IT-audit
Forum
1
Overall picture of
the EUROSAI
IT Working Group
and its functions
IT = Information Technology
IT-audit
Forum
2
•
•
•
•
Overall Picture of Eurosai ITWG - Agenda
•
•
Brief introduction of the presenter
INTOSAI, EUROSAI, EURORAI
EUROSAI Organisation
Working Areas
IT-Working Group
•
•
•
•
•
•
History
Organisation
Functions
Projects
ITSA Lessons Learned
Further Activities
INTOSAI Working Group on IT Audit
IT-audit
Forum
3
Supreme Audit Institutions (SAIs)
SFAO Organisational Chart
IT-audit
Forum
Matrix
4
Management
Specialist
sector
Fin. supervision, audit 1
Fin. supervision, audit
2
Fin. supervision, audit
3
Total number of Staff 90
Staff
Mandate sector
DFA/F
OR/DD
PS
EDP/Int
Organis.
Decision
DETEC
SSA/DEA
FCh/PS/
FDF
60 Auditors
(9 IT Auditors!)
IT audits
Building and
procurement
Economic
evaluations
Support
International
Execution
Social
Ins./
FDJP
IT-audit
Forum
SFAO – IT Audits
5
Massimo Magnini, CISA, CIA, CISM*
Swiss Federal Audit Office (SFAO)
Competence Centre IT Audits
Monbijoustrasse 45
CH - 3003 Bern
Tel. +41 031 323 10 82
Fax +41 031 323 11 01
E-Mail: massimo.magnini@efk.admin.ch
Web: www.efk.admin.ch
* CISA = Certified Information Systems Auditor (ww.isaca.org)
CISM = Certified Information Security Manager
CIA = Certified Internal Auditor (www.theiia.org The Institute of Internal Auditors
IT-audit
Forum
6
INTOSAI, EUROSAI, EURORAI
IT-audit
Forum
7
EUROSAI was established in 1990.
The objectives of the Organisation are:
• to promote professional co-operation among SAI
members,
• to encourage the exchange of information and
documentation,
• to advance the study of public sector audit,
• to stimulate the creating of University Professorships in
this subject,
• to work towards the harmonisation of terminology in the
field of public audit.
IT-audit
Forum
8
EUROSAI Organisation
IT-audit
Forum
EUROSAI ITWG - History
9
The EUROSAI IT Working Group was created in 2002, during the
V EUROSAI Congress:
Oct. 2002:
1st
Meeting
The Hague
March 2004:
2nd
Meeting
Bern
Sept. 2006:
4th
Meeting
Bratislava
Feb. 2008:
5th
Meeting
Ljubljana
Feb. 2005:
3rd
Meeting
Nicosia
June 2009:
6th
Meeting
Bern
At its Congress held in Kraków in June 2008, the EUROSAI approved
the handover of the chair of the EUROSAI IT Working Group from
the Netherlands to Switzerland. As of 1. June 2008 Switzerland is
responsible for the EUROSAI ITWG website and activities.
IT-audit
Forum
Eurosai ITWG - Work Areas
10
The EUROSAI IT Working Group will deploy activities on four strategic
IT-related areas:
1. the development of IT-driven international agreements and
regulations, for instance privacy rulings, and how to audit these;
2. the emergence of E-Governance, E-Procurement and electronic
service delivery and how to audit these;
3. the investment of governments in hardware, software and
"humanware" for the running of their offices and for the
implementation of programmes, for instance E-Procurement, and how
to audit this.
4. Developing the capacity of SAIs to meet their strategic goals by:
- utilising IT to support their own internal management;
- exploiting IT to enhance the efficiency and effectiveness of
their audits;
- acquiring the skills necessary to audit in an IT-environment.
IT-audit
Forum
Eurosai ITWG “Outputs” in 5 areas
11
2
IT Selfassessment
3
E-Government
1
Electronic
Records
Management
4
Inventory
IT Training
Courses
5
Website
IT-audit
Forum
Electronic Records Management
12
IT Selfassessment
1
Electronic
Records
Management
E-Government
Inventory
IT Training
Courses
Website
IT-audit
Forum
Electronic Records Management
13
Document “Audit Briefing”
• Aimed at IT
Auditors
• What and how
to audit
• Audit Checklist
IT-audit
Forum
IT Self-assessment (ITSA)
14
2
IT Selfassessment
E-Government
Electronic
Records
Management
Inventory
IT Training
Courses
Website
IT-audit
Forum
15
Lead:
Switzerland
Members:
Belgium
Bulgaria
European Court of
Auditors
Germany
Lithuania
Netherlands
Norway
Spain
Project Team:
ITSA
IT Self-assessment
(Rollout)
IT-audit
Forum
IT Self-assessment (ITSA)
16
•
Small mixed team
• Business professionals and IT
professionals
• Managers and non-managers
•
•
•
•
Moderated
Result: Action Plan
Roll-out into EUROSAI
membership
Regular revision
IT-audit
Forum
17
Lead:
Switzerland
Members:
European Court of
Auditors
Finland
Germany
Hungary
Latvia
Lithuania
Malta
Netherlands
Norway
Ukraine
Project Team:
ITASA
IT Audit Selfassessment
Questionnaire
« IT Audit »
IT-audit
Forum
E-Government
18
IT Selfassessment
3
E-Government
Electronic
Records
Management
Inventory
IT Training
Courses
Website
IT-audit
Forum
19
Project Team:
E-Government
Lead: Portugal
Members:
Germany
Lithuania
Netherlands
Poland
Russia
UK
Switzerland
IT-audit
Forum
E-Government
20
Executive Summary ‘E-Government
in an Audit Perspective’
• Aimed at board and senior
management
• Cooperation with INTOSAI
IT Committee
• Executive Summary
submitted as EUROSAI
document
• Full report also available
IT-audit
Forum
21
www.egov.nik.gov.pl
IT-audit
Forum
Inventory IT Training Courses
22
IT Selfassessment
E-Government
Electronic
Records
Management
4
Inventory of
IT Training
Courses
Website
IT-audit
Forum
Inventory of IT Training Courses
23
• SAIs and IDI have
courseware
available
• Limited number
commercial
off the shelf courses
• Accounting firms
prepared to develop
tailor-made courses
IT-audit
Forum
24
…… Training News …..
IT-audit
Forum
Eurosai ITWG Website
25
IT Selfassessment
E-Government
Electronic
Records
Management
Inventory
IT Training
Courses
5
Website
IT-audit
Forum
26
Welcome to the site ……!!
IT-audit
Forum
27
Lead:
Netherlands
Members:
Austria
Bulgaria
Finland
Germany
Lithuania
Russia
Slovenia
Switzerland
Project Team:
Relevance of
IT in Public
Revenue Fraud
Sounding Board
IT-audit
Forum
28
EUROSAI ITWG – Further Activities
IT-audit
Forum
29
INTOSAI Working Group on IT Audit
IT-audit
Forum
30
Act
Local,
Think
Global
Thank
you!