In Search of a State IT Audit Paradigm
Upcoming SlideShare
Loading in...5
×
 

In Search of a State IT Audit Paradigm

on

  • 421 views

 

Statistics

Views

Total Views
421
Views on SlideShare
421
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    In Search of a State IT Audit Paradigm In Search of a State IT Audit Paradigm Presentation Transcript

    • In Search of a State IT Audit Paradigm SAI Poland 北京 April 2010
    • Scope of Presentation
      • IT Audit by SAI – state IT audit
      • Performance measurement
      • Is the State a big company?
      • Frameworks and good practices
      • NIK’s approach
    • Risks
      • Common:
        • auxilliary functions
        • management elements
      • Specific
        • real world activities
    • The State
      • scale, society, security
      • audit types
      • IT problems:
        • 20% technical
        • 80% organizational
    • i2010
      • i2010 benchmarking framework
      • ICT Sector (9), Broadband and Connectivity (13), ICT usage by Households and Individuals (33), ICT usage by Enterprises (12)
      • e-Public Services (3)
        • availability/interactivity of 20 basic services
        • % of individual users
        • % of enterprise users
    • KPI Library
      • professionals that successfully want to implement Performance Management
      • Government – 40
        • central – 3
          • Per capita public green space
          • Per capita daily domestic waste generation
          • Per capita daily water consumption
      • IT (488) – majority under industrial frameworks
    • CobiT
      • Control Objectives for Information and related Technology
      • Tailored to the assurance needs
      • BSC based business processes
      • IT goals
      • IT processes measured by
        • performance indicators
        • outcome measures
      • Metrics oriented
      • ‘ Antwerp Funneling’
    • Problems
      • Business goals for public administration
      • How to funnel really critical processes?
      • Ex ante v. ex post?
      • Quality of measures and risks
    • Val IT
      • help s to optimise the realisation of value from IT investments
      • value governance (6)
      • portfolio management (6)
      • investment management (10)
    • ITIL
      • Information Technology Infrastructure Library
      • IT service management
      • measurement of all aspects
        • “ Why are we monitoring and measuring?”
        • “ When do we stop?”
        • “ Is anyone using the data?”
        • “ Every time you produce a report you should ask: Do we still need this? ”
      • 7-step measures recipe
    • Prince2 and MSP
      • PR ojects IN C ontrolled E nvironments
      • M anaging S uccessful P rogrammes
      • improvement by cycle of practical implementations
      • elaborated benefits approach in MSP
    • GAIT
      • Guide to the Assessment of IT General Controls Scope based on Risk
      • identify the key IT control objectives
      • next steps to The Public Company Accounting Oversight Board Standards
      • other tools, such as COBIT, to identify and then assess specific ITGC key controls
      • teams formed by IT and business experts
    • Maturity Models
      • OGC’s Portfolio, Programme, and Project Management Maturity Model (P3M3)
      • CobiT’s by-pass approach
      • measures for benchmarking
      • review of key project organization problems
    • Conclusions
      • NIK’s approach:
        • start with products/services value assessment
        • use in depth processes analysis in case of failures found (costs, functionality)
      • Both stages need measures/benchmarking
      • State audit needs state measures
      • Will IT state audit redirect from application/ security to IT projects/programmes/strategies?