Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Slides:

Advertisements

Similar presentations

How to commence the IT Modernization Process?

Advertisements

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Course: e-Governance Project Lifecycle Day 1

1 Professionalising Programme & Project Management Developing programme & project management capacities for UNDP and national counterparts External Briefing.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Corporate Service Review DEPARTMENT OF BUSINESS AND EMPLOYMENT.

Role of actuarial function supporting the FLAOR leading to the ORSA Ian Morris June 2014.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Security Controls – What Works

1 Procurement and Contract Management Program Overview Dave Collisson Deputy CPO Procurement Governance Office Office of the Comptroller General CPPC October.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Program Management Overview (An Introduction)

ISS IT Assessment Framework

Viewpoint Consulting – Committed to your success.

Managing the Information Technology Resource Jerry N. Luftman

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.

Quality evaluation and improvement for Internal Audit

The Information Systems Audit Process

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.

Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.

Lecture 8 Understanding entity and its environment

PROCUREMENT IN WORLD BANK INVESTMENT OPERATIONS: STATUS OF THE REFORM March, 2014 Operations Policy and Country Services.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

AFROSAI-E COOPERATION WITH WGITA African Organisation of English-speaking Supreme Audit Institutions.

Welcome ISO9001:2000 Foundation Workshop.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

Adapting to Consumer Directed Care funding Developing an approach for Unit Based Costing.

Release & Deployment ITIL Version 3

Information Technology Audit

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Module 2.1 Finance and Administration Cabinet Organizational Changes and Agency Impact March

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Corporate Support Richard Brown, Business Director.

Transport Development and Solutions Alliance (TDSA) Technology Evolving Business Functions Scott Lawton – Chief Executive Officer 7 th of August 2015.

Certificate IV in Project Management Introduction to Project Management Course Number Qualification Code BSB41507.

Portfolio Committee Presentation Government printing Works Audit and Compliance 07 May 2013 Presented by: Chief Executive Officer.

Why we should manage projects professionally Better outcomes (benefit & risk) Better decision-making Better management of expectations More efficient.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Using the AASHTO Audit Guide for the Development of A/E Consultant Indirect Cost Rates Introduction Target Audience Course Structure Learning Outcomes.

David Edgerton FCPA Director Quality + Expertise + Flexibility + Innovation = Confidence & Real Value Asset Managers Network Strategic Asset.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

The OCIO/PSCD, in collaboration with the Advisory Board’s Long Range Planning Committee, developed this Strategic Plan to foster the leadership and.

Page 1 APAC ANNUAL TRAINING 2011 “Integration of specialist skills into AGSA regularity audits for greater oversight impact” 2- 3 Aug 2011 Presenter: Ms.

S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.

Proventures reconnect session on Project Portfolio Management (PPM)

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

Strategies for making evaluations more influential in supporting program management and informing decision-making Australasian Evaluation Society 2011.

Assessment Validation. MORE THAN YOU IMAGINE ASQA (Australian Skills Quality Authority) New National Regulator ASQA as of 1 July, 2011.

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

Building Capacity and Culture within a Research & Evaluation Team anzea July 2007 Research & Evaluation Team Research Division.

International Standards of Supreme Audit Institutions (ISSAIs) Jennifer Thomson Director OPSPF & Chief Financial Management Officer World Bank.

Integrated Management System and Certification

Information Technology (IT) Department

9/16/2018 The ACT Government’s commitment to Performance and Accountability – the role of Evaluation Presentation to the Canberra Evaluation Forum Thursday,

By Jeff Burklo, Director

2018/19 ANNUAL PERFORMANCE PLAN FOR MISA

Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Data Governance & Management Skills and Experience

Role of State Audit Bureau of Kuwait in promoting and audit of IT Security

KEY INITIATIVE Internal Control and Technical Accounting

CEng progression through the IOM3

Presentation transcript:

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes Wayne Jones Executive Director IT Audit Australian National Audit Office Kristen Foster Senior Director IT Audit Australian National Audit Office

Objective of Presentation Discuss the approach that the ANAO has taken to strategically expand and enhance its IT Audit coverage in delivering Audit outcomes in response to the changing IT environment

Session Overview Part 1: Introduction Part 2: Enhancing IT Audit capability –Background –Implementation approach

Part 1: Introduction The role and function of the ANAO Structure of the IT Audit program Structure of the IT Audit team

Part 2: Enhancing IT Audit Capability Background Overview of the Implementation program –Outcomes and capability –Key initiatives –Expected benefits –Overview of key program deliverables Where are we at now?

Project Background May 2009: ANAO received additional funding for enhancing IT Audit capability in support of Audit outcomes Implementation for enhanced IT Audit capability is for 5 years

Implementation Program Enhanced IT Audit Support Outcome A: Optimise use of IT Audit specialist and support tools Capability 1 : Skills development Capability 2: Infrastructure and Tools Capability 3: Methodology Outcome B: Increased IT Audit involvement with Performance Audit products Capability 4: IT Audit integration with Performance Audit Product Delivery

Overview of Initiatives Capability 1 : Skills development Technical training – Performance Audit Support Technical training IT Audit staff Capability 2: Infrastructure and Tools Software and IT asset support Management of contracted IT specialists Capability 3: Methodology Integration of IT Audit methodology and Performance Audit methodology. Review IT Audit Methodology and update with Performance Audit product requirements Capability 4: IT Audit integration with Performance Audit Product Delivery IT Audit Resource and program planning Develop and refine IT Audit products and services Advice/ consultation for Performance Audit Program Ongoing and increased performance Audit assistance Project management of IT technical audits

Expected Benefits More qualitative findings Better work papers and increased understanding of auditee business Investment in specialist analytical tools Inclusion of IT concepts and risks in overall Performance Audit program

Challenges Challenge 1: Methodology development Challenge 2: Development of Audit program Challenge 3: IT Audit Support – product development Challenge 4: Data analysis framework

Audit Approach– Before Government Compliance and Regulatory Framework (Protective Security Manual, Information Security Manual, Procurement Guidelines, Finance Minister’s Orders, Financial Management Act) Entity Governance and Accountability (Financial Management Policies – CEIs; Security Policies, Information Management Policies, IT Strategic Plan) Management Processes and Controls (IT and Corporate)(Accounting Registers, User Identity Management and Access Processes and Matrices) Network Processes and Configuration Controls Operating System Processes and Configuration Controls Application System Processes and Configuration Controls Data Management - Processes and Controls Nature, timing and extent of audit procedures

Audit Approach- After

Information Criteria Efficiency Effectiveness C.I.A. Compliance Reliability The Universe of IT Audit Domains IT Governance Continuity & User Support Operations &Network Support Systems Development Practices IT Security Management Information Systems and data

Program Development Challenge 2: –How to include IT concepts and Audit approaches to assist with performance auditing. –Impact of emerging technologies to program delivery –What are the benefits to Performance Audit in increasing –How do we measure the benefits and costs of IT?

IT Audit Products Recognition of importance of IT Better audit work-papers and findings Complex Data Analysis IT Technical Audits Specialist assistance

IT Audit Products TypeRationaleDescription IT specialist assistance Support performance Audit team with specialised IT staff. Diverse support requests Two types: ‘discrete’ assistance; and ‘integrated audits’. IT Audit support for discrete components only. May only require support to design Audit procedures, or to design and implement ‘simple’ audit workprograms. Generally audit procedures are designed to cover information criteria of C.I.A. IT technical audits Emerging industry/technological trends or Whole of government risks – ie. Disaster recovery, management of Human Resource Information Systems. Require significant IT technical expertise to assist with designing and implementing Audit procedures. 3 types: Implementation/upgrade of IT system, cross-agency audits (i.e. disaster recovery), project management of IT Security and Controls Better Practice Guides) Data analysisMethodology needed to support Tools Consistent across the audit service groups Two critical changes to analysis approach to emphasise the use of data as evidence and evaluation of evidence

Approach for Data Analysis 1. Understand the auditee’s business Identify sources of data and knowledge Determine data analysis goals Identify the best CAAT tool and approach 2. Data understanding Collect initial data/liaise with client Assist Audit team to identify sources of data and knowledge at the auditee Explore the data and data integrity 3. Data preparation Select/construct/format data (mainly for complex assessments) 4. Modelling and analysis Determine the appropriate analytical approach Generate test data and assess the ‘model’ Generate analytical tests 5. Evaluation What does the data telling us? Did we answer the right questions ? Do we have enough evidence? 6. Reporting Presentation of analysis/discussion of exceptions with Audit team and auditee

Status of Project –Methodology implemented –Planning for Audit program for 3 year period underway –Currently providing over 5000 hours support for Performance Audits – demand has doubled! –Year 2 – implementation of complex data analysis capability (tools and methodology)

Questions/Discussion