Auditing e-government

Similar documents
issue 22 October 2005 Why not visit the INTOSAI website: country profile

CHALLENGES (BARRIERS) IN ADOPTING THE ELECTRONIC COMMERCE SYSTEM IN LIC OF INDIA

Evaluation: A Canadian Government Priority Rafika Amira Danish Evaluation Society Conference 2007 Kolding, Denmark September 15, 2007

Measuring e-government

E-Government : Current Trends and Approaches

Renewing the Work Plan of the FPT DMs Table

Strategies and Framework for Government On-Line: A Canadian Experience

Pillar II. Institutional Framework and Management Capacity

Management Accountability Framework

On demand operating environment solutions To support your IT objectives Transforming your business to on demand.

Review of the management of data quality in the My Government of Canada Human Resources system. Office of Audit and Evaluation

Insurance Professional

Background Document on Oversight Bodies for Regulatory Reform

HM Award Submissions Strengths

JOB DESCRIPTION. Job title. Senior Procurement Manager. 2-year fixed term contract. Band 2. 52,312-64,208 per annum. Main purpose of the job:

Stamps and Registration Automation with Technology and Information (SARTHI)

E-Government - A Vision for New Zealanders

Dr. Hazri Kifle Faculty of Business, Economics and Policy Studies Universiti Brunei Darussalam

Consumerizing Service Delivery: Breaking Down Organizational Silos to Deliver Services to a Global, Mobile Workforce

Contributions Network in Mauritius

Introduction. SAI Independence Programme. Introduction. What does SAI. Independence. stand for? Independent SAIs make difference. Programme.

FURTHER INFORMATION SENIOR CIVIL SERVICE CHIEF EXECUTIVE DEPUTY DIRECTOR SCS 1 SCOTTISH FISCAL COMMISSION EDINBURGH/GLASGOW

Assurance Review Process - Lessons Learned

Utility of Analytics Analytics in India. Rajarshi Sengupta Deloitte Touche Tohmatsu December 10, 2014

Annual Governance Report. Union National Bank-Egypt. Compliance & Governance Department

Technical Cooperation Projects on E-government

INTERNAL AUDIT DIVISION REPORT 2018/105. Audit of strategic support to the global humanitarian inter-agency coordination mechanisms

Keynote Address by Mr Lam Chuan Leong, Chairman, IDA. Singapore. At the 36th ICA Conference. "Innovating and Transforming Government Through

Information Technology Services Project Management Office Operations Guide

ARCHIVED - Evaluation Function in the Government of. Archived Content. Centre of Excellence for Evaluation Treasury Board of Canada Secretariat

DEPARTMENT OF TELECOMMUNICATIONS AND POSTAL SERIVCES: NATIONAL E- STRATEGY AND ICT SMME SUPPORT STRATEGY

E-Governance in Higher Education: Issues & Challenges

NSW DIGITAL GOVERNMENT STRATEGY. digital nsw DRIVING WHOLE OF GOVERNMENT DIGITAL TRANSFORMATION DESIGNING IN OUR NSW DIGITAL FUTURE

Competency Framework For the HR Profession Developed by the Singapore Human Resources Institute

Digital experiences in government: the need for speed.

E-Government Applications in Latin America: An overview

SINGAPORE. ICA 36th CONFERENCE Singapore, October Introduction

Moving to a Service-Oriented Architecture

Assessment of the Capability Review programme

GOVERNMENT OF YUKON POLICY 1.13 GENERAL ADMINISTRATION MANUAL

REFIT Platform Opinion

Help Sheet 1: Legislative Processes in the United Kingdom

Summary. The nature and scope of accounting officer appearances

CAPABILITY PROFILE. Move the Digital Way

How to Create Successful Shared Services Using Northern Ireland's Enterprise Shared- Service Best Practices

CSC Australia Response to ICT Procurement Taskforce Consultation Department of Prime Minister and Cabinet

Formulation and Implementation of Service Charter. By Mallam Danjuma Usman SERVICOM Office, Presidency (+234) ;

Supporting e-government Progress in the United Arab Emirates

JOB DESCRIPTION. Manager Service Management Technical Systems & Proposed band. Job family

PAS 181:2014. Smart city framework Guide to establishing strategies for smart cities and communities. Executive summary.

King IV Sector Supplements - Public Commenting

Modern Registration Division

Solution Pathway Series. Applying Microsoft tools to support the full life cycle of Grants Management

Standards for Excellence Program Organizational Self-Assessment Checklist

Advanced Performance Management for Government

NOT PROTECTIVELY MARKED. HM Inspectorate of Constabulary in Scotland. Inspection Framework. Version 1.0 (September 2014)

CONSULTING EXCELLENCE

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Performance Measurement. Prepared by: Audit and Assurance Services Branch

Assistant Deputy Minister, Health Workforce Planning Compensation and Beneficiary Services Ministry of Health Victoria

Technology evolution. Managing the risk in four key areas

The Law Society Executive Director of Member Experience. Appointment Brief

VACANCY ANNOUNCEMENT

Government Going Digital: How being always on affects public services

Office of the Minister for Government Digital Services and Minister of Broadcasting, Communications and Digital Media

Communications Strategy

Chair Cabinet Committee On Government Expenditure and Administration NEW ZEALAND E-GOVERNMENT INTEROPERABILITY FRAMEWORK (NZ E-GIF)

wipro.com Beyond Business as Usual: Enterprise Architecture for Governments of the Future

Republic of Malawi ANNEX 1: PUBLIC SECTOR MANAGEMENT POLICY IMPLEMENTATION PLAN

Business Strategy

Citizen Centric Service Delivery through e-governance Portal

E-government in the Belgian social sector coordinated by the Crossroads Bank for Social Security

The 10 Characteristics of Successful Multi Academy Trusts

Insurance Carrier Core Systems in the Cloud. A Novarica Research Partners Program Report Underwritten by OneShield Software

ASSESSING JUDICIAL BRANCH EDUCATION GOVERNANCE

The purpose of the research: the implementation of legislative principles

Customer service. Chartered Institute of Internal Auditors. 26 October What is customer service? 1 Chartered Institute of Internal Auditors

COUNTY OF SAN JOAQUIN STRATEGIC DIRECTION FOR INFORMATION TECHNOLOGY

10/02/2017 Version pptx. 1

THE DIGITAL FIRM: ELECTRONIC COMMERCE AND ELECTRONIC BUSINESS

SUBMISSION ON RANKING MARCH 4, 2002 MMSD DRAFT REPORT CHAPTER 16 SUGGESTIONS

Public Internal Control Systems in the European Union

How Circeo runs online Retail Loan Factory for Banks from IBM Cloud

APPOINTMENT OF HEAD OF REGULATION

Deputy Minister Profile

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2015

Which is Best for Us? Top Down, Bottoms Up, or Middle Out

Business Partnering Skills and Capabilities Model Electrocomponents - Case Study

INSERT YOUR COMPANY LOGO/NAME HERE

Initiation Report Inland Revenue Transformation Plan project

GLOBAL FINANCIAL MANAGEMENT PARTNERSHIP TERMS OF REFERENCE FOR THE EVALUATION OF DGF-FINANCED PROGRAMS

E-Governance: Bangladesh Perspective

BUSINESS PLAN

IT Service Provider and Consumer Support Engineer Position Description

TOTAL ANALYTICS POWERED BY TOUCHÉ FOCUSED BUSINESS ANALYTICS

NATIONAL BANK OF FUJAIRAH THE GOVERNANCE FRAMEWORK OF THE BOARD OF DIRECTORS

WINSOR II AMBER RECOMMENDATIONS METROPOLITAN POLICE FEDERATION COMMENTS

Introduction. Summary

Transcription:

8 into IT Auditing e-government Life-cycle risks and setting up a database Biography Erna Lea is a Deputy Director General at the Office of the Auditor General of Norway (OAG). She has a degree in economics from the University of Oslo, and has been with the OAG since 1986. Her dealings has been with financial audit and questions related to the remits of the Ministry of Finance, Ministry of Labour and Social Affairs and Ministry of Education and Research. Since 2003, she has been coordinating the INTOSAI IT-Committee Task Force s work on Auditing e-government. Background At its 11th Meeting, held in New Delhi in November 2002, the INTOSAI Standing Committee on IT Audit agreed that e-government posed new risks and challenges for auditors as well as Governments, and that these should be investigated with a view to issuing guidance and sharing best practice in this area. A task force was set up with participation of the SAIs of the United Kingdom, the USA, Canada, Sweden and chaired by Norway. The first stage of the project was presented in the report Auditing e-government submitted to the Committee at its 12th Meeting in Oslo 2003. The report was based on a survey of all SAIs to establish trends and developments worldwide, the aim being to identify common issues and problems for further discussion and investigation. The report also proposed further work in the e-government area aimed at meeting the main risks and challenges identified by the SAIs in the survey: Sharing lessons, information and knowledge on e-government; Developing audit methods and audit perspectives on e-government. Training and education; Joint (concurrent/cooperative) international audits. The survey showed the need to focus on work that did not depend on a SAI s level of maturity in auditing e-government, and which would provide a sound basis for more in-depth work at a later stage. At the IT-Committee s 14th meeting last April, the task force submitted a report aimed to meet these needs. It produced a detailed look at the life cycle of e-government programmes and projects and at the risks associated with each phase. It also proposed a database of reference material on the IT-Committee s web-site where SAIs could share audit methods and perspectives on e-government. For the database to be a success, it is important for all SAIs to submit their relevant work to populate the database. By doing so, they will provide information for the Committee to take up more in-depth work later on.

into IT 9 for reference material Scope and definition The design of this work has been to cover areas that were of particular relevance to e-government, rather than to IT in general. The focus was on services, management, technical solutions, legal and audit risks that relate to the delivery of e-government services and solutions. The report Auditing e-government included a definition of e-government, a description of the levels of e-government service maturity, and an outline of the main challenges and risks they pose as they had been presented for the SAIs in the conducted survey. Given the broad perspective of an SAI s work in the public sector, the definition of e-government was selected to be: e-government is the online exchange of government information with, and the delivery of services to, citizens, businesses and other government agencies. Life-Cycle risks in e-government Introduction E-Government is said to have the potential to transform the way that governments operate. Some countries and agencies have not yet started to transform services into e-services, while others are working with their visions, demands, and capabilities to develop e-government services. Some countries and agencies have progressed quite far along the road of delivering sophisticated e-services. But the road leading to a seamless e-government is not an easy one. There are many risks involved, which if they mature will have a detrimental impact on the economy, efficiency, and effectiveness of e-government investments. In the report Auditing e-government, we identified three broad risk areas: Risks related to initiating and supporting e-government investment proposals; Risks related to implementing (developing, running, delivering, and maintaining) e-government services; Risks related to the consequences (value for money, effectiveness) of performing e-government services. It is crucial for countries and agencies to identify the risks they face in developing their e-government services, and to develop appropriate strategies for managing them. E-Government systems have different characteristics from internally focused, closed information systems. E-Government solutions are open systems and are exposed to more and different risks from traditional systems. The widespread use of technology provides new challenges to governments, organizations and auditors. Such widespread distribution increases the need to provide security, control, and privacy, and there are already many examples of failure to do so, both in the public and private sectors. Auditing e-government is in many ways similar to auditing other areas including IT-systems and projects. The practical experiences of task force members in conducting audits in e-government made it clear that rather than focusing on producing specific checklists which would include methods for use in related areas, it would be more useful to focus on issues and risks to be specifically aware of when considering the development of e-government services. It should provide guidance so that SAIs can prepare their own checklist to examine those risks specific to the project or programme they are auditing and to judge whether they are being appropriately managed.

10 into IT Life-Cycle in e-government The life cycle of e-government projects is a continuous circular chain of activities, divided into four phases: Initiation, Planning and implementing, Operations and Monitoring. Initiation This is the phase in which Governments first articulate their intention and vision which ultimately will lead to Service Transformation. If Service Transformation is the ultimate outcome of the Life Cycle Process, Initiation will be the very beginning. It is articulated in a vision statement a statement of intent of the Government to embark on this journey. It is perhaps the most important phase, as all other subsequent phases will depend largely on the clarity and realism that is incorporated in the first phase. The boundaries of e-government systems, the services to be provided, the resources necessary for planning and implementation, operations and monitoring would be defined in this phase. Planning and implementing Typically, human and financial resources are two most important factors that contribute to success. Applications must be deployed to provide the services specified, but also at the right time, so that user take-up is optimized. Change management is another important issue in this phase. Typically, again, several applications can be developed simultaneously ranging from the simple to the extremely complex. Getting rid of silos and allowing sharing of information is one of the goals of e-government, and coordination to ensure inter-operability is another concern. This and issues of technology, user friendliness, availability, scalability, ownership and pricing of services will dominate this phase. Operations The operations phase has two objectives. The first is reliable day-to-day operations and the second is the progressive integration of systems to achieve service transformation. Monitoring Monitoring relates to optimization of services. E-government projects can take a long time to permeate. Confidence of users to transact business through the impersonal machines does not come easily. It needs strong day-to-day monitoring. Building up the services, capturing and resolving customer feedback are prime concerns during the monitoring phase. Monitoring Operations e-government Project Life-Cycle Initiation Planning and implementing

into IT 11 The Issues Within each phase of the life-cycle we have addressed the issues that were identified as the main challenges and risks to e-government, during the work with the last report Auditing E-Government. By doing so, we also saw a need to identify different risks depending whether they were related to a state and government level or a department level. The issues and risks are therefore sorted accordingly within the four phases of the life-cycle. Addressed issues within the four phases sorted on levels Life-cycle phase Level Issues Initiation State or government Vision Strategic objectives Political will and context Country readiness Department Vision Objectives Strategy Strategic management Horizontalization/ Justification Cross cutting Readiness of the Customer segmentation/ organizations and Identifying potential users their users Ownership Planning and State or government Visions and objectives implementation Department Planning Funding/Budget Technological Issues Requirements Process reengineering Security and privacy Interoperability Project Development Cycle User system Manage changes Clustering of services Take up Operations State or government None Department Service management Open complex systems Culture and awareness Security and privacy Risk management Data management Ownership Performance Monitoring State or government Performance measurement Follow up Department Performance measurement Auditing Assurance Assessment of internal controls

12 into IT Selected risks The Task Force has identified approximately 170 risks, based on its own experience and reports from SAIs. The risks are not presented in any priority order and the same risk may occur at different governmental levels. As more SAIs gain experience, risk factors will need updating. The full listing is too long for an article like this but is included on the website at http://www. intosaiitaudit.org/bhutan/agenda-item-4-sai- Norway.pdf. As a taster we include just the first section covering the risk factors at the State level in the Initiation phase. Initiation State and government level Issues Vision Strategic Objectives Political Will and Context Descriptions E-Government is said to have the potential to transform the way that governments operate. E-Government investments are often proposed by Cabinets and Parliament. Cabinets also give orders or directives to specialist agencies/departments to develop different kinds of e-government support mechanisms, such as standards to be used in the development of e-government. Successful management requires significant cultural and organizational change, such as strong political leadership stretching across departmental boundaries, complex governance structures, multi-level funding, and communications and relationship skills extending beyond that which a single organisation project requires. Of foremost importance is a vision statement reflecting the determination of the Government to support e-governance. A vision statement is not a political statement but underlines the political will to see through change and face the challenges including those of failure. Such a statement gains credibility when it emanates from the Head of the Government. The imperatives for implementing major e-government programmes should focus on clearly defined strategic objectives agreed by the major stakeholders. There must be appropriate levels of leadership and ownership (perhaps involving an overseeing department and ministerial responsibility). Country readiness A country s readiness considers issues such as technological infrastructure, educational level, laws and regulations and skills in implementing e-government solutions.

into IT 13 Risk Factors Vision Lack of vision, unclear vision or a vision that is not really a vision (e.g. objective). A vision statement can be a political slogan. A vision statement can be a sincere statement but not supported by other requisites like commitment of funding or other resources. Political Will and Context Political will is lacking. Even when political will is there, it may not be an informed one and hence the support that is necessary at the right time may not be forthcoming. In a situation of political flux, a vision statement, even by the Head of the Government may not carry conviction. In democracies with quick changes in the government, the political will may not represent a long-term commitment. A vision statement may not reflect the capability of the Government including bureaucracy s capacity to manage change. Political risks created by or tied to unclear demands, requirements, e-policies, and strategies from Parliament and Cabinet. Absence or inadequacy of a central body playing a strategic role at federal, central or local level bear the risk of uncoordinated planning and introduction of e-government services. If design and implementation of systems are left to individual agencies, technologies such as electronic signatures might not be implemented as such a solution might not be profitable for one agency alone, but could be profitable for the public sector as a whole. The human capital that is required to make the e-governance successful in the long term may be yet to be developed. In many countries, one of the most important technological issues can be related to the human capital one. When such projects are implemented by multi lateral donor agencies, the hardware and software may not be widely used and hence the human capital needed to support the services in the long run (e.g. hardware repair) may not be available thus jeopardizing the survival of the system. Visions can be driven by external pressures like international funding agencies, or to gain temporary political mileage in the face of a dissatisfied populace. Strategic Objectives Lack of objectives. Unclear objectives. Objectives that cannot be measured. The Government may go for major e-governance system without a proper technical infrastructure. The Information and Communication Technology (ICT) infrastructure among citizens may be too low. Internet accessibility may be too low to make any web based services useful. Services may be offered to such section of population which have the least access to or expertise in using computers (old age pension, welfare schemes for the disadvantaged).

14 into IT Database Introduction At the first meeting of the Task Force in February 2004, it was agreed to incorporate all three projects in a database made available to all SAIs through INTOSAI s web-site. Collecting e-government materials from SAIs and others in project 1 and 3 showed the need for engaging the contributors of the materials the SAIs themselves in submitting their own reports into the database. The work of the Task Force would thus be to set up the database for material retention, devise a template to ensure the database is populated consistently and formulate and agree keywords to provide a search capability. It was also decided that the database was to be set up so as to allow expansion for future use for other materials and projects in this area. As SAIs submit reports and gain more experiences in auditing e-government, the database enables us to make use of this material to develop further audit methods and perspectives. To make this a useful tool in exchanging scopes, audit criteria and experiences of SAIs and governments in developing e-government, it is essential that every SAI engage in submitting relevant material. The database The database is at http://www.nao.org.uk/intosaipd/ default.asp The user can see a full list of the reports on the database. Filters allow the list to be viewed by SAI, Author, Category or Keyword. Each report in the database may have only one SAI sponsor, only one Category but any number of keywords. The SAI, Author, Category and Keywords are assigned as the report is entered onto the system. Keywords can also be amended subsequently.

into IT 15

16 into IT Keywords When submitting a report or document for inclusion in the database the sponsoring SAI must provide a summary of the report by using a fixed set of keywords (currently 106). Based on the risks in Section 2 above, these keywords facilitate searching the database. Keywords that apply to the document need to entered at the time the document is submitted to NAO for entry into the database, but they can also be assigned subsequently.

into IT 17 List of keywords Acceptance Justification Diagnostic Service Cluster Assessment Laws and Regulations E-forms Service Transformation Assurance Legacy Systems E-Government Skills Auditing Legal Issues E-learning Stakeholders Awareness Legal Risks E-mail Strategic Management Benefits Life Cycle Equitable Strategy Capacity Manage Changes Functionality Streamline Competencies Managing Data Gateway Success Factors Confidential Data Measurable Targets Government On-Line Take Up Configuration Management Measurement Information highway Target Reach Credit Card Monitoring Integrated Training Cross Cutting Objectives Interactive Users Culture Operations Intrusion detection Vision E-governance Ownership Links Vision Statement Electronic Services Performance On-line Web-enabled E-Policies Planning On-line payment Wireless Experience Political Will On-line service Feasibility Study Privacy On-line text Follow Up Process Paths Framework Process Re-engineering Personal Digital Assistants Funding Project Development Personal information Horizontal Integration Quality Criteria Points of access Human Capital Readiness Portal Implementation Accessibility Resistance Infrastructure Authentication service Resources Initiation Citizen-centred Risk Assessment Internal Controls Client satisfaction Risk Management Internet Accessibility Client-centred Roadmap Interoperability Common look and feel Secure Channel Consent Security Cross-reference

18 into IT

into IT 19 Submission template When submitting a report or document for inclusion in the database, the sponsoring SAI must fill out a template with the required information on: which SAI is submitting category of paper publication date contact number and e-mail of person submitting document address publication summary file reference keywords Challenges ahead Work on establishing the life-cycle risks and devising the database, shows that whilst there is a wealth of information about e-government there is relatively little SAI experience in auditing e-government, or that information has not been available to the task force. The established database will allow SAIs to submit reports for inclusion in the database and thus enable the IT Committee to make use of this material to develop further audit methods. The identified and selected list of risks related to the life-cycle of e-government, will be in need of updating as more experience is gained. The task is assigned to a member of the task force. Setting up the database has been the responsibility of the Task Force, with the SAI of UK handling the technical solution and the database administration and maintenance. The database is designed to be expanded to incorporate other projects in the area as the IT-Committee takes them up. To make this database a useful tool in exchanging scopes, audit criteria and experiences of SAIs, it is essential that all SAIs in the next phase contribute to populate and make use of the database. A letter of invitation to do so was forwarded to all SAIs from the Chair of the IT Committee, the SAI of India, in June this year. The contributions will in addition to be of use to all SAIs, and give the IT Committee information to do more in-depth work in this area.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback