159
results found in
12 ms
Page 1
of 16
Report on the problems connected with the development and implementation of the digitally based Shared Medication Record
ensured an adequate level of IT security? 4) Has the Ministry of Health informed the Finance Committee of the Danish Folketing (parliament) correctly on the development and implementation of the SMR system? ... The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
ensured an adequate level of IT security? 4) Has the Ministry of Health informed the Finance Committee of the Danish Folketing (parliament) correctly on the development and implementation of the SMR system? ... The purpose of the examination was to assess whether the department of the Danish Ministry of Health, the Danish National eHealth Authority (NHA) and the five regions that are responsible ... for the hospitals have made an adequate effort to develop and implement the Shared Medication Record (SMR). With the SMR, data on the citizens’ medication can be shared across hospitals, general practitioners, etc ... ... Involvement of key participants necessary from the very beginning ... Digitally based Shared Medication Record is basis of the complex healthcare system. Rigsrevisionen analysed unsolved issues related to unclear business case, insufficient analysis of work flows ... and processes leading to implementation problems, governance not involving key players, and IT security organisation.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
The protection of IT systems and health data in three Danish regions
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
Security to be improved in IT systems with health data It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect there liability and availability of important health data used in the treatment of hospital patients. Based on the results of the study and the current threat scenario, Rigsrevisionen finds that basic security measures against cyber attacks and protection of access to IT systems and health data should be a top priority for Denmark’s five regions. Basic security measures in combination with management and control of user privileges can reduce the risk of compromising the regions’ IT systems and data considerably.
Full description
National Audit Office of Denmark
, issued in 2018
Risk cases: 3
Results of the development of the state’s information systems
, several measures have been implemented in the state to organise the development better and to guarantee that the systems are compatible. This audit gives an opinion of the results of development project ... The National Audit Office has repeatedly audited the management and development of the state’s information technology (IT) area in the last ten years. The last audit was performed in 2005. After that ... management and the state’s coordination mechanism in this process. ... ... Success and failure depend on preparation ... Conclusions of performance IT audit based on a sample of government projects: business portal, land register, e-police, fire safety monitoring system, childcare information system and the document ... management system of the Defence Forces. Key problems and discussion with auditees are presented.
Full description
, several measures have been implemented in the state to organise the development better and to guarantee that the systems are compatible. This audit gives an opinion of the results of development project ... The National Audit Office has repeatedly audited the management and development of the state’s information technology (IT) area in the last ten years. The last audit was performed in 2005. After that ... management and the state’s coordination mechanism in this process. ... ... Success and failure depend on preparation ... Conclusions of performance IT audit based on a sample of government projects: business portal, land register, e-police, fire safety monitoring system, childcare information system and the document ... management system of the Defence Forces. Key problems and discussion with auditees are presented.
Full description
National Audit Office of Estonia
, issued in 2010
Risk cases: 3
Management of IT security in systems outsourced to external suppliers
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
Security to be improved in IT processes outsourced to external suppliers When IT processes are outsourced to external suppliers, the authorities no longer have direct control of the IT security, but remain responsible for managing the security of the IT. Authorities that fail to manage IT security actively based on risk assessments, and omit to monitor the implementation of these requirements, will not be able to determine if the level of IT security in the outsourced systems safeguards their systems and data. This is how the conclusion of the Rigsrevisionen starts. The Danish auditors noticed improvement in the audited entities, but they add that tha majority of the auditees: can refine their requirements for and follow-up on access control and logging practices
Full description
National Audit Office of Denmark
, issued in 2016
Risk cases: 3
Cyber Attacks: Securing Agencies’ICT Systems
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... posture of the selected agencies, based on their implementation of the four mandated mitigation strategies and IT general controls. In the government sector, the Australian Signals Directorate (ASD) has ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps. ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching
Full description
were considered serious enough to warrant a Cyber Security Operations Centre response. <br/> The protection of Australian Government systems and information from unauthorised access and use is a key ... posture of the selected agencies, based on their implementation of the four mandated mitigation strategies and IT general controls. In the government sector, the Australian Signals Directorate (ASD) has ... Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion ... ... Cyber-security strategy needs consistent implementation and periodic reviews ... application, 3. patching operating systems, 4. minimising administrative privileges. Analysis by the ANAO helps to fill gaps and to direct next steps. ... List of 35 mitigation controls against cyber intrusions are a basic tool of information security strategy of the Australian Government. Top four are: 1. application whitelisting, 2. patching
Full description
The Australian National Audit Office
, issued in 2014
Risk cases: 3
The Board of Audit and Inspection (BAI) conducted an audit on the information systems in the area of service delivery to improve the system’s efficiency and convenience.
for citizens in the welfare and employment sectors by utilizing the renewed information infrastructure.<br/> However, the information system of some government ministries proved to have overlapping functions ... and there was a noticeable lack of connectivity between them. Errors and omitted data by the administrators were discovered as well, leading to the citizens losing faith in the system. ... Korea was recognized as an Information Technology (IT) powerhouse by the international community of the UN in 2010. Such an achievement is attributable to the significant investments that the Korean ... Enormous IT investments require tremendous coordination ... Korean government is investing 1 trillion won in e-government projectsevery year. Thus, the country has earned a reputation for the IT powerhouse. Apart from undeniable advantages, the huge scale ... and the speed, the information technologies are implemented with, cause some problems to be tackled. The SAI Korea turns special atention to two of them: overlapping functionalities and interconnectivity issues.
Full description
for citizens in the welfare and employment sectors by utilizing the renewed information infrastructure.<br/> However, the information system of some government ministries proved to have overlapping functions ... and there was a noticeable lack of connectivity between them. Errors and omitted data by the administrators were discovered as well, leading to the citizens losing faith in the system. ... Korea was recognized as an Information Technology (IT) powerhouse by the international community of the UN in 2010. Such an achievement is attributable to the significant investments that the Korean ... Enormous IT investments require tremendous coordination ... Korean government is investing 1 trillion won in e-government projectsevery year. Thus, the country has earned a reputation for the IT powerhouse. Apart from undeniable advantages, the huge scale ... and the speed, the information technologies are implemented with, cause some problems to be tackled. The SAI Korea turns special atention to two of them: overlapping functionalities and interconnectivity issues.
Full description
Board of Audit and Inspection of Korea
, issued in 2011
Risk cases: 3
Auditing the National Rationing System
The audit was to investigate the data quality, validity and reliability of two sub-systems (Ration Card and Ration Distribution) of a National Rationing System (Ration System) with the comparison ... to the rules and regulations in order to make an assessment of soundness of the Ration system and its related operations. ... Unreliable databases trigger all kinds of possible problems ... Ministry responsible for functioning of the National Rationing System developed to automate and optimize the delivery of essential subsidized commodities to eligible beneficiaries and providing state ... with reliable information fails its job.
Full description
The audit was to investigate the data quality, validity and reliability of two sub-systems (Ration Card and Ration Distribution) of a National Rationing System (Ration System) with the comparison ... to the rules and regulations in order to make an assessment of soundness of the Ration system and its related operations. ... Unreliable databases trigger all kinds of possible problems ... Ministry responsible for functioning of the National Rationing System developed to automate and optimize the delivery of essential subsidized commodities to eligible beneficiaries and providing state ... with reliable information fails its job.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 4
Municipalities’ internal control system – Audit of the establishment and operation of the internal control system of municipalities – on the audit of Rudabánya
Incomplete internal control The SAI Hungary published the compliance audit of the establishment and operation of the internal control system, as well as certain investment decisions, their implementation and accounting at the Local Government of Rudabánya. Apart from positive findings, some accounting irregularities and insufficient controls established to ensure organisational integrity were pointed out.
Full description
Incomplete internal control The SAI Hungary published the compliance audit of the establishment and operation of the internal control system, as well as certain investment decisions, their implementation and accounting at the Local Government of Rudabánya. Apart from positive findings, some accounting irregularities and insufficient controls established to ensure organisational integrity were pointed out.
Full description
State Audit Office of Hungary
, issued in 2018
Risk cases: 2
Traffic Ticketing information system
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic ... tickets) and also the internal environment of the System that guarantees the quality of its performance and safety. ... Security can hinder effectiveness ... SAI of Kuwait analysed system supporting collection of the traffic tickets - data input, processing and management. What was found was lack of basic safety measures, that hindered the effectiveness ... of the system.
Full description
State Audit Bureau of Kuwait
, issued in 2014
Risk cases: 3
Building and Implementing the Phoenix Pay System
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Expensive IT project became a failure Phoenix project (development of states pay system) was an incomprehensible failure of project management and oversight. Phoenix executives prioritized certain aspects, such as schedule and budget, over other critical ones, such as functionality and security. Phoenix executives did not understand the importance of warnings that the Miramichi Pay Centre, departments and agencies, and the new system were not ready. They did not provide complete and accurate information to deputy ministers and associate deputy ministers of departments and agencies, including the Deputy Minister of Public Services and Procurement, when briefing them on Phoenix readiness for implementation.
Full description
Office of theAuditor Generalof Canada
, issued in 2018
Risk cases: 3