IT Performance Audit: Links to Published Audit Reports
Updated: Thursday October 02, 2008
Index
Australia - Australian National Audit Office
Bermuda - Office of the Auditor General
Canada - Office of the Auditor General of Canada
Denmark - National Audit Office of Denmark
Estonia (Riigikontroll)
Finland - State Audit Office
Hong Kong - Audit Commission
India - Office of the Comptroller and Auditor General
Israel - Office of the State Comptroller and Ombudsman
Ireland - Office of the Controller and Auditor General
Japan - Board of Audit of Japan
Korea - The Board of Audit and Inspection
Malta - National Audit Office
Mauritius - Office of the Director of Audit
New Zealand - Office of the Comptroller and Auditor-General
Norway - Riksrevisjonen (Office of the Auditor General of Norway)
Oman - State Audit Institution
Romania - Court of Accounts
Sweden - Riksrevisionen (Swedish National Audit Office)
Thailand - Office of the Auditor General of Thailand
Turkey - Turkish Court of Accounts
United Kingdom - UK National Audit Office
United States of America - Government Accountability Office
Australia
Australian National Audit Office
|
Report |
Summary |
|
Management of Internet Portals
at the Department of Family and Community Services |
The primary objective of the audit was to assess FaCS' (Department of Family and Community Services) management of the Internet portals for which it had responsibility as lead agency, www.youth.gov.au, www.community.gov.au, and www.families.gov.au. The ANAO also included in the audit a website directed towards youth. The source which provided many of the services expected of a portal. The audit considered governance structures for the portals; measurement of efficiency and effectiveness; and control factors, such as change management,security, and legal issues. |
|
Quality Internet Services for
Government Clients - Monitoring and Evaluation by Government Agencies |
The objective of this audit was: to form an opinion on the adequacy of selected agencies' approaches to monitoring and evaluation of government programs and services delivered on the Internet; and to identify better practices and opportunities for improvement. In order to achieve this objective, the audit examined the websites and Internet-delivered services of five agencies. |
|
The Australian Taxation
Office's Collection and Management of Activity Statement Information |
The audit reviewed the ATO's collection and management of activity statement information. The audit paid particular regard to: the environment into which activity statements were introduced; taxpayer concerns with activity statement administration; the mechanisms the ATO uses to capture and process activity statements; the change processes the ATO uses to change and test activity statement IT systems; and the management methodology used to report on, and assess the performance of, activity statement related systems and processes. |
|
Corporate Governance in the
Australian Broadcasting Corporation - Follow-up Audit |
In April 2002, the ANAO tabled Audit Report No.40 2001-02 'Corporate Governance in the Australian Broadcasting Corporation' ( the 2002 audit).. In August 2003, the ABC submitted a report to the Joint Committee of Public Accounts and Audit (JCPAA) on its progress in implementing the recommendations from the 2002 audit and the JCPAA report. This follow-up audit examined the ABC's implementation of recommendations from both reports, using the ABC's progress report as its base |
|
Information Technology in the
Department of Veterans' Affairs-Follow-up Audit |
The objective of this audit was to follow up DVA's (Department of Veterans' Affairs) implementation of the recommendations in Audit Report No. 44, 2000-01, Information Technology in the Department of Veterans' Affairs. The ANAO made two recommendations in the report (the second having five parts). The recommendations addressed the monitoring of IT changes; IT performance information; information systems model documentation; and the facilitation of the interpretation of performance information. |
|
The Implementation of CrimTrac |
The overall objective of the audit was to assess CrimTrac's progress in achieving the key deliverables it was established to provide, given that the agency had been in operation for some three years. The Australian Government provided $50 million for the implementation of CrimTrac, with an expectation that significant progress would be made within the first three years. The audit further examined whether CrimTrac had progressed the key deliverables efficiently and effectively, and whether the data either held by CrimTrac, or accessed through CrimTrac, for matching purposes is secure. |
|
Control Structures as part of
the Audit of Financial Statements of Major Australian Government Entities
for the Year Ending 30 June 2004 |
This report updates
the ANAO's assessment of audit findings relating to major entity internal
control structures, including governance arrangements, information systems
and control procedures through to March 2004. The findings summarised in
this report arise from the interim phase of the financial statement audits
of major Australian Government entities for 2003/2004. Examinations of
such findings are designed to assess the reliance that can be placed on
control structures to produce complete, accurate and valid information for
financial reporting purposes. |
|
Integrity of Medicare
Enrolment Data |
Medicare is
Australia's universal health insurance scheme. Underpinning Medicare is
one of Australia's largest and more complex computer databases the
Medicare enrolment database. At the end of 2004 the Medicare enrolment
database contained information on over 24 million individuals. This audit
examines the quality of data stored on that database and how the Health
Insurance Commission (HIC) manages the data. |
|
Measuring the Efficiency and
Effectiveness of E-Government |
This audit was
designed to identify the methods used by selected agencies to measure the
efficiency and effectiveness of their delivery of services through the
Internet, and to evaluate the adequacy of these methods. ANAO also
identified better practices, lessons learned and opportunities for
improvements. |
|
IT Security Management |
This audit is a
part of the ANAO's protective security audit coverage. The objective of
this audit was to determine whether agencies audited had developed and
implemented sound IT security management principles and practices
supported by an IT security control framework, in accordance with
Australian Government policies and guidelines. The audit at each agency
examined the framework for the effective management and control of IT
security, including the management of IT operational security controls
and, where applicable, was based on the Australian Government protective
security and information and communications technology (ICT) security
guidelines that were current at that time. |
|
Integrity of Electronic
Customer Records |
The audit examined
aspects of the integrity and management of customer data stored on ISIS.
In particular, the audit considered measures of data accuracy,
completeness and reliability. The scope of the audit also extended to
aspects of Centrelink’s IT control environment - in particular, controls
over data entry. |
|
Advance Passenger Processing |
The objective of
this performance audit was to assess whether DIMIA’s (Department of
Immigration and Multicultural Affairs) information systems and business
processes are effective in supporting APP to meet its border security and
streamlined clearance objectives. In particular, the audit focused on the
following: Mandatory APP - Stage 1 (MAPP1) project management; MAPP1 IT
development and system performance; APP performance reporting; contract
management; and financial management. |
|
Internet Security in
Australian Government Agencies |
The audit objective
was to form an opinion on the adequacy of a select group of Australian
Government agencies’ management of Internet security, including
following-up on agencies’ implementation of recommendations from the
ANAO’s 2001 audit. The agencies audited were Australian Customs Service (ACS),
Australian Federal Police (AFP), Australian Radiation Protection and
Nuclear Safety Agency (ARPANSA), Department of Employment and Workplace
Relations (DEWR), Department of Industry, Tourism and Resources (DITR) and
Medicare Australia. Factors considered in selecting agencies were agency
size based on funding levels, whether the agency was included in ANAO’s
2001 audit (ACS, ARPANSA, and DEWR), whether the agency’s ICT was managed
in-house or outsourced, and the nature of the agency’s website (that is,
general or restricted access). |
|
Tax Agent and Business Portals |
The objective of
the audit was to review the operation of the ATO’s (Australian Taxation
Office) Tax Agent and Business Portals. In conducting the audit the ANAO
examined three key areas: governance – the governance arrangements
supporting ongoing management of the Portals; portals development, user
satisfaction and realisation of expected benefits – the ATO’s processes
for involving users in developing the Tax Agent and Business Portals,
assessing user satisfaction, and evaluating business benefits arising from
uptake of the Portals; and information technology (IT) security and user
access controls – the ATO’s IT security environment and user access
controls supporting the operation of the Tax Agent and Business Portals. |
|
Recordkeeping including the
Management of Electronic Records |
The objective of
the audit was to assess the extent to which entities were meeting their
recordkeeping responsibilities. In particular, the audit examined how
effectively the entities were managing records that were created and
stored electronically in corporate recordkeeping systems and in other
electronic systems in accordance with recordkeeping requirements. |
|
Management of an IT
Outsourcing Contract - Follow-up |
The objective of
this follow-up audit was to assess the extent to which DVA (Department of
Veterans' Affairs) had implemented the recommendations from the original
audit during the period |
|
Recordkeeping in Large Commonwealth Organisations No. 7, tabled 24/09/03
|
Modern electronic records and knowledge management techniques have allowed many organisations to identify opportunities for better performance. Some organisations are beginning to move to new approaches to recordkeeping. This transition is being assisted by recent developments in the recordkeeping profession in Australia and internationally. In this respect, the National Archives of Australia (National Archives) has developed, for example, e-permanence recordkeeping standards for Commonwealth organisations. The audit objective was, for selected organisations, to: • assess whether recordkeeping policies, systems and procedures were in accordance with relevant Government policies, legislation, accepted standards and recordkeeping principles, and applicable organisational controls; and • identify better practices and recommend any improvements. |
|
Business Continuity Management and Emergency Management in Centrelink No. 9, tabled 23/10/03
|
The audit assessed whether Centrelink has effective Business Continuity Management and/or associated risk management procedures and plans in place that: minimise the likelihood of a significant business outage; and in the event of such an outage, minimise disruption of critical services to customers. The audit also assessed whether Centrelink services satisfy special community demands in times of emergency. |
|
Control Structures as part of the Audit of Financial Statements of Major Commonwealth Entities for the Year Ending 30 June 2003 No. 61, tabled: 30/06/2003
|
The report summarises audit findings relating to entity internal control structures arising out of the interim financial statement audits of 21 Major Commonwealth entities for the year ending 30 June 2003. The interim audit examinations seek to update the ANAO's assessment of the internal control environment of entities reviewed, so as to determine whether reliance can be placed on those control structures to produce complete, accurate and valid information for financial reporting purposes. |
|
Management of Specialist Information System Skills No. 56, Tabled: 25/06/2003
|
The objective of the audit was to report to Parliament on the progress Defence has made since June 2001 in implementing appropriate strategies for recruiting, developing and retaining skilled IT personnel. The audit focused on management of specialist information system skills and did not examine skills needed by users of information systems, although the latter is of obvious importance for overall performance. |
|
Goods and Services Tax Fraud Prevention and Control No. 55, Tabled: 24/06/2003
|
The audit reviewed the Australian Taxation Office's fraud prevention and control arrangements in relation to the Goods and Services Tax. The audit objective was to assess whether the ATO has implemented administratively effective GST fraud control arrangements, consistent with the Commonwealth Fraud Control Guidelines. |
|
Capitalisation of Software No. 54, Tabled: 23/06/2003
|
The audit examined the management of computer software assets at four Commonwealth bodies. It focused on the capitalisation of software for the purposes of annual financial reporting. The specific objectives were to: determine whether the selected bodies had established effective internal control frameworks for the capitalisation of externally acquired and internally developed software; and assess whether software costs were capitalised in accordance with organisational policy, accounting standards and relevant legislation. |
|
Business Continuity Management Follow-on Audit No. 53, Tabled: 23/06/2003
|
In January 2000, the ANAO published a Better Practice Guide (BPG) Business Continuity Management, Keeping the wheels in motion (the Guide). The Guide established that the objective of Business Continuity Management (BCM) is to ensure the uninterrupted availability of all key business resources required to support essential (or critical) business activities. This is achieved by organisations building resilience (controls and redundancy) into business operations to prevent, or minimise, the likelihood of business continuity risks occurring and, also, developing plans that minimise the impact should they occur. The primary objective of this audit was to examine BCM arrangements across four Commonwealth organisations, to assess whether their existing BCM frameworks ( or frameworks under development) exhibit the principles espoused in the Guide. At the Commonwealth - wide level, the ANAO considered the continuing relevance of the principles presented in the Guide. The ANAO concluded that the principles espoused in the Guide remain relevant to Commonwealth organisations when considering business continuity risks. The Guide also continues to provide useful information to assist organisations to establish and maintain BCM frameworks, controls and plans. |
|
Monitoring of Industry Development Commitments under the IT Outsourcing Initiative No. 36, Tabled 31/03/2003
|
The objective of the performance audit was to review the progress in the delivery of contractual commitments for Industry Development (ID) for the five contracts awarded under the IT Outsourcing Initiative. In particular, the audit examined the effectiveness of the monitoring by DCITA of achievement against contractual commitments for ID; assessed the impact of changes to the IT outsourcing environment on the management and monitoring of ongoing ID obligations; and identified practices that have improved administrative arrangements. |
|
Management of e-Business in the Department of Education, Science and Training No.33, Tabled 19/03/2003
|
The objective of the audit was to determine whether DEST has effective governance practices for its IT and e- Business; has adequate systems in place to measure the efficiency and effectiveness of its IT and e-Business; implements and maintains appropriate quality standards within its IT and e-Business systems; and implements proper controls, including risk management, to achieve maximum benefits from its IT and e- Business. The audit examined education and training services provided, or managed, by DEST via IT or the Internet. |
|
Physical Security Arrangements in Commonwealth Agencies No. 23, Tabled: 20/12/2002 |
Protective security involves the total concept of information, personnel, physical, information technology and telecommunications security. The Commonwealth's Protective Security policy is outlined in the Protective Security Manual (PSM). It provides specific guidance to agencies on the protection of the Commonwealth's assets, personnel and clients from potential security threats. This audit evaluated the protective security policies and practices of seven Commonwealth agencies to determine whether they had established an appropriate physical security control framework based on the principles outlined in Part E of the Commonwealth's Protective Security Manual. The ANAO also examined whether agencies had considered the risks of, and developed an appropriate policy statement on, the physical security arrangements for employees who work from home. |
|
Health Group IT Outsourcing Tender Process No.14, Tabled 29/10/2002 |
The objective of this performance audit was to examine and report on the selection of the preferred tenderer in the Health Group IT outsourcing process. In particular, the audit examined the circumstances surrounding OASITO's administration of the: disclosure to a tenderer of information provided by other tenderers; subsequent acceptance of a late re-pricing offer from a tenderer: and advice to the decision- maker leading to the selection of the preferred tenderer. |
|
Fraud control Arrangements in the Department of Veterans' Affairs No. 6, Tabled 29/08/2002
|
The ANAO reviewed arrangements for the development of the department's fraud policy, fraud risk assessment and fraud control plan within the core functional areas of the department that are responsible for these activities. The audit also examined the operational procedures and guidelines that were in place to implement the departments' fraud policy. The objective of the audit was to assess whether DVA has implemented appropriate fraud control arrangements in line with the Fraud Control Policy of the Commonwealth and whether these arrangements operate effectively in practice. |
|
Information Technology at the Department of Health and Ageing No.1, Tabled 18/07/2002
|
The overall objective of the audit was to determine whether Health's management and operation of selected IT systems: met industry better practice; met quality and service delivery parameters set by Health and, if applicable, by the Government; and operate effectively, efficiently and economically. The audit applied selected processes from CobiT (Control Objectives for Information and Related Technology) to assist with the assessment of key aspects of Health's management and operation of IT. The audit builds on ANAO's earlier IT audits using CobiT. |
|
Management of an IT Outsourcing Contract No. 46, Tabled: 06/05/2002 |
The Department of Veterans' Affairs (DVA) uses IT extensively in providing services to Australia's veteran and defence force communities. The audit reviewed DVA's management of its IT outsourcing contract. The audit considered DVA's planning to meet its strategic IT needs through the IT outsourcing contract, the provisions of the contract, contract administration, management of the impacts of the outsourced services on DVA's business and the outcomes of DVA's approach to the contract. |
|
Recordkeeping
|
Recordkeeping is an essential enabler in any organisation’s corporate governance and critical to accountability. Just as for other governance elements such as financial management or audit, it needs to be strategically and professionally managed. The audit objective was to: • assess whether organisations’ recordkeeping policies, systems and processes accord with requirements under the Archives Act 1983, with relevant government policies, and with accepted standards and recordkeeping principles; and • identify better practices and recommend any improvements to organisations’ current arrangements. |
|
Benchmarking
Implementation and Production Costs of Financial Management Information
Systems (FMISs)
|
In view of the significant level of investment by Commonwealth agencies in the implementation and production of FMISs, the ANAO, in conjunction with Gartner undertook a benchmarking study within the Commonwealth budget sector with the objective of determining and reporting on FMIS: • implementation and production costs; and • implementation timeframes. |
Bermuda
Office of the Auditor General
|
Report |
Summary |
| Special Report 2004 |
Includes report of Management Control Systems Audit carried out on the Bermuda Post Office. The overall conclusion is that full implementation of the Point of Sale computer system should be pursued as a matter of urgency, and that until full and effective implementation is achieved, physical and clerical control over the storage and issuance of stamps needs strengthening. |
|
Government Computer Environment and Controls March 2001 (.pdf, 302KB) (Extracted from 2000-2001 Annual Report - .pdf, 7.8MB) |
The Government of Bermuda relies heavily on its computers and computer systems. The central computer systems, in particular, are crucial to its ongoing ability to function administratively and to provide services to the citizens of Bermuda. The audit examined the computer environment, the main applications systems and the general computer related controls of the Government’s central computer systems. It focused particularly on entity-wide security, access controls, systems development and change controls, system software controls, segregation of duties, and service continuity arrangements. The controls were reviewed for appropriateness of purpose and design though, in many cases, the work did not extend to testing fully the operation and effectiveness of the controls. |
|
This report highlights our experience with implementing and using information technology (IT) solutions in order to improve the quality of the audit process. |
Canada
Office of the Auditor General of Canada
|
Report |
Summary |
|
Information Technology: Government On-Line February 2004 |
We examined GOL activities of the three main departments that deal most often with Canadian citizens and businesses—Human Resources Development Canada, the Canada Customs and Revenue Agency, and Industry Canada. Our audit indicated progress in implementing the GOL initiative across government and highlighted a number of issues and challenges that could help the government to set its GOL priorities for 2005 and beyond. |
|
Information Technology Security February 2005 |
We found that the revised Government Security Policy, which came into effect in February 2002, was an important step in strengthening security across government. However, the IT security standards to support its implementation in departments and agencies were either non-existent or out of date. Little information on the state of IT security across the government was available because few departments had audited their security programs or monitored their IT security. We also identified other issues that the government needed to address to improve IT security. |
|
Large Information Technology Projects November 2006 |
The federal government still has
serious difficulties managing large information technology (IT) projects,
despite the existence of a framework of best practices that dates back to
1998. Five of the projects were allowed to
proceed with a business case that was incomplete or out-of-date or
contained information that could not be supported. The majority of
projects examined were undertaken even though departments lacked the
appropriate skills and experience to manage the projects or the capacity
to use the system to improve the way they deliver their programs. |
|
Managing the Quality of Financial Information April 2003 (.pdf, 409KB) |
The objective of the audit was to determine whether the government has put in place appropriate systems, policies, and practices to manage the quality of financial information for managers. This consisted of the following two parts:
|
|
Information Technology Security
|
Audit revealed that the IT security standards that support the Government Security Policy were out-of-date and a plan to update them had yet to be completed. The security policy would not be fully effective without updated standards, setting out the minimum requirements that departments and agencies must meet. The standards are an essential tool for supporting appropriate IT security practices across government. |
|
The Auditor General of Canada reported that the federal government is handling successfully the acquisition of two large information technology (IT) projects totalling $120 million. However, large projects still take too long to get under way. The Auditor General also points to potential savings in the acquisition of microcomputers and network equipment. More important, he warns that software products are an area of risk that requires action now. |
Denmark
National Audit Office of Denmark
|
Report |
Summary |
|
3/05 The Danish Defence’s acquisition and
use of the DeMars IT system 2005 |
The report deals with the Danish Defence’s
acquisition and commissioning of the DeMars IT system. The purpose of
the report was to examine and evaluate whether the Defence’s acquisition
of DeMars has been satisfactory and whether the Danish Defence has
started using DeMars.
DeMars is intended to ensure effective planning, implementation and
follow-up on the Defence’s activities. DeMars is a shared administrative
system which includes all institutions of the Ministry of Defence,
except three institutions which are using Navision. The DeMars project
was completed in 2004. In terms of accounting, the project was completed
at year-end 2004.
In order to be able to fulfil the purpose of the examination, the NAOD
considered the project accounts of DeMars and the commissioning of the
system in several administrative areas. Finally, the examination deals
with the data quality of DeMars, the training of its users and the
preparation of management information on the basis of data in DeMars. |
|
4/02 Effect of seven IT projects implemented
in the state 2003 |
The report deals with the effect of state IT
projects. The purpose of the report is to examine the preliminary
studies serving as the basis for the development and implementation of
the selected IT projects, including assessment of the establishment of
objectives for the effects of the projects on institutional task
management. The further purpose of the study is to assess the extent to
which the selected projects fulfil the established objectives. A central element in the NAOD examination is to extract good examples from the examined IT projects and establish general recommendations for carrying out state IT projects. The report examines and assesses the extent and content of the analysis work carried out prior to the development of the IT projects. The study includes an assessment of whether, on the basis of the analysis, well-defined objectives for effectiveness have been established that can subsequently be tested, as well as whether the IT projects demonstrate the expected effects after being put into operation.
The report resulted in the establishment of eight recommendations for
carrying out state IT projects. The recommendations are aimed at
establishing objectives for the effects of the project in the
preliminary study, the basis for decisions regarding initiation of
project development and the concluding assessment. |
|
Statsrevisorernes beretning nr. 9/99 om gennemførelse af statslige edb-projekter ("The Implementation of Public IT Projects") The Public Account Committee’s report, No. 9/99, September 2000. ISSN 0108-3902, ISBN 87-7434-131-6 |
This report examines and assesses public IT projects in Denmark. It is based on questionnaires that were used to examine each participating organisation’s four most significant ongoing or completed IT projects during the period 1997-1999. The examination covered 20 departments and 58 agencies, and 124 IT projects amounting to a total value of about DKK 4.5 billion. The study examined the problems of delivering IT projects within budget and deadline, and delivering the originally specified functional requirements. It also examined the extent to which other countries experienced problems with public IT projects by comparing the results with similar examinations carried out in Sweden, Norway and Great Britain. On the basis of this examination, the National Audit Office of Denmark published 10 overall recommendations aimed at increasing competence and reducing the extent of future problems in public IT projects. The recommendations addressed IT project organisation, management, planning and implementation. |
|
Use of IT-tools
for statistic analysis and sampling
|
This paper briefly outlines how the National Audit Office of Denmark has integrated the use if IT-tools in the audit products. The following subjects are considered in the paper: the IT products and their use (IDEA, NT auditor etc), statistical sampling, analysis of accounting information, audit of general IT-controls, IT-tools for benchmarking, access to data, process audit and lessons learned. |
Estonia
State Audit Office of Estonia
|
Report |
Summary |
|
The Tiger Leap program in Estonian schools of general education. (.html - 2003) |
The Tiger Leap program brought computers and Internet to the schools, but the implementation of the development plan of the Tiger Leap Plus program in 2001 to 2005 should create the preconditions for using ICT facilities as an integral part of the learning process in all Estonian schools. The SAO examined the implementation of measures envisaged in the Tiger Leap Plus development plan in 2001 and 2002, comparing data to the earlier periods where necessary. |
|
Management of the development of information technology infrastructure of public libraries (html - 2001) |
Focuses on state activities in ensuring the wide availability of public information and services. |
Finland
State Audit Office
|
Report |
Summary |
|
120/2006 Developing online services in public administration 2006
|
The audit surveyed the development of online services in public administration in light of key objectives. It looked at how the work of different authorities and bodies has been coordinated and how projects have been initiated in developing online services and to what extent and on what grounds the state has allocated funds to projects involving online services. In addition to surveying current problems, the audit sought to draw attention to possible development recommendations. |
|
This report is a summary of audits concerning
physical data security which were conducted in the |
Hong Kong
Audit Commission
|
Report |
Summary |
|
Government's efforts
to promote e-business in Hong Kong March 2001
|
Audit has recently conducted a review on the Government’s efforts to promote e-business in Hong Kong. |
|
Management of information technology outsourcing and manpower resources
October 2000 |
The mission of the Information Technology
Services Department (ITSD) is to promote and enable the extensive
adoption and use of IT in the Government; to enable individuals,
businesses and the Government to interact easily and securely through
the use of IT; and to promote the wider use of IT in the community. |
|
- |
|
|
- |
|
|
- |
|
|
- |
The Government’s funding schemes for promoting technology development in industry. |
|
- |
The Government’s role in development of electronic data interchange for the business community. |
India
Office of the Comptroller and Auditor General
|
Report |
Summary |
|
Implementation of ERP in Indian Oil Corporation 2005
|
The Company, which decided to implement ERP solution, a state of the art technology, towards its IT re-engineering efforts and spent vast sums of money had failed to get full benefits of the system. This was a result of deficiencies in planning, monitoring, training and communication of the Company’s vision to all levels of the organisation, which led to delays, reliance on outside experts and lacunae in integration and implementation of the project. The Company also failed to comprehensively assess the risks and frame an effective mitigation strategy for the same. The system is working because of the expertise and involvement of individuals but improvements were not ingrained into all the relevant processes of the organisation as a whole. In order to complete all aspects of the re-engineering effort and exploit the full potential of the technology, the Company needs to focus on areas such as training, monitoring the processes and taking and analysing user feedback to plan and improve processes. |
|
IT Audit Of Billing System In Maharashtra State Electricity Board 2003
|
The billing system has poor general information technology controls especially regarding the security features such as access controls, passwords, login attempts and security breach reports. Thus the system was vulnerable to unauthorised access and data manipulation. The business rules in many cases were found to be improperly incorporated into the system along with insufficient application controls and validation checks resulting in revenue loss to the Board. Use of the system as an input to the management information system was virtually absent and there was poor coordination between the department of information technology/management information system and the user department. There is an urgent need to incorporate security controls and proper application controls through validation checks in the software. The Board should formulate and document an information technology policy to delineate the responsibilities and interaction between the department of information technology and the user departments. |
|
IT Audit Of Computerization Of Employment Exchanges In West Bengal 2005
|
The Directorate of Employment, West Bengal, through its network of Employment Exchanges, caters to the activities like registration of job seekers, renewal of registration and submission of list of eligible candidates to employers. Computerisation of 40 employment exchanges in the state was taken up along with network connectivity and the work was entrusted to the ET & TDC on turn key basis. However, even after spending Rs 6.52 crore, the computerised system installed in the employment exchanges have been lying inoperative for last 30 to 46 months owing to a default timer based lock implanted by the vendor, non completion of creation of data base, non installation of software due to abandonment of work by the vendor, largely frustrating the basic objective of the scheme. The application software also lacked in data processing and data manipulation controls. Absence of data disaster recovery strategy led to substantial data loss. |
|
IT Audit of the Integrated Bus Reservation System of Maharashtra State Road Transport Corporation. 2004
|
The online wide area networking system, had poor networking, operating, application and database security features and was hence vulnerable to unauthorized access and data/source code modification. These deficiencies had security implications in the absence of audit trails, system logs. Unauthorised business rule having bearing on the revenues of the Corporation was incorporated in the software. The database was not designed to capture critical data for grant of various concessions and validation checks were inadequate. |
|
IT Audit of Computerization of Transport Department Delhi Government 2005
|
The Transport department had incurred an expenditure of Rs. 9.84 crore as of March 2003 on computerisation of its activities including registration of vehicles and allied services, calculation/collection of fees and road tax, issue of permits, etc. In absence of a formal IT strategy and supporting policies and procedures, the applications lacked essential internal controls and validation checks. In the absence of the integrated database at Headquarters as well as in the 10 zonal offices, the very purpose of computerization to provide an efficient and reliable OLTP or to provide one point service to the applicant of any zone at any of the zonal offices without undue inconvenience or harassment remained unachieved. |
|
Information Technology Audit of eSeva - an e-Governance initiative by Government (.htm) 2003 |
Though Government launched a unique and conceptually a good project to put e-governance into action to provide a large number of services to citizens on one-stop-shop basis, the project suffered from lack of transparency, inefficient and ineffective implementation largely due to unpreparedness of the participating departments and inadequate coordination. The network was exposed to serious risks of physical access controls and logical controls. The key data and huge volumes of cash pertaining to various departments had been left to the administration of private operator without adequate internal controls. Data integrity, reliability, and safety across the project were also inadequate. |
|
Indian Customs: Electronic Data Interchange System. Report No.10 of 2002 (Indirect Taxes - Customs)
|
Indian Customs Electronic Data Interchange System (ICES) envisages acceptance of Customs documents electronically and exchange of information electronically with other agencies involved in international trade. The audit revealed: - that after nine years the project is far from complete- paragraph 2.5 (a)(i) - poor planning, inadequate allocation of resources - paragraph 2.5 (a)(iii) - no major gains in trade facilitation are visible - paragraph 2.5 (b) - poor financial estimating - paragraph 2.6 - that optimum value for money was not realized - paragraph 2.7 - delay completing site preparation had knock-on effects - paragraph 2.8 (a)(i) - poor workflow estimating - paragraph 2.9 (a) - imprudent selection of VSAT technology - paragraph 2.9 (b) - no open tendering for annual equipment maintenance - paragraph 2.9 (c) - no information security policy - paragraph 2.10 (b) to 2.10 (c) (iv) - failure to establish system controls - paragraph 2.10 (e) (ii) - deficiencies in data entry - paragraph 2.11 |
|
Review on Computerisation in the Income Tax Department. Report No.12 of 2000 (Direct Taxes) |
With a view to improve the efficiency and effectiveness of Direct Taxes administration and to create a database on its various aspects, a Comprehensive Computerisation programme was approved by the Government in October 1993. This review broadly covers two main aspects -- (i) procurement policy and (ii) the computerisation programme with reference to the objectives and its implementation. |
|
Information Technology Audit: General Principles. (IT Audit Monograph Series # 1)
|
Controls in a computer information system reflect the policies, procedures, practices and organisational structures designed to provide reasonable assurance that objectives will be achieved. The controls in a computer system ensure effectiveness and efficiency of operations, reliability of financial reporting and compliance with the rules and regulations........................ |
|
Planning questionnaire to be complete prior to an IT Application audit. |
Ireland
Office of the Comptroller and Auditor General
|
Report |
Summary |
|
VFM Report 51: Development of Human Resource Management System for the
Health Service (PPARS) |
The report presents the findings of a value for money examination on the development of a human resource management system for the health service (PPARS). The examination looked at the outturn on the project in terms of cost, time and functionality. It also reviewed how the project was planned and governed including the adequacy of the business appraisal, how change management was handled and the arrangements for the procurement and management of consultancy and technical support services as well as the extent to which the expected benefits are being realised |
Israel
Office of the State Comptroller and Ombudsman
|
Report |
Summary |
|
Preservation of Electronic Records |
The difficulty in managing and preserving electronic records produced by government authorities and in assuring access to them, is a challenge that requires appropriate preparation and organization. The issues raised in this report indicate the need for inter-ministerial collaboration for the creation of the necessary infrastructure for the preservation of electronic records. It would be proper for the government to address this matter. |
|
Using
Information Technology to Provide Government Services to the Public |
The Accountant-General’s Department in the Finance Ministry has taken many important steps to promote Online Government. Nevertheless, government offices still do not do enough to provide services through the government’s Online Payment Service. Online Government Project must define its powers, work program and budgetary framework. In order to implement the project and assure its success, it is necessary to draw up an overall program encompassing all the relevant offices and services. |
Japan
The Board of Audit of Japan
|
Report |
Summary |
| Implementation of
the training courses for citizens to acquire basic IT skills 2001 Report summary [No English version of full report available ] |
The Board of Audit reviewed the programme to provide IT training courses for about 5.5 million people. It found problems with the coverage and effectiveness of courses offered. |
| Procurement contracts for the
government's information systems and the framework for the promotion of the
computerization of the administration 2002 Report summary [No English version of full report available ] |
The Board looked at the way in which public bodies procure IT systems. It made recommendations to improve these mechanisms, in particular to centralise and share information |
|
An audit revealed a wasteful use (34% utilisation) of key items of data communications equipment within Local Area Networks operated by universities. Audit report from Fiscal Year 1996. |
|
|
Nippon Telegraph and Telegraph Corporation’s Leased Line Recovery Service under-utilised many transmission circuits, for which the installation costs totalled ¥192 million. Audit report from Fiscal Year 1993. |
|
|
Poor estimating combined with falling demand results in over-provision of telecommunications equipment. Audit report from Fiscal Year 1998.
|
Korea
The Board of Audit and Inspection of Korea
|
Report |
Summary |
| [Reports are
available from the Audit Reports
index page - please be patient while page loads and links activate)] |
|
| E-government project April 2006 |
The objective of this audit was to help the Korean government undertake the
e-Government project more efficiently by identifying issues or problems
encountered while implementing the projects and figuring out possible
solutions to such issues or problems.
To this end, the BAI
audited 11 central administrations including the Ministry of Government
Administration and Home Affairs (MOGAHA), four local governments and two
organizations established by the government including the National
Computerization Agency (NCA). |
|
Summary of the Audit Report : Broadband Network (.doc, 83KB) April 2003 |
Korea is trying to establish a nation-wide broadband information and communication network. To comprehensively review the developments and analyze the shortcomings of those efforts, the Board of Audit and Inspection conducted an audit of 14 government agencies including the Ministry of Information and Telecommunication and the Ministry of Government Administration and Home Affairs. |
|
Summary of the Audit Report : E-government Project (.doc, 100KB) Jan 2003 |
With the aim of becoming a strong knowledge and information power house, the Korean government invested a total of 7.7 trillion won on informatization to establish E-government from 1996 to 2002. From June to September 2002, Board of Audit and Inspection audited of 47 agencies, including the Minister of Information and Communication, on the implementation of e-government. To enhance the quality and reliability of the audit, 21 experts from government-run research centers and private companies participated in the audit process along with the officers of BAI. |
Malta
Office of the Auditor General
|
Report |
Summary |
|
2001 (.pdf, 4MB) |
This performance audit was carried out to determine whether the policy of introducing IT systems in school management was successfully realised and whether funds invested in the project were spent wisely. Among other things the audit found that criteria for adjudicating the tender gave relatively little weight to technical and functional consideration; project planning was poor; ownership on the part of the Education Division was lacking; the project management structure was lacking in that specific positions and roles were not clearly defined; and project implementation was initially resisted by school heads and staff and was thus delayed. Given this environment, the UK supplier failed to deliver a number of contracted deliverables. Only half of the modules of SIS were eventually delivered and these still carried severe defects. |
Mauritius
Office of the Director of Audit
|
Report |
Summary |
|
Government Information Technology Projects And The Regulatory Framework |
An audit of this project revealed that the:
|
|
An audit of this project revealed that:
|
New Zealand
Office of the Comptroller and Auditor-General
|
Report |
Summary |
|
Progress with priorities for health information management and
information technology March
2006 |
In October 2001, a report to the Ministry of
Health by the Working to Add Value through E-information (WAVE) Advisory
Board, known as the WAVE Report, brought together the health sector's
recommendations for making more effective use of health information. The
WAVE Report envisaged rapid change in 3 to 5 years, which is a demanding
timetable. This report looks at the progress made by the Ministry of Health, District Health Boards, and the health sector. The sector's ability to access and exchange information quickly is increasingly important to the delivery of high quality health care, and Parliament's Health Committee has expressed concern about the extent of progress since the WAVE Report was published. |
|
Case Study 2: The Auckland Libraries Smarter Systems Project 2004
|
The public libraries of the five local
authorities currently operate automated library management systems that
are due for replacement or major upgrade in the near future. The five local authorities identified an opportunity to work together to evaluate the costs, benefits, and feasibility of jointly purchasing a replacement library management system and, if these are proven, to proceed to purchase, implement, and jointly operate the system. |
|
Case Study 5: E-Local Government in the Auckland Region
2004 |
Eight Auckland local authorities first began evaluating the possible benefits of working together at the end of 1999. At its meeting of September 2000, the Auckland Chief Executives Forum directed staff to establish a working party to report on E-Local Government in the Auckland region. In October 2000, a proposal was put to the forum for a working party that would establish a vision for E-Local Government in the Auckland region, draw up strategies, and identify net benefits from co-operation. |
|
Case Study 7: Information Technology Outsourcing - Opotiki District
Council and Environment Bay of Plenty
2004 |
The agreement provided for IT servicing to the same standards as those adopted at Environment Bay of Plenty, help desk facilities to standard Environment Bay of Plenty response and escalation times, and Internet and e-mail support through a communications link to the Regional Council network. |
|
Case Study 9: The Regional Council Information Technology Consortium
2004 |
The Regional Council Information Technology
Consortium came about from an arrangement between Waikato and Horizons
Regional Councils to exchange database modules. Horizons Regional
Council briefed a group of regional councils on its information
technology (IT) strategy, which led others to express interest in
joining the Consortium. A number of factors led the other Regional
Councils to join, including that: • it enabled them to upgrade their IT infrastructure; • they have common statutory responsibilities, information needs, and business processes; and • at the time, there were few software products available to meet the needs of Regional Councils |
|
Governance and Oversight of Large Information Technology Projects
|
This report is in three sections: i. Governance and accountability: identifies the key players and roles in major IT projects, and discusses current practice and issues with these roles. ii. |