• Like
  • Save
Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    P P Presentation Transcript

    • Auditing IT Governance In the State of Hawai‘i National State Auditors Association NSAA IT Conference Harrisburg, PA September 30, 2009 Sterling Yee Assistant Auditor Office of the Auditor
    • Why IT Governance?
      • What is IT governance?
      • Two initial audits
        • Report No. 09-06, Audit of the State of Hawaii’s Information Technology, March 2009
        • Report No. 09-08, Management Audit of Information Technology Within the Office of Hawaiian Affairs, June 2009
    • Guidance
      • ITIL
      • COBIT
      • Board Briefing on IT Governance, 2nd Edition, IT Governance Institute
    • IT Governance
    • IT Governance Audit
      • Executive branch
      • Focus on central IT function
      • 1995 through 2007 (includes transfer of central IT function)
      • Scope limited to IT governance
    • Peer Comparison
      • Other states’ practices
      • Leadership group of 11 states
    • Major Findings
      • Weak and ineffective IT management
      • No lead agency for IT
    • Weak and Ineffective
      • CIO position not clearly defined
      • CIO position is part time
      • IT executive and technical committees poorly planned & managed
      • No statewide IT strategic plan
      • Highest technical risk not addressed
    • No Lead Agency
      • Information & Communications Systems Division (ICSD) stopped functioning
      • Support & standards halted 20 years ago
      • ICSD primarily doing maintenance of legacy systems
      • Loss of confidence in ICSD’s capabilities
    • Conclusions
      • If changes are not made, State will be required to outsource IT functions
      • Data center risk is one the State cannot afford to take
    • Recommendations
      • Full time, qualified CIO
      • IT steering committee
      • CIO should report to governor and IT steering committee
    • Office of Hawaiian Affairs
      • OHA, established in 1978 ConCon
      • Financial & management audits every 4 years
      • Management audit - IT governance
    • Who is OHA?
      • Better the conditions of Hawaiians
      • Trustee for ceded lands & other income
      • Managed by board of 9 trustee
      • Trustees elected by state electorate
    • Who is OHA? (continued)
      • 152 full time staff
      • Manage 1.2 million acres of land
      • Manage $400 million investment portfolio
    • OHA Mission
      • Better conditions of Hawaiians
      • Formulate policies to support programs
      • Organize 400,000 Hawaiians throughout the U.S.
      • Provide effective communications
    • OHA IT Systems
      • LAN, file sharing and Internet connection
      • SharePoint
      • Accounting
      • Investment management
      • Human Resources
      • Hawaiian Registry
      • Others
    • OHA Audit Methodology
      • Based on COBIT and Board Briefing on IT Governance
      • Same methodology as the previous audit
    • Contrasts Between Audits
      • Totally different environment
      • Totally different results
        • Management supports use of IT throughout
        • Many improvements made to systems
        • IT has been as tactical rather than strategic
        • Many large IT demands loom over the horizon
    • Major Findings
      • OHA doesn’t recognize the critical & strategic importance of electronic information
      • Current systems are dispersed without oversight & coordination
    • Recommendations
      • Create a CIO position to provide direction over IT
      • Form an IT steering committee to support the CIO
    • Lessons Learned From A Nascent IT Audit Program
      • IT governance audit provides an excellent, high level view of IT
      • IT governance audit provides a road map for future IT audits
      • IT governance audit can provide meaningful and relevant findings and recommendations
    • Questions? Audit reports are available at: http://hawaii.gov/auditor Sterling Yee [email_address]