Report of Mr. V. K. Shunglu, Comptroller and Auditor General of India and Chairman of the INTOSAI Standing Committee on EDP Audit to the XVI INCOSAI.
Montevideo, Uruguay: November 1998
Mr. Chairman and distinguished colleagues,
I have the honour to present this report on the INTOSAI Standing Committee on EDP Audit.
The INTOSAI Standing Committee on EDP Audit was constituted in June 1989 and completes 9 years of operation. The central objective of the Committee is to support SAIs in developing their knowledge and skills in the use and audit of Information Technology (IT). Towards this end the Committee is mandated to provide information and facilities for exchange of experiences, and to encourage bilateral and regional co-operation.
A major milestone for the Committee was the adoption of a work plan for 1995-98 during the XV Congress of INTOSAI in September-October 1995 at Cairo. This has formed the basis of the committee's activities in the past 3 years. The steady increase in the membership of the committee is a measure of its growing relevance . The membership now stands at 18 from the original 12. The present composition of the Committee is given in the annexure to this report.
AREAS OF OPERATION:
The Committee has three main areas of operation, each of which was originally assigned to a separate Working Group within the Committee :-
* Audit of EDP-based accounting systems and EDP support in auditing
* Performance auditing of use of EDP systems
* Use of EDP in SAI’s own administration
The original convenors of these working groups were Canada, Sweden and UK. The working groups were reconstituted into two at the April Meeting of the Committee in 1997 viz:
Working Group I: Performance Auditing of the use of EDP Systems with Sweden as convenor.
Working Group II : Audit of EDP-based accounting systems, EDP audit training and EDP support in auditing with UK as Convenor.
The committee has met twice at London and Stockholm since the XV INCOSAI where the status of various projects were reviewed , priorities were established and plan of action for each project determined.
I will now briefly describe the status of various projects.
In the area of "Information Interchange" several activities have taken place. The INTOSAI EDP directory has been updated and is available both in a printed form and as a CD. Six issues of the journal intoIT have been published and circulated to all members of INTOSAI and have been well received. The Second Seminar on IT Performance Audit was held in May this year and it covered 6 theme areas. Participants from 20 SAIs attended this seminar. The seminar output is programmed for circulation in December 1998. A new product -an Electronic Compilation of SAI Mandates- has been produced on a CD for use as a reference tool. This incorporates the mandates of over 125 member SAIs. I am also happy to inform the delegates that initial steps to host a Web site for the committee have been taken .
In the area of "Knowledge and Skill Development", IT Audit Courseware has been developed and circulated to the Regional Working Groups of INTOSAI. Course Overviews have been circulated to all member SAIs. Additionally a Reference List of Materials on Performance Audit was circulated to all SAIs in February 1997.
In the area of "Knowledge Development and Transfer" a draft paper was prepared on EDI and Paperless Audit by SAI Sweden and articles have appeared in the Third Issue of intoIT. A short paper on Auditing in a Client Server Environment has been prepared and circulated for suggestions and comments .This will be followed up by an article in intoIT. Further a research paper on Performance Audit Methods for Analysing Effectiveness of Use of New Technologies has been produced by SAI Sweden and has been published as a special one item issue of intoIT(7th issue). Though not part of the Work plan, the Year 2000 Problem, on account of its topicality and its potential impact, was taken up as a project. Articles on the subject would feature in the 8th Issue of intoIT. The topic was also discussed during the 2nd Performance Auditing Seminar .
I now come to the Work Plan of the Committee till the XVII INCOSAI. We continue to group all planned activities and projects under the three broad areas namely Information Interchange ; Knowledge and Skill Development and Knowledge Development and Transfer.
In the field of Information Interchange the committee plans to continue publication of two issues of intoIT annually . Beginning from the 9th issue intoIT will also feature on the Committee's Webpage. The EDP Directory has been appreciated for its contribution in furthering bilateral and regional co-operation by providing an information base for SAIs .The 3rd update of the directory would be available in 2001. As part of the established practise of dealing with complex issues through periodic seminars , it is planned to organise another Seminar on Performance Audit in 2001 in Slovenia. The Committee Webpage would be further developed after taking into account views of members. The current Compilation of SAI Mandates would be updated to include mandates of remaining SAIs as also to reflect any changes in the mandates. Members are requested to apprise us of their mandates/changes to enable us to periodically update this compilation.
On the activities relating to Knowledge and Skill Development , feedback would be obtained from different regions on their experiences in using the IT Audit Courseware and based on this , the courseware can be updated. The possibility of producing a CD-ROM version of the courseware would also be explored. Building up on the basic IT Audit Courseware , the committee will prepare Advanced Training Modules in selected and specialised areas. The Reference List of Materials on IT Performance Auditing will be kept updated throughout the 3 years , through articles in intoIT and the Committee Webpage
The committee plans to continue with its activities in pursuance of its declared objective of supporting and promoting development and transfer of knowledge relating to IT audit. The work on the project EDI and the Paperless Audit will continue and EDI and its audit implications will be the focus of a future issue of intoIT. As regards the study Auditing in a Client Server Environment , a revised paper will be printed as an article in the intoIT. The Year 2000 problem will be kept in focus through articles and news items in intoIT, as also on the Internet Webpage of the Committee. The committee also plans to initiate three new studies in the areas of Audit implications of IT infrastructure Management, Detection and Prevention of IT related fraud and Computer related Communications Security.
On behalf of my colleagues in the Committee and myself , I thank the Chairman and my distinguished colleagues for their guidance, encouragement and support to this committee.
ANNEXURE:
LIST OF MEMBERS OF THE COMMITTEE:
|
India (Chairman) |
Austria |
Barbados |
Brazil |
|
Canada |
Colombia |
Costa Rica |
Cuba |
|
Ecuador |
France |
Kiribati |
Kuwait |
|
Japan |
Russian Federation |
Slovenia |
Sweden |
|
UK |
Zimbabwe |