EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 1 Training in Portugal (2)

Slides:



Advertisements
Similar presentations
Key responsibilities of the Board Global Corporate Governance Forum Corporate Governance Leadership Program July 9-15, 2006 Chris Pierce Global Corporate.
Advertisements

Develop an Information Strategy Plan
Alignment of COBIT to Botswana IT Audit Methodology
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Ch Financial Control PIFC in Iceland
It’s Time to Talk About Risk and Control
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
COBIT - II.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 SYS366 Week 1 - Lecture 2 How Businesses Work. 2 Today How Businesses Work What is a System Types of Systems The Role of the Systems Analyst The Programmer/Analyst.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Change is a Process Organizational Stages Individual Stages (ADKAR) Business Need Concept and Design Implementation Post-Implementation Awareness Desire.
Human Resource Management: Gaining a Competitive Advantage
Management Control Systems
IN THE NEW PARADIGMS OF BUSINESS MANAGEMENT. ENTERPRISE RESOURCE PLANNING What is ERP? Business Challenges Today Why purchase an ERP solution ? Intway.
ECM Base Compliance Input Messaging & Alert Compliance dashboard Compliance Monitoring Internal & External Audit Tracking Access Control Compliance & Financial.
Community Capacity Building Program Strategic Planning
project management office(PMO)
Developing Business/IT Strategies Chapter 11 McGraw-Hill/IrwinCopyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.
1 Portfolio Committee on Home Affairs Compliance monitoring in the Department of Home Affairs 30 April 2013.
1 Portfolio Committee on Home Affairs Presentation on Internal Audit 19 April 2013 Building a New Home Affairs.
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
What is Chapter Affairs? Global View and Support –Leadership Forum –Chapter Executive Workshop –Chapter Awards Program Liaison between Chapters and ACC.
Developing an IS/IT Strategy
Chapter 13 Information Systems Organizations and Personnel Considerations.
Strategically Managing the HRM Function
Operations Management in Healthcare Organizations.
16-1 Introduction Human resource management practices can help companies gain a competitive advantage. Virtually every HR function in top companies is.
Roles and Responsibilities
Role of the Board of Directors
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Impacts of the self- assessment on the SAIs Dainius Jakimavičius Director Information Technology Department.
Q2010, Helsinki 1 Quality Assurance Framework in the HCSO Katalin Szép, Erika Földesi, Szilvia Katona, Kornélia Mag, Judit Vigh Q2010 Helsinki.
普 华 永 道 Phase 1: Project Preparation Phase 1: Project Preparation Phase Overview Phase Overview.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Strategically Managing the HRM Function McGraw-Hill/Irwin ©2012 The McGraw-Hill Companies, All Rights Reserved.
Microsoft Office Project 2003: Selling EPM in your Organization Matt Wilson Business Solutions Specialist LMR Solutions.
1 Corporate-level Evaluation on Gender Equality and Women’s Empowerment IFAD’s Office of Evaluation Informal Seminar Executive Board – 101st Session 13.
Leadership and Management – Part 1 Business Organization and Management 120.
Building the Board Your Organization Needs Presented by Indiana Youth Institute Community Foundation of Howard County 3/8/2007.
The ISSAI implementation in 2011 – ISSAIs for financial audit. The Swedish National Audit Office. Meeting of Experts of SAIs of the Baltic and Nordic countries.
Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods March 2006 Vilnius (Lithuania) Hungarian Experiences.
BTS330: Business Requirements Analysis using OO Lecture 6: Systems.
ORGANIZING IT SERVICES AND PERSONNEL (PART 1) Lecture 7.
EUROSAI IT Working Group - Michel Huissoud 1 Training in Portugal (1)
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
EXTERNAL AUDIT OF MUNICIPALITIES IN DIFFERENT EUROSAI COUNTRIES Edita Remizovienė, Adviser Audit Department 3 7 October 2015.
October 20 – November 6, 2014 Alovidin Bakhovidinov Alina Batkayeva
Practical IT Research that Drives Measurable Results Establish an Effective IT Steering Committee.
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies,
CHB Conference 2007 Planning for and Promoting Healthy Communities Roles and Responsibilities of Community Health Boards Presented by Carla Anglehart Director,
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Shared Services and Third Party Assurance: Panel May 19, 2016.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Key to an Effective Red Book Shop JUAN R PEREZ, CHIEF OF AUDITS COUNTY OF SAN DIEGO MARCH 9, 2016.
© 2015 IHS. ALL RIGHTS RESERVED. Genstar Capital Acquires IHS Operational Excellence & Risk Management Business Ensuring the Success of Global EMIS Projects.
Development and Application of Innovative services in the Directorate of Transport and Communications Region of Crete, Greece Dr. Nikolaos Raptakis 15.
Overview of IT Auditing
Career and Financial Management
CMGT 445 Competitive Success/snaptutorial.com
CMGT 445 MASTER Lessons in Excellence--cmgt445master.com.
ACC 544 Education for Service-- snaptutorial.com
CMGT 445 Education for Service/snaptutorial.com
ACC 544 Teaching Effectively-- snaptutorial.com
CMGT 445 Teaching Effectively-- snaptutorial.com.
Alignment of COBIT to Botswana IT Audit Methodology
Presentation transcript:

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 1 Training in Portugal (2)

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 2 2 weeks beforeWorkshop Documentation to study will be provided on CobiT, self- assessment, etc..) The instructor will provide more information, the structure of your business will be discussed and then forms will be filled in The instructor will consolidate the results and a discussion of the results will follow An action plan for the future will be prepared together and the exercise will then be evaluated The results of the workshop are then presented to the top managemen t of the SAI Post ws We will focus on the following points: Get the right persons! Identify the processes! Ask the right questions! Get a good action plan! Use the EXCEL sheet correctly!

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 3 Checklist before you start… What is the business of the SAI ? (read the last annual report) Organigram and list of the staff General budget and IT budget Report of the last peer review (if available) IT strategic plan (if available) Application portfolio and IT configuration plan List of the contracts with IT providers

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 4 Get the right person! …………Who do you need? o The CIO? o The person responsible for international affairs? o The person responsible for help desk? o The manager of the external IT providers? o The cook of the SAI? o The head of the IT audit? o The President of the SAI? oThe CFO? oThe head of Human Resources? oThe person responsible for document management? oThe training manager? oA trainee? oA new auditor? oAn old auditor? oAn English interpreter? o…?

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 5 Identify the processes by asking about the products  What is published?  What kind of documents are signed every day?  What is presented to Parliament?  Annual report  Annual program  Reports  Decisions  Judgments  Contracts  Articles ……  What is paid?  Salaries  Purchases  Fees

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 6 First exercise Use the EXCEL sheet correctly! Open the file Write a new business process B12 “drink a coffee” in the BVC Form 1 Write for the participant 8 the note 5 for every maturity level in the consolidation Cobit Form 2 Have a look at the graphics Copy one graphic into a PowerPoint presentation Alright?

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 7 Second exercise (role-play in Portuland) Portuland:650 users in 4 divisions IT departement: 32 people  The users of the SAI Portuland: John (senior auditor), Maria (chef librarian), Markus (audit director), Katrin (auditor junior)  The IT people of the SAI Portuland: Peter (CIO), Daniel (developer), Kevin (Help desk)  And two moderators of Deutschugal!

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 8 Ask the right questions and be cool…  The 7 participants of the role-play get their own profile, the results of the questionnaires and the description of the IT situation in Portuland. They “just” have to play their role.  The two moderators get only the results of the questionnaire. They try to find a consensus about the results or to understand why the consensus is impossible. They identify the most important problems for the next step (action plan).  The other participants get all the information and give feedback to the moderators at the end of the exercise.  10 minutes preparation (look at your profile, at the results of the questionnaires, see consolidations 1 and 2, etc.)  2 X 10 minutes (moderator I and II) discussion “live”

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 9 The psychological profile of each person the 3 IT people: Peter: long-term CIO, professional, technocratic, proud of the IT of the SAI, talks a lot Daniel: developer, a new one, experience of private company, critical Kevin: help desk, loves the users, emotional, no strategic vision the 4 users: John: Senior auditor, very good in IT, develops local applications alone, Maria: chief librarian, wants more IT, would prefer a female CIO Markus: long-term director, always problems with the IT, critical, doesn’t want to be in this workshop, aggressive Katrin: new auditor, good motivation and ideas but no power

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 10 Build your workshop on the strengths the 3 IT people: Peter: long-term CIO, professional, technocratic, proud of the IT of the SAI, talks a lot Daniel: developer, a new one, experience of private company, critical Kevin: help desk, loves the users, emotional, no strategic vision the 4 users: John: Senior auditor, very good in IT, develops local applications alone, Maria: chief librarian, wants more IT, would prefer a female CIO Markus: long-term director, always problems with the IT, critical, doesn’t want to be in this workshop, aggressive Katrin: new auditor, good motivation and ideas but no power

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 11 Not on the weaknesses you are not doing an audit!… the 3 IT people: Peter: long-term CIO, professional, technocratic, proud of the IT of the SAI, talks a lot Daniel: developer, a new one, experience of private company, critical Kevin: help desk, loves the users, emotional, no strategic vision the 4 users: John: Senior auditor, very good in IT, develops local applications alone, Maria: chief librarian, wants more IT, would prefer a female CIO Markus: long-term director, always problems with the IT, critical, doesn’t want to be in this workshop, aggressive Katrin: new auditor, good motivation and ideas but no power

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 12 The true situation in the SAI of Portuland B1 Audit Risk Management: old but good application, not integrated with B2 or B3 B2 Organize the missions: not the same process in the 4 divisions, very good IT solution in the division of John B3 Analyze the data: different in the 4 divisions, from “nothing” to very good warning systems and expert systems B4 Test the IT by the IT-Audit: very good but confidential, nobody knows exactly what the IT auditors are doing; not an integrated approach B5 Report the results to the auditee: Microsoft Office World with good templates and standardized reports; not integrated with B2, B6 and B9 B6 Track the implementation of the recommendations: new and centralized IT solution (with automatic reminder function) B7 Manage the knowledge: an old project which will perhaps next year be completed B8 Manage finances and human resources: an ERP (Enterprise Resources Planning) solution, good but Markus has some confidential information about some big mistakes in the interface with the pension fund B9 Administer and archive the dossiers: there is a concept for record management but all the incoming documents are only available on paper B10 Publish the results of the audits: good website B11 Communicate: Microsoft Office Outlook with very good connections, Intranet portal for all users of the SAI

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 13 The true situation in the SAI of Portuland Define a Strategic IT Plan PO1: there is no IT strategy, no strategic committee Manage the IT investment PO5: there is enough money, each division gets a part of the global budget Assess risks PO9: no risk analysis Manage projects PO10: some good and some bad projects, it depends on the project manager Identify automated solutions AI1: the IT department has no authority, is reactive and gives the users what they want Install and accredit systems AI5: professional execution, the IT department works well and is reliable Ensure continuous service DS4: very good concept; emergency power supply Ensure system security DS5: no problems, just some viruses but not very damaging Identify and allocate costs DS6: there is a good project to identify the costs of the communications Educate and train users DS7: some users are very good at IT and frequently follow IT training courses Assist and advise customers DS8: the help desk is very very good and the users are very happy with Kevin’s team Manage problems and incidents DS10: good description of the process and good reaction time of the IT department Assess internal control adequacy M2: nothing is done, no internal controls, no peer review

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 14 The most important problems of the SAI of Portuland  No strategies  No standardization  Integrity and accuracy of financial data  No transparency about costs and benefits of the IT  Bad knowledge management  ???

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 15 What about the strengths of the SAI of Portuland ? No major problems in day-to-day business Enough money Good specialists Good experience in some divisions Readiness to do a self-assessment!

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 16 Third exercise Get a good action plan!  10 minutes to solve the problems of the SAI of Portuland!  What are the typical measures for these kinds of problems?  Who should have the responsibility for this action?

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 17 Some possible measures Introduce a Risk management in the SAI Appoint one user responsible for each business process and the corresponding application Initialize a Process reengineering to standardize the business processes Create (or reactivate) an IT committee to determine the IT strategy, the IT standards and the IT architecture Link the help desk and the training of the users (learning organization) Carry out an IT audit of the payroll application Review some projects …

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 18 Some bad measures  Give more money to IT  Give the user more authority and resources to develop their own applications  Scan all the documents  Outsource the IT  Change the CIO  Install Team Mate ……

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 19 Questions ?

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 20 What we should do now Make a commitment to organize a self-assessment ! Make a commitment to moderate a self-assessment !

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 21 Bulgarie Cyprus2005 Czech Rep. DenmarkNorway2003 Estoniatoo small FinlandDenmark2004 FranceSwitzerland2004 Germany HungarySwitzerland2005 Ireland2005 LithuaniaThe Netherlands2003 The NetherlandsSwitzerland2005

EUROSAI IT Working Group - 14 October 2004 Swiss federal audit office - Michel Huissoud 22 NorwayDenmark2004 Poland2005 PortugalSpain2004 Romania2005 Russian Fed. Slovakia SloveniaSpain2005 SpainSlovenia2003 SwedenNorway2005 Switzerland2005 United KingtomKPMG2004external

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.