P
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

P

on

  • 369 views

 

Statistics

Views

Total Views
369
Views on SlideShare
369
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

P Presentation Transcript

  • 1. Auditing IT Governance In the State of Hawai‘i National State Auditors Association NSAA IT Conference Harrisburg, PA September 30, 2009 Sterling Yee Assistant Auditor Office of the Auditor
  • 2. Why IT Governance?
    • What is IT governance?
    • Two initial audits
      • Report No. 09-06, Audit of the State of Hawaii’s Information Technology, March 2009
      • Report No. 09-08, Management Audit of Information Technology Within the Office of Hawaiian Affairs, June 2009
  • 3. Guidance
    • ITIL
    • COBIT
    • Board Briefing on IT Governance, 2nd Edition, IT Governance Institute
  • 4.  
  • 5.  
  • 6. IT Governance
  • 7. IT Governance Audit
    • Executive branch
    • Focus on central IT function
    • 1995 through 2007 (includes transfer of central IT function)
    • Scope limited to IT governance
  • 8. Peer Comparison
    • Other states’ practices
    • Leadership group of 11 states
  • 9. Major Findings
    • Weak and ineffective IT management
    • No lead agency for IT
  • 10. Weak and Ineffective
    • CIO position not clearly defined
    • CIO position is part time
    • IT executive and technical committees poorly planned & managed
    • No statewide IT strategic plan
    • Highest technical risk not addressed
  • 11. No Lead Agency
    • Information & Communications Systems Division (ICSD) stopped functioning
    • Support & standards halted 20 years ago
    • ICSD primarily doing maintenance of legacy systems
    • Loss of confidence in ICSD’s capabilities
  • 12. Conclusions
    • If changes are not made, State will be required to outsource IT functions
    • Data center risk is one the State cannot afford to take
  • 13. Recommendations
    • Full time, qualified CIO
    • IT steering committee
    • CIO should report to governor and IT steering committee
  • 14. Office of Hawaiian Affairs
    • OHA, established in 1978 ConCon
    • Financial & management audits every 4 years
    • Management audit - IT governance
  • 15. Who is OHA?
    • Better the conditions of Hawaiians
    • Trustee for ceded lands & other income
    • Managed by board of 9 trustee
    • Trustees elected by state electorate
  • 16. Who is OHA? (continued)
    • 152 full time staff
    • Manage 1.2 million acres of land
    • Manage $400 million investment portfolio
  • 17. OHA Mission
    • Better conditions of Hawaiians
    • Formulate policies to support programs
    • Organize 400,000 Hawaiians throughout the U.S.
    • Provide effective communications
  • 18. OHA IT Systems
    • LAN, file sharing and Internet connection
    • SharePoint
    • Accounting
    • Investment management
    • Human Resources
    • Hawaiian Registry
    • Others
  • 19. OHA Audit Methodology
    • Based on COBIT and Board Briefing on IT Governance
    • Same methodology as the previous audit
  • 20. Contrasts Between Audits
    • Totally different environment
    • Totally different results
      • Management supports use of IT throughout
      • Many improvements made to systems
      • IT has been as tactical rather than strategic
      • Many large IT demands loom over the horizon
  • 21. Major Findings
    • OHA doesn’t recognize the critical & strategic importance of electronic information
    • Current systems are dispersed without oversight & coordination
  • 22. Recommendations
    • Create a CIO position to provide direction over IT
    • Form an IT steering committee to support the CIO
  • 23. Lessons Learned From A Nascent IT Audit Program
    • IT governance audit provides an excellent, high level view of IT
    • IT governance audit provides a road map for future IT audits
    • IT governance audit can provide meaningful and relevant findings and recommendations
  • 24. Questions? Audit reports are available at: http://hawaii.gov/auditor Sterling Yee [email_address]