1 Pensions Administration Lynn Wright Pensions Administration Manager.
IT Audit ISSAIs · government payroll, pensions and passages inventory management system of...
Transcript of IT Audit ISSAIs · government payroll, pensions and passages inventory management system of...
![Page 1: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/1.jpg)
IT Audit ISSAIs & IDI’s Capacity Development Programme on IT Audit
XIII ASOSAI Assembly 12 February 2015, Kuala Lumpur
1
Md. Shofiqul Islam Programme Manager
![Page 2: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/2.jpg)
2
Outline
Global Public Goods - IT Audit Handbook
IDI’s Capacity Development on IT Audit
ISSAIs on IT Audit
![Page 3: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/3.jpg)
3
ISSAIs on IT Audit
• International Standards of Supreme Audit Institutions (ISSAIs)
• Level 4: Guideline on specific subjects
• Series 5300-5399 of ISSAI Framework is allocated for Information Technology Audit
![Page 4: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/4.jpg)
• ISSAI-5310 - Information System Security Review Methodology.
• Due for review in 2013
• Working Group on IT Audit (WGITA) under the Knowledge Sharing Committee (KSC)
4
ISSAI on IT Audit - 5310
![Page 5: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/5.jpg)
• Development of new ISSAI 5300
• ISSAI 5300 will be an overarching ISSAI on the fundamentals of IT Audit
• ISSAI 5300 would lay down the general principles, approach and methodology to conduct IT Audits
• Updating ISSAI 5310 on Information Systems’ Security Audit
5
Project Team
India-Project leader
Brazil
Indonesia
Japan
Norway
Poland
USA
ISSAI 5300
![Page 6: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/6.jpg)
• Exposure draft of ISSAI 5300 will be prepared by June 2015
• Work on updating ISSAI 5310 will be taken up after finalizing ISSAI 5300.
• The project team will identify the subsequent ISSAIs that may be attempted to be developed in due course.
6
ISSAI 5300 Project Progress
![Page 7: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/7.jpg)
7
Presentation Plan
Global Public Goods - IT Audit Handbook
IDI’s Capacity Development on IT Audit
ISSAIs on IT Audit
![Page 8: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/8.jpg)
8
IDI-WGITA Cooperation in IT Audit
Areas of Cooperation
• Capacity Development • AFROSAI-E, Global
• Development of Global Public Goods • Guideline, Handbook
• Knowledge Sharing
![Page 9: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/9.jpg)
Development Process (Jan-July 2013)
• Project team consisting of WGITA and IDI members
• Review of the guidelines framework and courseware developed for the pilot programme in AFROSAI-E
9
WGITA-IDI - IT Audit Handbook
![Page 10: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/10.jpg)
WGITA-IDI IT Audit Handbook for SAIs • Endorsed by XXI INCOSAI - 2013 • Launched at 23rd meeting of WGITA,
February 2014 • http://www.intosaiitaudit.org/
10
WGITA-IDI - IT Audit Handbook
![Page 11: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/11.jpg)
• Seven major IT audit issues - Definition and explanation • Key Elements of these issues • IT risks for the audited entity and audit questions • Audit matrix – based on audit questions
11
Structure of the Handbook
![Page 12: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/12.jpg)
• IT Governance and Policy • Development and Acquisition • IT Operations • Outsourcing • Business continuity plan and Disaster Recovery Plans • Information security • Application controls
12
Structure of the Handbook
![Page 13: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/13.jpg)
13
Audit Matrix
![Page 14: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/14.jpg)
Additional topic of interest: • Mobile computing • Computer forensics • Websites • E-governance • E-commerce
14
Structure of the Handbook
![Page 15: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/15.jpg)
15
Presentation Plan
Global Public Goods - IT Audit Handbook
IDI’s Capacity Development on IT Audit
ISSAIs on IT Audit
![Page 16: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/16.jpg)
WGITA Contribution:
• Subject Matter Experts,
• Initial Reference Materials
IDI Contribution:
• Expertise in developing guidance and training materials,
• Programme Management
• Funding
16
Capacity Development on IT Audit
IDI-WGITA TRANS REGIONAL PROGRAMME ON IT AUDIT
PILOT PHASE AFROSAI-E Region:
2012-2013
![Page 17: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/17.jpg)
17
Capacity Development on IT Audit
Results of Pilot Phase
AUTOMATED SYSTEM FOR CUSTOMS DATA (ASYCUDA++)
GOVERNMENT PAYROLL, PENSIONS AND PASSAGES
INVENTORY MANAGEMENT SYSTEM OF NATIONAL MEDICAL STORES
PUBLIC FINANCE MANAGEMENT SYSTEM: GENERAL AND APPLICATIONS CONTROLS
EDUCATION INFORMATION SYSTEM
IT AUDIT OF THE PASSPORT ISSUANCE SYSTEM
2012-2013
![Page 18: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/18.jpg)
Based on the IT Audit Handbook
Global capacity development:
E-course and
Pilot IT Audits
Developed in English, launched in May 2014
18
Capacity Development on IT Audit
CURRENT IDI IT AUDIT PROGRAMME: 2014-2015
![Page 19: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/19.jpg)
Audit of HRM IS
Railway Ticketing System
IT Audit of Telecom Department
IS Security audit of state owned enterprise
IT Audit of property registration system
Customs Department (ASYCUDA)
19
Pilot IT Audit Proposals
Govt. Fiscal Management Information System
IT Audit of Govt Payroll system
Vehicle Registration and Control System
![Page 20: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/20.jpg)
Issues Raised:
• Data manipulation and fraud
• Risk and security
•IT operations without agreed Service Level Agreements
• IT Governance Issues
• Role of IT Audit
20
IT Audit Planning Meeting
![Page 21: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/21.jpg)
• Currently the SAI audit teams are involved in audit field work
• Draft audit reports are expected by April 2015.
Audit Review Meetings • scheduled for June and July 2015.
• Reports expected to be finalized by December 2015.
21
Audit Field Work
![Page 22: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/22.jpg)
22
About 100 participants complete the programme
41 SAIs completing pilot IT Audits
Feedback on IT Audit Handbook
Updating the Handbook
Capacity Development on IT Audit
Expected Results of the Programme
![Page 23: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/23.jpg)
• Diverse audit practices across INTOSAI community
• Different levels of IT maturity in the SAIs
• Data extraction and data analysis
23
Challenges
![Page 24: IT Audit ISSAIs · government payroll, pensions and passages inventory management system of national medical stores public finance management system: general and applications controls](https://reader030.fdocuments.in/reader030/viewer/2022041003/5ea65e59d2083065ae39f921/html5/thumbnails/24.jpg)
• ISSAI 5300
• Dissemination of IT Audit Handbook
• Translation into other INTOSAI languages
• E-coruses in other languages
• Regular update to align with the ISSAIs on IT Audit
24
Way Forward