Download presentation
Presentation is loading. Please wait.
Published byJoseph McNally Modified over 11 years ago
1
Office of the Auditor General – Zambia 7th Performance Auditing Seminar of INTOSAI Working Group on IT AuditRole of SAI's in Promoting Policy for IT Improvement & Value For Money 1
2
Presentation Overview Background and evolution of computing in Government Information Technology Auditing in OAG-Z Adoption of Generally Accepted IT Policies in other Government Agencies Recommendations issued by OAG and implemented by auditees OAG Recommendations that have improved the process of Acquisition of IT Services Challenges Conclusion April 2013 Specialised Audit Department2
3
Background Information Communication Technology (ICT) in Zambia started in the 1980s. Advancements in technology enhanced efficiency and effectiveness of business processes and service delivery. Government implemented some systems 07 February 2014Specialised Audit Department3
4
Background continued…… Systems implemented were; Payroll Management Establishment Control (PMEC) System Land Information Management System (LIMS) Revenue Systems (ITAS, ASYCUDA) Transport Information System – Zambia Transport Information Systems (ZAMTIS) Utilities System Banking Systems - (National Savings and Credit Bank), and more recently; Integrated Financial Management Information System (IFMIS) 07 February 2014Specialised Audit Department4
5
Background continued……. Initially, country had no appropriate policy to guide ICT in the country Government later enacted: Telecommunication Act of 1994 Formulated ICT policy (in April 2006) Information and Communications Technology Act of 2009 The Electronic, Communication and Transport Act of 2009 07 February 2014Specialised Audit Department5
6
IT Auditing in OAG-Z OAG-Z restructured in 2005 and established: MIS section IT Audit section The IT Audits Section is responsible for carrying out information technology audits. Produced seventeen (17) IT audits reports, out of which nine (9) have been tabled in Parliament. 07 February 2014Specialised Audit Department6
7
Adoption of Generally Accepted IT Policies in Government Agencies Adopted ISACA standards Integrated auditing approach As a result: The audit scope and recommendations have been enhanced. 07 February 2014Specialised Audit Department7
8
Participation at meetings of international and regional groupings Recommendations made resulted in clients making improvements to their systems or they have acquired and implemented new systems using these standards. Realization of value for money for the clients operations. 07 February 2014Specialised Audit Department8
9
What recommendations has the Office Issued on IT and seen Implemented IT Governance IT Security Audit Trail Change Management Business continuity and backup procedures 07 February 2014Specialised Audit Department9
10
IT Governance Implementation of ICT Policy and Strategic Plans. e.g. The Ministry of Finance and the National Savings and Credit Bank Adoption of internationally recognized standards e.g. ZESCO Limited, Zambia Revenue Authority have adopted the COBIT Framework Elevation of ICT to policy making level. E.g Some MPSAs and water utility companies have restructured their organizations and ICT functions and in addition, segregation of duties has been enhanced. 07 February 2014Specialised Audit Department10
11
Security Physical and environmental, logical and network controls have either been implemented or strengthened in institutions such as Road Transport and Safety Agency, Payroll Management Establish Control and water utility companies (billing systems). 07 February 2014Specialised Audit Department11
12
Audit Trail The LIMS, PMEC and NATSAVE have implemented audit trails. 07 February 2014Specialised Audit Department12
13
Change Management Implementation of documented Change Management procedures e.g. Ministry responsible for Finance (IFMIS), Zambia Revenue Authoriry (ITAS), University of Zambia and NATSAVE have documented and implemented change management procedures. 07 February 2014Specialised Audit Department13
14
Business Continuity Plans and Backup Procedures Development and implementation of the business continuity plans and backup procedures. e.g ZESCO Limited, Zambia Revenue Authority, University of Zambia, Ministry of Lands and NATSAVE Bank 07 February 2014Specialised Audit Department14
15
Recommendations that have been Issued by the Office that have improved the Acquisition of IT Services Alignment of IT Strategic Plan with overall Strategic Plan to ensure that acquisition of IT systems are in line with business objectives Establishment of IT Steering or Technical Committee to ensure good governance of the IT projects and resources 07 February 2014Specialised Audit Department15
16
Continued…. IT representation at the Decision Making Level to ensure that management recognizes IT opportunities and risks that exist in organizations operations. Clients/IT units entering into Service Level Agreements with end users and vendors to ensure services are delivered to desired expectations. 07 February 2014Specialised Audit Department16
17
Challenges The high costs associated with IT auditing training and tools, Inadequate awareness and appreciation of IT audits by some stakeholders and clients. 07 February 2014Specialised Audit Department17
18
Way forward Continuous IT training (both short and long term) Sensitization of stakeholders 07 February 2014Specialised Audit Department18
19
Conclusion With the above developments and the Offices close collaboration and coordination with INTOSAI, ISACA, Cooperating Partners and key stakeholders great strides have been achieved in IT auditing. The Office sensitization campaigns of Cabinet Ministers, Members of Parliament, Chief Executive Officers and senior Government officials has had an impact in promoting policy for IT improvement within the public sector in Zambia. 07 February 2014Specialised Audit Department19
20
Continued…. There has been a remarkable increase in the response rate to audit queries and management letters by Controlling Officers, Chief Executive Officers and Heads of Departments. The IT audit work plans have been executed timely and the audit reports produced, tabled and discussed by Parliament and most of the recommendations have been implemented by the clients. Our clients have appreciated our work such that they have invited us to be part of the technical committees responsible for Acquisition of IT systems and interviewing panels. 07 February 2014Specialised Audit Department20
21
Thank you 07 February 2014Specialised Audit Department21
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.