Office of the Auditor General – Zambia 7th Performance Auditing Seminar of INTOSAI Working Group...
-
Upload
joseph-mcnally -
Category
Documents
-
view
218 -
download
0
Transcript of Office of the Auditor General – Zambia 7th Performance Auditing Seminar of INTOSAI Working Group...
Office of theAuditor General – Zambia
7th Performance Auditing Seminar of INTOSAI Working Group on
IT Audit ‘Role of SAI's in Promoting Policy for IT
Improvement & Value For Money’
1
Presentation Overview Background and evolution of computing in Government Information Technology Auditing in OAG-Z Adoption of Generally Accepted IT Policies in other Government Agencies
Recommendations issued by OAG and implemented by auditees OAG Recommendations that have improved the process of Acquisition of IT
Services Challenges Conclusion
April 2013 Specialised Audit Department 2
Background Information Communication Technology (ICT) in Zambia started in
the 1980s.
Advancements in technology enhanced efficiency and effectiveness of business processes and service delivery.
Government implemented some systems
10 April 2023 Specialised Audit Department 3
Background continued…… Systems implemented were;
Payroll Management Establishment Control (PMEC) System Land Information Management System (LIMS) Revenue Systems (ITAS, ASYCUDA) Transport Information System – Zambia Transport Information
Systems (ZAMTIS) Utilities System Banking Systems - (National Savings and Credit Bank), and
more recently; Integrated Financial Management Information System (IFMIS)
10 April 2023 Specialised Audit Department 4
Background continued…….
Initially, country had no appropriate policy to guide ICT in the country
Government later enacted: Telecommunication Act of 1994 Formulated ICT policy (in April 2006) Information and Communications Technology Act of 2009 The Electronic, Communication and Transport Act of 2009
10 April 2023 Specialised Audit Department 5
IT Auditing in OAG-Z OAG-Z restructured in 2005 and established:
MIS section IT Audit section
The IT Audits Section is responsible for carrying out information technology audits.
Produced seventeen (17) IT audits reports, out of which nine (9) have been tabled in Parliament.
10 April 2023 Specialised Audit Department 6
Adoption of Generally Accepted IT Policies in Government Agencies
Adopted ISACA standards Integrated auditing approach
As a result: The audit scope and recommendations have been enhanced.
10 April 2023 Specialised Audit Department 7
Participation at meetings of international and regional groupings
Recommendations made resulted in clients making improvements
to their systems or they have acquired and implemented new systems using these standards.
Realization of value for money for the clients’ operations.
10 April 2023 Specialised Audit Department 8
What recommendations has the Office Issued on IT and seen Implemented
IT Governance IT Security Audit Trail Change Management Business continuity and backup procedures
10 April 2023 Specialised Audit Department 9
IT Governance Implementation of ICT Policy and Strategic Plans. e.g. The Ministry
of Finance and the National Savings and Credit Bank
Adoption of internationally recognized standards e.g. ZESCO Limited, Zambia Revenue Authority have adopted the COBIT Framework
Elevation of ICT to policy making level. E.g Some MPSAs and water utility companies have restructured their organizations and ICT functions and in addition, segregation of duties has been enhanced.
10 April 2023 Specialised Audit Department 10
Security
Physical and environmental, logical and network controls have either been implemented or strengthened in institutions such as Road Transport and Safety Agency, Payroll Management Establish Control and water utility companies (billing systems).
10 April 2023 Specialised Audit Department 11
Audit Trail
The LIMS, PMEC and NATSAVE have implemented audit trails.
10 April 2023 Specialised Audit Department 12
Change Management
Implementation of documented Change Management procedures e.g. Ministry responsible for Finance (IFMIS), Zambia Revenue Authoriry (ITAS), University of Zambia and NATSAVE have documented and implemented change management procedures.
10 April 2023 Specialised Audit Department 13
Business Continuity Plans and Backup Procedures
Development and implementation of the business continuity plans and backup procedures. e.g ZESCO Limited, Zambia Revenue Authority, University of Zambia, Ministry of Lands and NATSAVE Bank
10 April 2023 Specialised Audit Department 14
Recommendations that have been Issued by the Office that have improved the Acquisition of IT Services
Alignment of IT Strategic Plan with overall Strategic Plan to ensure that acquisition of IT systems are in line with business objectives
Establishment of IT Steering or Technical Committee to ensure good governance of the IT projects and resources
10 April 2023 Specialised Audit Department 15
Continued….
IT representation at the Decision Making Level to ensure that management recognizes IT opportunities and risks that exist in organization’s operations.
Clients/IT units entering into Service Level Agreements with end users and vendors to ensure services are delivered to desired expectations.
10 April 2023 Specialised Audit Department 16
Challenges
The high costs associated with IT auditing training and tools,
Inadequate awareness and appreciation of IT audits by some stakeholders and clients.
10 April 2023 Specialised Audit Department 17
Way forward
Continuous IT training (both short and long term)
Sensitization of stakeholders
10 April 2023 Specialised Audit Department 18
Conclusion With the above developments and the Office’s close collaboration
and coordination with INTOSAI, ISACA, Cooperating Partners and key stakeholders’ great strides have been achieved in IT auditing.
The Office sensitization campaigns of Cabinet Ministers, Members of Parliament, Chief Executive Officers and senior Government officials has had an impact in promoting policy for IT improvement within the public sector in Zambia.
10 April 2023 Specialised Audit Department 19
Continued…. There has been a remarkable increase in the response rate to audit
queries and management letters by Controlling Officers, Chief Executive Officers and Heads of Departments.
The IT audit work plans have been executed timely and the audit reports produced, tabled and discussed by Parliament and most of the recommendations have been implemented by the clients.
Our clients have appreciated our work such that they have invited us to be part of the technical committees responsible for Acquisition of IT systems and interviewing panels.
10 April 2023 Specialised Audit Department 20
Thank you
10 April 2023 Specialised Audit Department 21