In Search of a State IT Audit Paradigm
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

In Search of a State IT Audit Paradigm

on

  • 455 views

 

Statistics

Views

Total Views
455
Views on SlideShare
455
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

In Search of a State IT Audit Paradigm Presentation Transcript

  • 1. In Search of a State IT Audit Paradigm SAI Poland 北京 April 2010
  • 2. Scope of Presentation
    • IT Audit by SAI – state IT audit
    • Performance measurement
    • Is the State a big company?
    • Frameworks and good practices
    • NIK’s approach
  • 3. Risks
    • Common:
      • auxilliary functions
      • management elements
    • Specific
      • real world activities
  • 4. The State
    • scale, society, security
    • audit types
    • IT problems:
      • 20% technical
      • 80% organizational
  • 5. i2010
    • i2010 benchmarking framework
    • ICT Sector (9), Broadband and Connectivity (13), ICT usage by Households and Individuals (33), ICT usage by Enterprises (12)
    • e-Public Services (3)
      • availability/interactivity of 20 basic services
      • % of individual users
      • % of enterprise users
  • 6. KPI Library
    • professionals that successfully want to implement Performance Management
    • Government – 40
      • central – 3
        • Per capita public green space
        • Per capita daily domestic waste generation
        • Per capita daily water consumption
    • IT (488) – majority under industrial frameworks
  • 7. CobiT
    • Control Objectives for Information and related Technology
    • Tailored to the assurance needs
    • BSC based business processes
    • IT goals
    • IT processes measured by
      • performance indicators
      • outcome measures
    • Metrics oriented
    • ‘ Antwerp Funneling’
  • 8. Problems
    • Business goals for public administration
    • How to funnel really critical processes?
    • Ex ante v. ex post?
    • Quality of measures and risks
  • 9. Val IT
    • help s to optimise the realisation of value from IT investments
    • value governance (6)
    • portfolio management (6)
    • investment management (10)
  • 10. ITIL
    • Information Technology Infrastructure Library
    • IT service management
    • measurement of all aspects
      • “ Why are we monitoring and measuring?”
      • “ When do we stop?”
      • “ Is anyone using the data?”
      • “ Every time you produce a report you should ask: Do we still need this? ”
    • 7-step measures recipe
  • 11. Prince2 and MSP
    • PR ojects IN C ontrolled E nvironments
    • M anaging S uccessful P rogrammes
    • improvement by cycle of practical implementations
    • elaborated benefits approach in MSP
  • 12. GAIT
    • Guide to the Assessment of IT General Controls Scope based on Risk
    • identify the key IT control objectives
    • next steps to The Public Company Accounting Oversight Board Standards
    • other tools, such as COBIT, to identify and then assess specific ITGC key controls
    • teams formed by IT and business experts
  • 13. Maturity Models
    • OGC’s Portfolio, Programme, and Project Management Maturity Model (P3M3)
    • CobiT’s by-pass approach
    • measures for benchmarking
    • review of key project organization problems
  • 14. Conclusions
    • NIK’s approach:
      • start with products/services value assessment
      • use in depth processes analysis in case of failures found (costs, functionality)
    • Both stages need measures/benchmarking
    • State audit needs state measures
    • Will IT state audit redirect from application/ security to IT projects/programmes/strategies?