139
results found in
14 ms
Page 3
of 14
Effectiveness of internal controls in the protection of personal data in national databases
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
Management of Police Information Resources
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
Police tasks of the necessary data are processed departmental registers, information systems, automated data processing systems and networks where information is stored, processed and transferred ... , monitoring, evaluation and coordination and other aspects of registers and IS strategic management. The audited period was 2012-2014. For the analysis, there were used previous data and data of 2015 ... to the classified information. The police department has all of these information resources, so the audit focused on the activities and actions of the Department to ensure planning and organizing of the recourses ... ... Fundamentals of IT organisation ... Review by SAI Lithuania makes readers aware that nowadays it is difficult to develop a larger IT system without whole conceptual infrastracture: planning composed into strategy of the organisation ... and well understood architecture of information. Well functioning IT management structures, which on the other hand may sound trivial, were proved here as the key to success.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2015
Risk cases: 4
Australian Taxation Office: Administration of Australian Business Number Registrations
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
More elligibility and data integrity needed The Australian Business Number (ABN) and Australian Business Register initiatives were implemented as part of theGovernment's comprehensive reform of the taxation system in 2000. Their introduction involved challenging issues of technology and governance , including the imperative to process and register significant numbers of applications in a short time. Overall, the Australian SAI concluded that the ABN registration process is operating effectively. However, matters relating to the eligibility of some ABN applicants need to be reviewed. Further, some data integrity issues remain outstanding.
Full description
The Australian National Audit Office
, issued in 2003
Risk cases: 3
State funds spent on development, operation and using of data centres services
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... supply of services, as well as opposite results of workforce reduction.
Full description
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... supply of services, as well as opposite results of workforce reduction.
Full description
Supreme Audit Office of Czech Republic
, issued in 2015
Risk cases: 7
The information system of the Public Real Estate Registry does not enable the recording of data in a completely efficient manner
Users to be involved SAI Serbia analysed the Public Real Estate Registry. Starting from missing involvement of users, primary goals of the project were not met. Key issues regarding data input and access are discussed in the text.
Full description
Users to be involved SAI Serbia analysed the Public Real Estate Registry. Starting from missing involvement of users, primary goals of the project were not met. Key issues regarding data input and access are discussed in the text.
Full description
State Audit Institution
, issued in 2019
Risk cases: 3
Smart tax administration system
Smart tax vs. shadow economy Lithuanian taxpayers use the e-services and the Lithuanian state uses a data analytics centre to handle part of the identified data modelling. The smart tax administration project's objetives are to enhance the positive processes. As the SAI Lithuania discovered, due to the implementation weaknesses, however, the project's success may be partially reduced.
Full description
Smart tax vs. shadow economy Lithuanian taxpayers use the e-services and the Lithuanian state uses a data analytics centre to handle part of the identified data modelling. The smart tax administration project's objetives are to enhance the positive processes. As the SAI Lithuania discovered, due to the implementation weaknesses, however, the project's success may be partially reduced.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2019
Risk cases: 5
Traffic Ticketing information system
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 3
General and Creation Control of the Information Systems of the Ministry of Foreign Affairs
achieved considerable progress in the management of the information systems. The auditors reviewed and assessed all key elements of the process. ... The objective of the audit was to assess general and creation control of the information systems of the Ministry of Foreign Affairs. Since the beginning of 2009, the Ministry of Foreign Affairs has ... Overview of problems - area by area ... SAI Lithuania looked into all critical elements of a Ministry's information system, starting from IT architecture, through information security to automation of data processing.
Full description
achieved considerable progress in the management of the information systems. The auditors reviewed and assessed all key elements of the process. ... The objective of the audit was to assess general and creation control of the information systems of the Ministry of Foreign Affairs. Since the beginning of 2009, the Ministry of Foreign Affairs has ... Overview of problems - area by area ... SAI Lithuania looked into all critical elements of a Ministry's information system, starting from IT architecture, through information security to automation of data processing.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2013
Risk cases: 4
Open Government Data - Are all exceptions to the principle of cost-free access and reuse legitimate?
The United Kingdom, a country seen, like the United States, as a pioneer in open public data, has estimated at £6.8bn (€7,9bn) the revenue in 2010 and 2011 generated for British society by open ... public data, of which £5bn (€5.8bn) is profit. As an example, a start-up has highlighted the existence of areas in which massive savings can be made by analysing prescriptions of patented drugs ... models for all existing fee regimes applied to the use of public data, notably by auditing the relevant costs and revenue" and has entrusted to me the task of providing input for that assessment.<br ... ... Open data strategy should decide the costs problem ... French Cour des comptes presents analysis on implementation of the open data practice across the administration. Massive savings are expected, when public access to large amounts of highquality data ... is made easy. France is among the pioneers and countries making the most rapid progress in this domain. Charges for the reuse of the public information has been identified as the main problem.
Full description
The United Kingdom, a country seen, like the United States, as a pioneer in open public data, has estimated at £6.8bn (€7,9bn) the revenue in 2010 and 2011 generated for British society by open ... public data, of which £5bn (€5.8bn) is profit. As an example, a start-up has highlighted the existence of areas in which massive savings can be made by analysing prescriptions of patented drugs ... models for all existing fee regimes applied to the use of public data, notably by auditing the relevant costs and revenue" and has entrusted to me the task of providing input for that assessment.<br ... ... Open data strategy should decide the costs problem ... French Cour des comptes presents analysis on implementation of the open data practice across the administration. Massive savings are expected, when public access to large amounts of highquality data ... is made easy. France is among the pioneers and countries making the most rapid progress in this domain. Charges for the reuse of the public information has been identified as the main problem.
Full description
Cour des comptes
, issued in 2013
Risk cases: 1