Presentation is loading. Please wait.

Presentation is loading. Please wait.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes."— Presentation transcript:

1 Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes Wayne Jones Executive Director IT Audit Australian National Audit Office Kristen Foster Senior Director IT Audit Australian National Audit Office

2 Objective of Presentation Discuss the approach that the ANAO has taken to strategically expand and enhance its IT Audit coverage in delivering Audit outcomes in response to the changing IT environment

3 Session Overview Part 1: Introduction Part 2: Enhancing IT Audit capability –Background –Implementation approach

4 Part 1: Introduction The role and function of the ANAO Structure of the IT Audit program Structure of the IT Audit team

5 Part 2: Enhancing IT Audit Capability Background Overview of the Implementation program –Outcomes and capability –Key initiatives –Expected benefits –Overview of key program deliverables Where are we at now?

6 Project Background May 2009: ANAO received additional funding for enhancing IT Audit capability in support of Audit outcomes Implementation for enhanced IT Audit capability is for 5 years

7 Implementation Program Enhanced IT Audit Support Outcome A: Optimise use of IT Audit specialist and support tools Capability 1 : Skills development Capability 2: Infrastructure and Tools Capability 3: Methodology Outcome B: Increased IT Audit involvement with Performance Audit products Capability 4: IT Audit integration with Performance Audit Product Delivery

8 Overview of Initiatives Capability 1 : Skills development Technical training – Performance Audit Support Technical training IT Audit staff Capability 2: Infrastructure and Tools Software and IT asset support Management of contracted IT specialists Capability 3: Methodology Integration of IT Audit methodology and Performance Audit methodology. Review IT Audit Methodology and update with Performance Audit product requirements Capability 4: IT Audit integration with Performance Audit Product Delivery IT Audit Resource and program planning Develop and refine IT Audit products and services Advice/ consultation for 2010-2011 Performance Audit Program Ongoing and increased performance Audit assistance Project management of IT technical audits

9 Expected Benefits More qualitative findings Better work papers and increased understanding of auditee business Investment in specialist analytical tools Inclusion of IT concepts and risks in overall Performance Audit program

10 Challenges Challenge 1: Methodology development Challenge 2: Development of Audit program Challenge 3: IT Audit Support – product development Challenge 4: Data analysis framework

11 Audit Approach– Before Government Compliance and Regulatory Framework (Protective Security Manual, Information Security Manual, Procurement Guidelines, Finance Minister’s Orders, Financial Management Act) Entity Governance and Accountability (Financial Management Policies – CEIs; Security Policies, Information Management Policies, IT Strategic Plan) Management Processes and Controls (IT and Corporate)(Accounting Registers, User Identity Management and Access Processes and Matrices) Network Processes and Configuration Controls Operating System Processes and Configuration Controls Application System Processes and Configuration Controls Data Management - Processes and Controls Nature, timing and extent of audit procedures

12 Audit Approach- After

13 Information Criteria Efficiency Effectiveness C.I.A. Compliance Reliability The Universe of IT Audit Domains IT Governance Continuity & User Support Operations &Network Support Systems Development Practices IT Security Management Information Systems and data

14 Program Development Challenge 2: –How to include IT concepts and Audit approaches to assist with performance auditing. –Impact of emerging technologies to program delivery –What are the benefits to Performance Audit in increasing –How do we measure the benefits and costs of IT?

15 IT Audit Products Recognition of importance of IT Better audit work-papers and findings Complex Data Analysis IT Technical Audits Specialist assistance

16 IT Audit Products TypeRationaleDescription IT specialist assistance Support performance Audit team with specialised IT staff. Diverse support requests Two types: ‘discrete’ assistance; and ‘integrated audits’. IT Audit support for discrete components only. May only require support to design Audit procedures, or to design and implement ‘simple’ audit workprograms. Generally audit procedures are designed to cover information criteria of C.I.A. IT technical audits Emerging industry/technological trends or Whole of government risks – ie. Disaster recovery, management of Human Resource Information Systems. Require significant IT technical expertise to assist with designing and implementing Audit procedures. 3 types: Implementation/upgrade of IT system, cross-agency audits (i.e. disaster recovery), project management of IT Security and Controls Better Practice Guides) Data analysisMethodology needed to support Tools Consistent across the audit service groups Two critical changes to analysis approach to emphasise the use of data as evidence and evaluation of evidence

17 Approach for Data Analysis 1. Understand the auditee’s business Identify sources of data and knowledge Determine data analysis goals Identify the best CAAT tool and approach 2. Data understanding Collect initial data/liaise with client Assist Audit team to identify sources of data and knowledge at the auditee Explore the data and data integrity 3. Data preparation Select/construct/format data (mainly for complex assessments) 4. Modelling and analysis Determine the appropriate analytical approach Generate test data and assess the ‘model’ Generate analytical tests 5. Evaluation What does the data telling us? Did we answer the right questions ? Do we have enough evidence? 6. Reporting Presentation of analysis/discussion of exceptions with Audit team and auditee

18 Status of Project –Methodology implemented –Planning for Audit program for 3 year period underway –Currently providing over 5000 hours support for Performance Audits – demand has doubled! –Year 2 – implementation of complex data analysis capability (tools and methodology)

19 Questions/Discussion

Download ppt "Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes."

Similar presentations

How to commence the IT Modernization Process?

How to commence the IT Modernization Process?
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
1 Professionalising Programme & Project Management Developing programme & project management capacities for UNDP and national counterparts External Briefing.

1 Professionalising Programme & Project Management Developing programme & project management capacities for UNDP and national counterparts External Briefing.
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
Corporate Service Review DEPARTMENT OF BUSINESS AND EMPLOYMENT.

Corporate Service Review DEPARTMENT OF BUSINESS AND EMPLOYMENT.
Role of actuarial function supporting the FLAOR leading to the ORSA Ian Morris June 2014.

Role of actuarial function supporting the FLAOR leading to the ORSA Ian Morris June 2014.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
1 Procurement and Contract Management Program Overview Dave Collisson Deputy CPO Procurement Governance Office Office of the Comptroller General CPPC October.

1 Procurement and Contract Management Program Overview Dave Collisson Deputy CPO Procurement Governance Office Office of the Comptroller General CPPC October.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Program Management Overview (An Introduction)

Program Management Overview (An Introduction)
ISS IT Assessment Framework

ISS IT Assessment Framework
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Aust. AM Collaborative Group (AAMCOG) An introduction to ISO 55000 “What to do” guide 20th October 2014.

Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.

Similar presentations

Ads by Google