In Search of a State IT Audit Paradigm

  • 209 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
209
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
9
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. In Search of a State IT Audit Paradigm SAI Poland 北京 April 2010
  • 2. Scope of Presentation
    • IT Audit by SAI – state IT audit
    • Performance measurement
    • Is the State a big company?
    • Frameworks and good practices
    • NIK’s approach
  • 3. Risks
    • Common:
      • auxilliary functions
      • management elements
    • Specific
      • real world activities
  • 4. The State
    • scale, society, security
    • audit types
    • IT problems:
      • 20% technical
      • 80% organizational
  • 5. i2010
    • i2010 benchmarking framework
    • ICT Sector (9), Broadband and Connectivity (13), ICT usage by Households and Individuals (33), ICT usage by Enterprises (12)
    • e-Public Services (3)
      • availability/interactivity of 20 basic services
      • % of individual users
      • % of enterprise users
  • 6. KPI Library
    • professionals that successfully want to implement Performance Management
    • Government – 40
      • central – 3
        • Per capita public green space
        • Per capita daily domestic waste generation
        • Per capita daily water consumption
    • IT (488) – majority under industrial frameworks
  • 7. CobiT
    • Control Objectives for Information and related Technology
    • Tailored to the assurance needs
    • BSC based business processes
    • IT goals
    • IT processes measured by
      • performance indicators
      • outcome measures
    • Metrics oriented
    • ‘ Antwerp Funneling’
  • 8. Problems
    • Business goals for public administration
    • How to funnel really critical processes?
    • Ex ante v. ex post?
    • Quality of measures and risks
  • 9. Val IT
    • help s to optimise the realisation of value from IT investments
    • value governance (6)
    • portfolio management (6)
    • investment management (10)
  • 10. ITIL
    • Information Technology Infrastructure Library
    • IT service management
    • measurement of all aspects
      • “ Why are we monitoring and measuring?”
      • “ When do we stop?”
      • “ Is anyone using the data?”
      • “ Every time you produce a report you should ask: Do we still need this? ”
    • 7-step measures recipe
  • 11. Prince2 and MSP
    • PR ojects IN C ontrolled E nvironments
    • M anaging S uccessful P rogrammes
    • improvement by cycle of practical implementations
    • elaborated benefits approach in MSP
  • 12. GAIT
    • Guide to the Assessment of IT General Controls Scope based on Risk
    • identify the key IT control objectives
    • next steps to The Public Company Accounting Oversight Board Standards
    • other tools, such as COBIT, to identify and then assess specific ITGC key controls
    • teams formed by IT and business experts
  • 13. Maturity Models
    • OGC’s Portfolio, Programme, and Project Management Maturity Model (P3M3)
    • CobiT’s by-pass approach
    • measures for benchmarking
    • review of key project organization problems
  • 14. Conclusions
    • NIK’s approach:
      • start with products/services value assessment
      • use in depth processes analysis in case of failures found (costs, functionality)
    • Both stages need measures/benchmarking
    • State audit needs state measures
    • Will IT state audit redirect from application/ security to IT projects/programmes/strategies?