Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ppt serbia-sigma-digital-audit-workshop-sa is-november-2019


Published on

PPT Serbia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

Ppt serbia-sigma-digital-audit-workshop-sa is-november-2019

  1. 1. Republic of Serbia State Audit Institution November 2019 How We Grow IT Audit Serbian Experience Dragan Stojanović State Auditor for IT
  2. 2. Agenda • Background on SAI Serbia • Development of IT • What ‘IT’ will happen quite soon (AMS, IDEA4ALL) • IT Audit - Part of other types of Audit • IT Audit - First Stand-alone Report
  3. 3. Background on SAI Serbia • State Audit Institution is the highest authority for auditing of public funds in the Republic of Serbia. • It was founded in 2005, by virtue of the Law on the State Audit Institution. Election of Members of the Council in 2007 marks the beginning of the operations of the State Audit Institution. • Today, the Institution has about 320 employees in total. Of this number, five were members of the Council, about 285 were in auditing departments and about 30 in audit support units. • Organized into 6 sectors (4 for auditing, one for audit methodology and quality control and one for audit support – with 5 units (International Cooperation and PR, General and Legal Affairs, HR, Finance and Accounting and IT)
  4. 4. Our auditees • Ministries and other State Budget beneficiaries • Territorial autonomies and local self-governments • Organizations of mandatory social insurance • Public Enterprises • National Bank of Serbia Currently SAI covers more than 11 000 auditees 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Number of reports 1 10 47 143 66 134 174 184 218 222 242 Novi Sad Sektors No1-4 86 King Alexander Boul. Primary Computer Center Nis Kragujevac Internet Head-office 41 Makezijeva Street Secondary Computer Center
  5. 5. Development of IT 2010 •IT Unit established •Share disk space 2012 •DRIMS Share Point 2010 2014 •DRIMS Pilot Audit •BAM software 2015 • 2019 •
  6. 6. Primary Computer Center Internet users Outside Firewall Windows OS, Office 201x SQL Server Production SharePoint 2010 Server Development SharePoint 2010 Server Public FTP Server DMZ Virtualized Servers Multi-functionality Devices Users users usersusers Primary Doman Controller, DHCP, DNS Wireless AP Data Storage Data Storage Server Virtualized Servers FC/iSCSI Production Server for any Web services Mail ServerWEB Server Inside Firewall
  7. 7. DRIMS (not a dreams)
  8. 8. SFTP: 6% 32% 45% 78% 100% 2015 2016 2017 2018 2019
  9. 9.
  10. 10. What ‘IT’ will happen quite soon • Improve IS with new AMS based on SharePoint 2019 • IDEA4ALL
  11. 11. IT Audit - Part of other types of Audit • “FINANCIAL and COMPLIANCE AUDIT MANUAL”, the SAI Serbia guidelines for conducting audit, was approved by Council of SAI Serbia 2015 • section 6.6.1 defines “Understand the IT Control Environment” • section 7.5 defines “IT Considerations - IS Audit and Assurance Guideline 2204 Materiality” • section 8.7 defines “consideration of audit information technology” • section 11.7 defines “IT considerations” • Related to this sections, in Manual, as appendix, there are “IT complexity assessor” and “IT Internal control checklist”, two questionnaire tables which can helps auditors to assess auditee IT system and to decide whether the it audit will be carried out
  12. 12. Digital Audit Process Auditees Accounting Information System Auditees Financial Statement Data replication from auditees Auditor Trial Financial Statement = audit findings Treasury administration BUDGET EXECUTION = audit findings Audit Report IT Unit ofSAI ETL DRI Management System Analysis data for planningprocess, risk assessment, sampling, etc.
  13. 13. IT support in finance audit
  14. 14. IT support in finance audit
  15. 15. IT support in finance audit When it comes to support in the financial audit, we provide help to assess the risk Review of general ledger • Unbalanced amounts in journal and general ledger • Double entries into journal • Missing entries into journal • Journal entries during weekend • Journal entries on specific dates • Journal entries in specific time • Journal entries in specific period • Journal entries of large amounts • Journal entries of round amounts
  16. 16. IT support in finance audit Analytical records - Revenues • Account date and payment date aging • Debtors with balance higher than credit limit • Debtors with total balance higher than credit limit • Debtors with balance • Summing up debtors' transactions • Rounded numbers on specific dates • Searching for duplicates in fields
  17. 17. IT support in finance audit Analytical records - Expenditures • Duplicate accounts or payments • Accounts receivables with debts (advance payments) • Creditors with total amounts higher than the approved limit • Debtors with balance higher than the approved limit • Accounts without order number • Transactions with rounded amounts on specific date • Transactions recorded on specific date • Transactions recorded in specific time • Accounts payable entered during weekend • Accounts payable with round numbers • Searching for duplicates in fields
  18. 18. IT support in finance audit In Excel on the data we have obtained, we are processing it by creating a pivot table by obtaining the following checks: • Total expenditures and expenditures for direct and indirect budget users of the audit entity for each economic classification at the third level; • Total expenditures and expenditures by all economic classifications at the sixth level for each beneficiary of budget funds • Individual financial cards, as follows: - by economic classification on the second, third, fourth and sixth level, - by section and by budget positions
  19. 19. IT support in finance audit The slide gives an example of a financial card in the sixth level We are selecting items that have high value, which are unusual or crucial
  20. 20. IT support in finance audit Calculator for materiality
  21. 21. IT support in finance audit After determining the size of the sample, the redistribution of samples by groups of accounts is carried out within the defined area and by direct and indirect users of the budget funds of the audited entity.
  22. 22. IT support in compliance audit We're checking security polices, user access controls and risk management procedures in terms of Law on Information Security which became effective on 5th February 2016. This Law includes the following areas: • IT Management • Information Security • Development, Procurement and Outsourcing • Business Continuity Planning (BCP) / Disaster Recovery Planning (DRP) • IT operations
  23. 23. Key findings - organizations of mandatory social insurance (Pension fund, NHIF, National employment service)
  24. 24. Key findings – local authorities
  25. 25. Key findings – Organisational structure
  26. 26. Cooperation with other SAI • we participate in the work of the EUROSAI IT working group • we participate in the work of IT subgroup for ITSA / ITASA, in first half of 2019 we conducted ITSA with ECA • we organized two IT workshops in Belgrade, 2015 and 2017 • We worked together with our friends from Montenegro on their first stand-alone IT audit • Also, with our friends from Macedonia, we are working on the development of a new AMS, based on their experiences in this and with their help •
  27. 27. 2014 IT Pilot Audit • Pilot project had the three phases: 1. E-learning course – introduction with WGITA IT Handbook 2. Work on pre-study report and selecting the audit areas 3. Conduct IT audit in accordance with IT handbook So, we became pioneers in establishing of IT audit in SAI Serbia 
  28. 28. IT Audit - First Stand-alone Report 2019 The efficiency of the Information System for the Public X Register Domains with issues: • IT governance – Lack of Project Management • Application control – Integrity DB, poor app. functionality • Information Security – exaggerated security control
  29. 29. Welcome to Serbia! IDI Global Programme IT Audit- Audit Planning Meeting Warsaw 29