skills and capacity plans to reduce their dependence on external skills. They will need to improve their strategic workforce planning to determine where they can deploy existing staff, where they need to recruit, and where they need to engage temporary resources. Without this, departments cannot demonstrate that they are achieving value for money from the use of consultants and temporary staff.
Full description
New skills needed in a longer term UK NAO: Used well, consultants and temporary staff can be an important source of specialist skills and capabilities that are uneconomic for departments to maintain in their permanent staff. Since 2009-10, the government has used spending controls to reduce its use of consultants and temporary staff, and by 2014-15 spending had fallen by £1.5 billion. However, spending has increased by between £400 million and £600 million since 2011-12, suggesting that this was more of a short-term reduction than a sustainable strategy. In the longer term, departments will need to develop workforce, skills and capacity plans to reduce their dependence on external skills. They will need to improve their strategic workforce planning to determine where they can deploy existing staff, where they need to recruit, and where they need to engage temporary resources. Without this, departments cannot demonstrate that they are achieving value for money from the use of consultants and temporary staff.
Full description
National Audit Office
, issued in 2016
Risk cases: 7
VETERANS’ HEALTH CARE - Preliminary Observations on VHA’s Claims Processing Delays and Efforts to Improve the Timeliness of Payments to Community Providers
Due to increases in expenditures and utilization of VA care in the community services in recent years, VHA has had difficulty processing claims in a timely manner. In planning to consolidate its ... VHA’s timeliness in processing claims; (3) community providers’ experiences; and (4) VHA’s recent actions and plans to improve its claims processing and payment timeliness. To conduct its ongoing work ... existing VA care in the community programs, as required by law, the agency said it will examine strategies for improving the timeliness and accuracy of its payments to community providers.<br ... Data processing hold back by technology limitation, workload and administrative burden ... US GAO analyzed all factors of slower processing and user unfriendliness that occur sometimes to the veterans healthcare. The main focus is data processing - and it has been proved that it can ... be failing not only because of technology, but also because of work-process design, staff and organisation.
Full description
Due to increases in expenditures and utilization of VA care in the community services in recent years, VHA has had difficulty processing claims in a timely manner. In planning to consolidate its ... VHA’s timeliness in processing claims; (3) community providers’ experiences; and (4) VHA’s recent actions and plans to improve its claims processing and payment timeliness. To conduct its ongoing work ... existing VA care in the community programs, as required by law, the agency said it will examine strategies for improving the timeliness and accuracy of its payments to community providers.<br ... Data processing hold back by technology limitation, workload and administrative burden ... US GAO analyzed all factors of slower processing and user unfriendliness that occur sometimes to the veterans healthcare. The main focus is data processing - and it has been proved that it can ... be failing not only because of technology, but also because of work-process design, staff and organisation.
Full description
General Accountability Office
, issued in 2016
Risk cases: 6
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
of SEC’s key financial systems and information. To do this, GAO examined information security policies, plans, and procedures; tested controls over key financial applications; interviewed agency officials ... The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
of SEC’s key financial systems and information. To do this, GAO examined information security policies, plans, and procedures; tested controls over key financial applications; interviewed agency officials ... The SEC is responsible for enforcing securities laws, issuing rules and regulations that provide protection for investors, and helping to ensure that the securities markets are fair and honest ... . In carrying out its mission, the SEC relies on computerized information systems to collect, process, and store sensitive information, including financial data. Having effective information security controls ... IT security basics under scrutiny ... Financial audit by US GAO was accompanied by an IT examination focused on information security measures in the Securities and Exchange Commission (SEC). GAO found that SEC’s systems could ... be compromised, because of risks jeopardizing the confidentiality, integrity, and availability of sensitive financial information.
Full description
General Accountability Office
, issued in 2016
Risk cases: 5
The National Government Service Centre – Has administration become more effective?
The purpose of this audit has been to investigate whether the Service Centre has made administrative operational support functions taken over from client agencies more effective, and to find ... explanations for the results so far achieved by the Service Centre. The audit has also aspired to illustrate how agencies that do not subscribe to the services regard their potential for doing so ... . These viewpoints have been analysed with a special focus on the conditions that applied to the Service Centre when it was formed and the measures taken by the Government and the Service Centre in the first years. ... ... Has Swedish public administration become more effective? ... then introduced a rigorous review of its expenditure, for example for some planned development initiatives for internal procedures and support systems.<br/>The Swedish NAO noted that the Government’s steering ... The Service Centre – payroll and financial administration IT system for Swedish public agencies under the government – has achieved the target of a subscription rate of 25 per cent of the total ... number of state employees. However, subscription to the Service Centre was initially slower than the Government had predicted and meant lower revenues than expected in autumn 2013. The Service Centre
Full description
The purpose of this audit has been to investigate whether the Service Centre has made administrative operational support functions taken over from client agencies more effective, and to find ... explanations for the results so far achieved by the Service Centre. The audit has also aspired to illustrate how agencies that do not subscribe to the services regard their potential for doing so ... . These viewpoints have been analysed with a special focus on the conditions that applied to the Service Centre when it was formed and the measures taken by the Government and the Service Centre in the first years. ... ... Has Swedish public administration become more effective? ... then introduced a rigorous review of its expenditure, for example for some planned development initiatives for internal procedures and support systems.<br/>The Swedish NAO noted that the Government’s steering ... The Service Centre – payroll and financial administration IT system for Swedish public agencies under the government – has achieved the target of a subscription rate of 25 per cent of the total ... number of state employees. However, subscription to the Service Centre was initially slower than the Government had predicted and meant lower revenues than expected in autumn 2013. The Service Centre
Full description
Swedish National Audit Office
, issued in 2016
Risk cases: 2
Management of Information Resources of the Ministry of the Interior
of the audit was to assess the management of information resources in the Ministry of the Interior. We assessed how the Ministry ensures planning and organisation, monitoring, assessment and coordination ... Many activities of the Ministry of the Interior require the use of information resources that are of great significance to the entire State, such as the state and departmental registers, and public ... information systems. Whereas the Ministry has failed to implement some of the public audit recommendations of 2007 and 2010,6 we analysed, whether there have been any positive changes in the field of IT ... ... Process maturity examination can help in IT audit ... Main risk areas in case of this audit were strategic and organisational - Ministry’s weak ownership of IT resources, insufficient audit and internal control function. SAI Lithuania auditors found ... also flaws in change management and security processes. But the finding, which gave them the key to the root cause of problems, was connected with maturity assessment of the auditee's IT processes.
Full description
of the audit was to assess the management of information resources in the Ministry of the Interior. We assessed how the Ministry ensures planning and organisation, monitoring, assessment and coordination ... Many activities of the Ministry of the Interior require the use of information resources that are of great significance to the entire State, such as the state and departmental registers, and public ... information systems. Whereas the Ministry has failed to implement some of the public audit recommendations of 2007 and 2010,6 we analysed, whether there have been any positive changes in the field of IT ... ... Process maturity examination can help in IT audit ... Main risk areas in case of this audit were strategic and organisational - Ministry’s weak ownership of IT resources, insufficient audit and internal control function. SAI Lithuania auditors found ... also flaws in change management and security processes. But the finding, which gave them the key to the root cause of problems, was connected with maturity assessment of the auditee's IT processes.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2016
Risk cases: 4
Homelessness
Homelessness grows despite increased spendings to reduce it British NAO analyses the root-causes of unsuccessful effort to reduce homelessness in England. They point at a side effect of the Goverment reform of welfare reform and at lack of full impact assessment.
Full description
Homelessness grows despite increased spendings to reduce it British NAO analyses the root-causes of unsuccessful effort to reduce homelessness in England. They point at a side effect of the Goverment reform of welfare reform and at lack of full impact assessment.
Full description
National Audit Office
, issued in 2016
Risk cases: 3
The Shared Services Centre
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The necessary environment for the efficient management of the Shared Service Center is lacking The department's administration of the Shared Services Centre (SSC) has been effective for sharing resources between the departments and delivering selected back-office services to a small client base. However, the governance arrangements established to oversight the SSC have not positioned it well for the future and the departments have not yet determined if the arrangement is efficient and resulting in savings. ANAO found instances where the advisory board of SSC was not consulted or involved in decisions relating to the strategic direction, financial arrangements and expenditure priorities. Information reported to the board did not focus on areas of strategic importance and the quality and completeness of this information could be improved. The mechanisms established for setting out responsibilities and obligations and ensuring transparency for services delivered by the SSC was weak. Service standards and levels were not fixed and can change. The delineation of responsibilities between the SSC and its clients was not clear and there was no commitment by the SSC to certify the quality of its control framework.
Full description
The Australian National Audit Office
, issued in 2016
Risk cases: 2
Federal Agencies Need to Address Aging Legacy Systems
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
Be aware of legacy IT risks The US government spends about 75 percent of the total amount budgeted for information technology on operations and maintenance. GAO reviewed Office of Management and Budget and 26 agencies, covering years 2010 through 2017 and recommends to develop a goal for spending measure and finalize guidance to identify and prioritize legacy IT needing to be modernized or replaced.
Full description
General Accountability Office
, issued in 2016
Risk cases: 3