The Swedish National audit Office Theme – SAI and Government Oversight Promotion of IT IT support in the Judicial Chain Presentation at the 7th Performance Auditing of the use of IT Seminar in Vilnius, Lithuania in April, 2013 November 24, 2018
Summary Sweden has a decentralised management of administration and administrative development. The Judicial Chain consists of An integral part of a well-functioning and efficient criminal process is smooth exchange of both intra-agency and interagency information in the judicial chain. The Government has had an explicit objective over the past 15 years of ensuring fully computerised, structured interagency information exchange in the judicial chain. However, the project has suffered from inertia and few concrete results have been achieved. The Swedish National Audit Office (NAO) has examined how well agencies in the Judicial chain have handled known flaws in their IT support and whether the Government’s control mechanisms have provided the agencies with sufficient prerequisites to expand and improve IT support. November 24, 2018
Summary cont. Conclusion: There is a need for stronger IT governance from both Top Manager and the Cabinet to ensure that the right IT services and information exchange in the Judicial Chain will be conceived and implemented Conclusion: SAIs has an important role in promoting IT efficiency concerning very big public administration IT systems through auditing IT Governance on several interconnected levels. The SAIs can give necessary knowledge of both oversight and insight in interconnected problem sources on and between levels of IT governance resulting in improper IT performance on institutional level. Conclusion: There is a need for co-operation and knowledge sharing between SAIs in auditing very big public administration IT systems with several agencies involved. November 24, 2018
1 Background The purpose of the audit is to examine the measures that the Government and agencies have collectively taken to ensure that IT support contributes to efficient case flow in the judicial chain. The audit covers the National Police Board, Swedish Prosecution Authority, National Courts Administration and Prison and Probation Service. The Government argues that proper functioning of the judicial system and interagency cooperation requires efficient information exchange. The Government’s objective is fully computerised intra-agency and interagency case management in the judicial chain. Overall question: Have the Government and agencies created the prerequisites for developing efficient IT support in the judicial chain? November 24, 2018
2 Methods used Document gathering and analysis: IT governance documents on all levels from The Parliament and Cabinet to IT audit projects within the agencies. Questionnaires: 1) The agencies costs and prognosis for the IT development projects. 2) Questionnaire nr 2: Description of the agencies most important IT-projects (cost, time, etc.), 3) Internal Management and Control of the IT business Interviews within the agencies: Top Manager, Business Managers, IT Managers, CIO, IT projects managers, members of the Judicial Chain (RIF) Council, members of different Departments Special IT audit projects: the most important IT development project for the computerized information exchange in the judicial chain November 24, 2018
3 Audit findings Overall audit findings : The Government and agencies have not yet collectively created adequate conditions for developing efficient IT support in the judicial chain. The level of legislation and regulation: The register statutes of the agencies do not provide a sufficient basis for developing IT support in the judicial chain. The level of Cabinet: the Government does not have a long-term plan for the RIF effort after the first stage. The level of co-operation between the Cabinet and the agencies Top Managers: the RIF’s effort has achieved few concrete results so far and that planning for future stages remains unclear The level of collaboration between the agencies in Judicial chain: The agencies have not cooperated sufficiently in analyzing their IT support needs and associated risks. : November 24, 2018
The level of agency Top Manager: Total costs for the IT operations of the agencies are substantial and have been rising year by year. It is difficult to form an opinion about how realistic the IT budgets and long-term forecasts of the agencies actually are. The risk of flaws in internal management and control of IT operations is underestimated. Skills acquisition is a critical factor. The level of institution (business): Risk that essential conversion projects will be delayed. Inadequate planning and procedures for IT projects. November 24, 2018
4 Recommendations: To ensure the development of up-to-date, efficient IT support in the judicial chain, the Government should: draw up a long-term plan for the ongoing RIF effort once the first stage has been completed secure well-functioning information exchange in the main flow of the judicial chain before more agencies become active participants in the RIF effort explore the need to amend current register statutes (legislations) for future stages of the RIF effort The Government should regularly, and on a long-term basis, monitor the efforts and planning of the agencies to phase out and redesign old systems and IT support. November 24, 2018
Recommendations to the audited agencies The Government should demand greater interagency cooperation in the attempt to develop needs and risk analyses, as well as to acquire personnel with requisite skills Recommendations to the audited agencies Based on needs and identified flaws, the agencies should clarify and improve management and control of their IT operations by developing, and obtaining internal backing for, their needs analysis for IT support ensuring that there is a clear correlation between their IT strategy and the development of their core activities November 24, 2018
5 The role of SAIs SAIs has important roles in promoting IT efficiency concerning very big public administration IT systems through auditing IT Governance on five interconnected levels – national legislation, the Cabinet, the co-operation between the Cabinet and agency Top Manager, Top Manager, and on institutional level. All these levels need to work well together in order to give the best conditions for IT business involving computerized information exchange between agencies. The audit shows that there are high risks for flaws on each level and between levels. These flaws need to be identified or else there is a risk for a too limited problem handling. The SAIs can give Government (Parliament, the Cabinet, Court etc.) necessary knowledge of flaws etc. November 24, 2018
Many thanks you for your attention!! 6 General need for co-operation between SAI in auditing very big public administration IT systems A third conclusion is that, in our opinion, there is a need for co-operation and knowledge sharing between SAIs in auditing very big public administration IT systems with several agencies involved in order to better “assist” Government in managing IT better at the agencies. To create a base for such knowledge development and sharing – audit perspectives, questions, methods, recommendations etc. - could be a task for INTOSAI Working Group on IT Audit. Many thanks you for your attention!! November 24, 2018