Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Technology Audits: Western Cape Widaad Solomons (Senior Manager – Information Systems Audit) 06 Sep 2013.

Published byDonald Greene Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Technology Audits: Western Cape Widaad Solomons (Senior Manager – Information Systems Audit) 06 Sep 2013."— Presentation transcript:

1 Information Technology Audits: Western Cape Widaad Solomons (Senior Manager – Information Systems Audit) 06 Sep 2013

2 Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.

3 Audit Objective Assess IT Controls International Standards on Auditing (ISA 315 & ISA330) Support RA Regulations (PFMA, MFMA, Public Service Regulations)

4 Types of IT Audits IT Audits General Controls Review Application Controls Review Data Analytics Network Security ERP Reviews Project Assurance (SDLC) IT Audit of Predetermined Objectives (AOPO)

5 2011-12: Municipalities Audited 2011-12 1.Beaufort West 2.Bergriver * 3.Bitou 4.Breede Valley 5.Cape Agulhas * 6.Cape Winelands District 7.Cederberg * 8.Central Karoo District 9.City of Cape Town 10.Drakenstein 11.Eden District 12.George 13.Hessequa 14.Kannaland * 15.Knysna * Not included in 2011-12 GR 16.Laingsburg 17.Langeberg 18.Matzikama 19.Mossel Bay 20.Oudtshoorn * 21.Overberg District * 22.Overstrand 23.Prince Albert 24.Saldanha Bay 25.Stellenbosch 26.Swartland 27.Swellendam * 28.Theewaterskloof 29.West Coast District 30.Witzenberg *

6 2011-12: General Controls Review Focus Areas IT GovernanceSecurity Management User Access ControlIT Service Continuity TEST OF CONTROLS: Design Implementation Operating Effectiveness

7 2011-12: IT Governance (SLAs, monitoring, IT Gov Framework, IT Risk Mgmt) AuditeeProvinceDesignImplementation Operating Effectiveness No Findings Beaufort West MunicipalityWestern Cape 1 Bitou MunicipalityWestern Cape 3 Breede Valley MunicipalityWestern Cape 3 Cape Winelands District MunicipalityWestern Cape 3 Central Karoo District MunicipalityWestern Cape 3 City of Cape TownWestern Cape 3 Drakenstein MunicipalityWestern Cape 3 Eden District MunicipalityWestern Cape 3 George MunicipalityWestern Cape 3 Hessequa MunicipalityWestern Cape 3 Knysna MunicipalityWestern Cape 3 Laingsburg MunicipalityWestern Cape 3 LangebergWestern Cape 3 Matzikama Local MunicipalityWestern Cape 3 Mossel Bay MunicipalityWestern Cape 3 Overstrand MunicipalityWestern Cape 3 Prince Albert MunicipalityWestern Cape 3 Saldanha Bay MunicipalityWestern Cape 3 Stellenbosch MunicipalityWestern Cape 3 Swartland MunicipalityWestern Cape 3 Theewaterskloof MunicipalityWestern Cape 3 West Coast District MunicipalityWestern Cape 3

8 2011-12: Security Management (IT security policy, password settings) AuditeeProvince DesignImplementation Operating Effectiveness No Findings Beaufort West MunicipalityWestern Cape 3 Bitou MunicipalityWestern Cape 3 Breede Valley MunicipalityWestern Cape 3 Cape Winelands District Municipality Western Cape 3 Central Karoo District MunicipalityWestern Cape 3 City of Cape TownWestern Cape 3 Drakenstein MunicipalityWestern Cape 3 Eden District MunicipalityWestern Cape 1 George MunicipalityWestern Cape 3 Hessequa MunicipalityWestern Cape 3 Knysna MunicipalityWestern Cape 1 Laingsburg MunicipalityWestern Cape 3 LangebergWestern Cape 3 Matzikama Local MunicipalityWestern Cape 3 Mossel Bay MunicipalityWestern Cape 3 Overstrand MunicipalityWestern Cape 1 Prince Albert MunicipalityWestern Cape 3 Saldanha Bay MunicipalityWestern Cape 3 Stellenbosch MunicipalityWestern Cape 3 Swartland MunicipalityWestern Cape 3 Theewaterskloof MunicipalityWestern Cape 3 West Coast District MunicipalityWestern Cape 3

9 2011-12: User Access Control (Policy, access requests, monitoring) AuditeeProvinceDesignImplementation Operating Effectiveness No Findings Beaufort West MunicipalityWestern Cape 3 Bitou MunicipalityWestern Cape 3 Breede Valley MunicipalityWestern Cape 3 Cape Winelands District Municipality Western Cape 3 Central Karoo District MunicipalityWestern Cape 3 City of Cape TownWestern Cape 2 Drakenstein MunicipalityWestern Cape 3 Eden District MunicipalityWestern Cape 3 George MunicipalityWestern Cape 3 Hessequa MunicipalityWestern Cape 3 Knysna MunicipalityWestern Cape 3 Laingsburg MunicipalityWestern Cape 3 LangebergWestern Cape 3 Matzikama Local MunicipalityWestern Cape 3 Mossel Bay MunicipalityWestern Cape 3 Overstrand MunicipalityWestern Cape 3 Prince Albert MunicipalityWestern Cape 3 Saldanha Bay MunicipalityWestern Cape 3 Stellenbosch MunicipalityWestern Cape 3 Swartland MunicipalityWestern Cape 3 Theewaterskloof MunicipalityWestern Cape 3 West Coast District MunicipalityWestern Cape 3

10 2011-12: IT Service Continuity (DRP, policy, backups, testing) AuditeeProvince DesignImplementation Operating Effectiveness No Findings Beaufort West MunicipalityWestern Cape 3 Bitou MunicipalityWestern Cape 3 Breede Valley MunicipalityWestern Cape 3 Cape Winelands District MunicipalityWestern Cape 3 Central Karoo District MunicipalityWestern Cape 3 City of Cape TownWestern Cape 2 Drakenstein MunicipalityWestern Cape 3 Eden District MunicipalityWestern Cape 3 George MunicipalityWestern Cape 3 Hessequa MunicipalityWestern Cape 3 Knysna MunicipalityWestern Cape 3 Laingsburg MunicipalityWestern Cape 3 LangebergWestern Cape 3 Matzikama Local MunicipalityWestern Cape 3 Mossel Bay MunicipalityWestern Cape 1 Overstrand MunicipalityWestern Cape 3 Prince Albert MunicipalityWestern Cape 3 Saldanha Bay MunicipalityWestern Cape 3 Stellenbosch MunicipalityWestern Cape 3 Swartland MunicipalityWestern Cape 3 Theewaterskloof MunicipalityWestern Cape 3 West Coast District MunicipalityWestern Cape 3

11 Root Causes People Existing IT personnel not sufficiently skilled and vacancies not filled. Overreliance on IT vendors / 3 rd party service providers – no skills transfer. Municipalities receive minimal support from key role players regarding IT matters e.g. OTP, SALGA, Department of Local Gov Department of Local Government currently not focused on fulfilling mandate regarding support to local government Accountability Lack of ownership of commitments as progress in addressing previous year‘s IT findings has been minimal. No consequences in place for not honouring commitments to resolve IT findings. Sustainability IT is not viewed as a strategic priority, rather as an operational activity Inadequate discipline in terms of tracking the progress made in addressing IT audit findings by oversight committees, management and Internal Audit

12 Key Role Players Dept Local Govt Liaise with National COGTA to provide legal framework for local government by launching the Municipal Structures Act and the Municipal Systems Act However the above is not fully effective and functional for IT at local government PGITO/OTP Provide coherent strategic leadership and coordination in provincial policy formulation and review, planning and overseeing service delivery planning Ensure Integrated Development Plans (IDPs) are also harmonised with provincial growth and development strategies and reflect national priorities However the above is not fully effective and functional for IT at local government District Municipalities Municipal executive and legislative authority over a large area Primary responsibility being district-wide planning and capacity- building. Within a district council individual local councils share their municipal authority with the district council under which they fall However the above is not fully effective and functional for IT at local government

13 Quick Wins IT Governance - All municipalities to ensure proper SLA’s are entered into with IT service providers including district municipalities as well as the monitoring thereof. Alignment / adoption of IT Governance framework that was approved by DPSA Security Management - IT security policy to be developed and implemented by all municipalities and Information Security Officer can be shared by all municipalities within a district User access management - User access policies and procedures to be developed at all municipalities and period review of user access. IT service continuity planning - Backup and retention procedures to be developed and implemented to ensure critical data backup occurs, data is taken off-site and it’s recoverability is tested

14 2012-13 Audit Scope 2012-13 1.Beaufort West 2.Bergriver 3.Bitou 4.Breede Valley 5.Cape Agulhas 6.Cape Winelands District 7.Cederberg 8.Central Karoo District 9.City of Cape Town 10.Drakenstein 11.Eden District 12.George 13.Hessequa 14.Kannaland 15.Knysna 16.Laingsburg 17.Langeberg 18.Matzikama 19.Mossel Bay 20.Oudtshoorn 21.Overberg District 22.Overstrand 23.Prince Albert 24.Saldanha Bay 25.Stellenbosch 26.Swartland 27.Swellendam 28.Theewaterskloof 29.West Coast District 30.Witzenberg Full coverage (30 Municipalities): ISA Audit RA Checklist Full coverage (30 Municipalities): ISA Audit RA Checklist

15 2012-13 Audit Scope All Municipalities GCR IT Governance Security Management User Access Management IT Service Continuity Data Analytics Key Municipalities GCR IT Governance Security Management User Access Control IT Service Continuity Data Analytics Audit of Predetermined Objectives (AOPO) Network Security ERP Security (if applicable)

16 2012-13 Audit Approach 1 Follow up on 2011-12 findings 1 Follow up on 2011-12 findings 2 If progress, perform full audit 2 If progress, perform full audit 3 If no progress, NO EXECUTION 3 If no progress, NO EXECUTION 4 Reporting 4 Reporting

17

Download ppt "Information Technology Audits: Western Cape Widaad Solomons (Senior Manager – Information Systems Audit) 06 Sep 2013."

Similar presentations

Our System of Governance in the 2 nd Decade of Democracy Our System of Governance in the 2 nd Decade of Democracy Cabinet meets Labour Wednesday, 17 November.

Our System of Governance in the 2 nd Decade of Democracy Our System of Governance in the 2 nd Decade of Democracy Cabinet meets Labour Wednesday, 17 November.
Vacancies and the impact on service delivery Social development sector February 2012.

Vacancies and the impact on service delivery Social development sector February 2012.
Page 1 Presentation to the Portfolio Committee on Tourism 21 July 2010 An overview of the External Audit Process and Types of Audits.

Page 1 Presentation to the Portfolio Committee on Tourism 21 July 2010 An overview of the External Audit Process and Types of Audits.
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.

Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.
Audit outcomes of local government IMFO 5 March 2015 MFMA 2012-13.

Audit outcomes of local government IMFO 5 March 2015 MFMA
1 A PRESENTATION It is the mission of the Athletics Club to promote athletics in the municipal district through mass participation and in doing so to investigate.

1 A PRESENTATION It is the mission of the Athletics Club to promote athletics in the municipal district through mass participation and in doing so to investigate.
Department of Agriculture, Forestry and Fisheries (DAFF) Briefing to the Portfolio Committee on the 2012/13 audit outcomes 8 October 2013.

Department of Agriculture, Forestry and Fisheries (DAFF) Briefing to the Portfolio Committee on the 2012/13 audit outcomes 8 October 2013.
UPDATE on 2014 LG MTEC 3 UPDATE on 2014 LG MTEC 3 Anthony Phillips Chief Director: Public Policy Services.

UPDATE on 2014 LG MTEC 3 UPDATE on 2014 LG MTEC 3 Anthony Phillips Chief Director: Public Policy Services.
Page 1 Presentation to the Portfolio Committee on Tourism Fundamentals of effective Internal Control 21 July 2010.

Page 1 Presentation to the Portfolio Committee on Tourism Fundamentals of effective Internal Control 21 July 2010.
City of Tshwane GDS 2055 3 August 2012. 2 Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.

City of Tshwane GDS August Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.
State of Fire Brigade Services in the Western Cape Report to Premier’s Co-ordinating Forum 18-19 November 2009.

State of Fire Brigade Services in the Western Cape Report to Premier’s Co-ordinating Forum November 2009.
Audit of predetermined objectives Presentation: Portfolio Committee on Economic Development March 2013.

Audit of predetermined objectives Presentation: Portfolio Committee on Economic Development March 2013.
DEPARTMENT OF DEFENCE Briefing on Audit Outcomes Year ended 31 March 2010 AGSA AUDIT TEAM.

DEPARTMENT OF DEFENCE Briefing on Audit Outcomes Year ended 31 March 2010 AGSA AUDIT TEAM.
AGSA POSITION PAPER ON mSCOA. Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution.

AGSA POSITION PAPER ON mSCOA. Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution.
Portfolio Committee on Appropriations Audit of predetermined objectives 26 March 2013.

Portfolio Committee on Appropriations Audit of predetermined objectives 26 March 2013.
PORTFOLIO COMMITTEE ON COOPERATIVE GOVERNANCE AND TRADITIONAL AFFAIRS MUNICIPAL OVERVIEW 6 SEPTEMBER 2012.

PORTFOLIO COMMITTEE ON COOPERATIVE GOVERNANCE AND TRADITIONAL AFFAIRS MUNICIPAL OVERVIEW 6 SEPTEMBER 2012.
Assessment of Annual Performance Plan 2014/15 Department of Rural Development and Land Reform 2 July 2014.

Assessment of Annual Performance Plan 2014/15 Department of Rural Development and Land Reform 2 July 2014.
Department of Home Affairs Vacancy Rates. 2 Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.

Department of Home Affairs Vacancy Rates. 2 Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.
Briefing to the Portfolio Committee on the Department of Home Affairs (DHA) APP 2015/16 Presenter : Naveen Mooloo – Senior Manager AGSA 11 March 2015.

Briefing to the Portfolio Committee on the Department of Home Affairs (DHA) APP 2015/16 Presenter : Naveen Mooloo – Senior Manager AGSA 11 March 2015.
Page 1 Fundamental elements of internal control. 2 Reputation promise/mission The Auditor-General has a constitutional mandate and, as the Supreme Audit.

Page 1 Fundamental elements of internal control. 2 Reputation promise/mission The Auditor-General has a constitutional mandate and, as the Supreme Audit.

Similar presentations

Ads by Google