Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PPT TCA, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019

15 views

Published on

PPT TCA, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

PPT TCA, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019

  1. 1. Mehmet TAŞ Principal Auditor IT Audit Group Turkish Court of Accounts - TCA mtas@sayistay.gov.tr
  2. 2.  Establishment of Computer-Assisted Audit Group (1997)  First IT audit (2002)  IT audit guideline (2007)  IT audit training activities (2007 - …)  Expert support in conducting technical tests (2007 - …)  Establishment of IT Audit Group (2015)  Audit of e-Government projects (2017) 1
  3. 3. Growing number of e-Government projects  Transformation of public services to e-Government services by use of ICT  Modernization and/or integration of e-Government services 2
  4. 4. Low success rate in e-Government projects  Decision making failures  Project requirements not described with sufficient clarity  Poor change management  Poor risk management  Information security requirements neglected  Roles and responsibilities not defined clearly  Lack of qualified staff  Communication failures with stakeholders & suppliers … 3
  5. 5. 2016-2019 National e-Government Strategy and Action Plan  Action 1.2.2: Ensuring efficiency of audit for e-government projects in public sector Responsible Entity: Turkish Court of Accounts  A model will be created for the audit of e-Government projects  A guideline will be prepared for the audit of e-Government projects  Audit of e-Government projects will be generalized in all public agencies and institutions 4
  6. 6.  Examination and evaluation of internal controls  Necessary for successful completion of e-Government projects  Within efficiency, effectiveness, confidentiality, integrity, availability, reliability and compliance criteria 5
  7. 7.  Completion  within defined scope  within given budget  at targeted time  Ensuring  user-satisfaction with appropriate quality  information security requirements  compliance with national policies, entity strategies and relevant legislation 6
  8. 8.  Efficiency  Effectiveness  Confidentiality  Integrity  Availability  Reliability  Compliance 7
  9. 9.  IT Governance/Management  Project Management  System Development and Acquisition  Outsourcing  Operation & Maintenance  Business Continuity & Disaster Recovery Planning  Information Security  Application Controls 8
  10. 10.  Determine the risks concerning the examined information systems  Identify the necessary control mechanisms that can minimize these risks  Check whether these IT controls are established, and if so, whether they are functioning effectively or not  Assess the weaknesses in IT controls  Report the obtained findings according to a certain procedure 9
  11. 11.  Determine the type and the phase of the project  Identify the audit areas to examine  Determine risks  Identify the necessary controls  Check whether these controls are established, and if so, whether they are functioning effectively or not  Detect and assess control weaknesses  Report material control weaknesses 10
  12. 12.  Preparation/start  Realization  Analysis  Design  Development  Testing  Integration/deployment  Service delivery/completion 11
  13. 13. 12 Preparation/Start Realization Service Delivery/Completion PROJECT PHASE AUDIT/CONTROLAREAS ITGovernance/ Mangement - Strategic Planning - Policies and Procedures - IT Organization, Roles and Responsibilities - Human Resources & Training - Requirement Analysis & Management - Compliance with Legislation - Risk Management - Asset Management - Information Security Management ProjectManagement - Integration Management - Scope Management - Time Management - Cost Management - Quality Management - Human Resource Management - Communications Management - Risk Management - Procurement Management - Stakeholder Management
  14. 14. 13 Preparation/Start Realization Service Delivery/Completion Operation& Maintenance - Service Level Management - Configuration Management - Incident & Problem Management - Change Management - Capacity Management PROJECT PHASE AUDIT/CONTROLAREAS System Development& Acquisition - Policies and Procedures - Analysis - Requirements Definition - Design & Code Development - Acquisition & Configuration - Test - Acceptance & Implementation - Data Transfer - Monitoring Outsourcing - Procurement/Selection of Supplier - Contract - Examination and Acceptance
  15. 15. 14 Preparation/Start Realization Service Delivery/Completion AUDIT/CONTROLAREAS Information Security - Analysis, Design and Realization of System Security Requirements - Analysis, Design and Realization of Application Access Rights and Controls - Analysis, Design and Realization of Database Access Rights and Controls - Physical and Environmental Security - Network Management and Security - Operation Systems Management and Security - Database Management and Security - Web & Mobile Application Security Application Controls - Input - Data Transfer - Process - Output PROJECT PHASE BusinessContinuity& DisasterRecovery Planning - Business Continuity Policy - Business Continuity Organization - Risk Assessment - Business Impact Analysis - Business Continuity & Disaster Recovery Planning - Testing - Back-up - Security - Outsourcing
  16. 16. Thank you for your attention… IT Audit Group Turkish Court of Accounts - TCA

×