EUROSAI. Magazine N21 - 2015

EUROPEAN ORGANISATION OF SUPREME AUDIT INSTITUTIONS REPORTS OF EUROSAI GOAL TEAMS, WORKING GROUPS, TASK FORCE AND MONITORING COMMITTEE 32 www.eurosai.org · N.º 21 - 2015 6. Enhance IT potential of SAIs, which will be realised by organisation of trainings focused on methodological framework and enhancing IT auditing skills. Concurrently, selfassessment exercises are being promoted in order to encourage SAIs to refine their IT organisation and make IT related audits more widespread and effective. The WGIT’s work plan is realised through the following projects and activities describing progress and next steps: Feedback on IT related Standards and Guidelines By the end of July 2015 the exposure draft of a new INTOSAI auditing standard, ISSAI 5300 was presented. The final version of the standard will include general principles of IT audit and will provide a platform for framing more specific guidelines, like the already existing ISSAI 5310 on Information Security Management Review. During the 10 th meeting of WGIT, participants were involved in the development of ISSAI 5300 by adding its comments, remarks and observations which were sent to the INTOSAI Working Group on IT Audit. Control Space of E-government (CUBE) CUBE is a tool meant to facilitate audits of e-government, co-ordinated by Polish NIK. It is intended to be an “intelligent” internet database of e-government audit reports from various SAIs’. The idea is not only to gather interesting resources of information but also to provide them together with analysis – classifying topics, management functions, risk cases and projects’ goals. Its development philosophy is agile – you can use it ( egov.nik.gov.pl ) but new functionalities are invented and added step by step. The CUBE as an analytical and presentation tool is open for cooperation with other projects. IT Self-assessment (ITSA) The IT Self-Assessment project is co-ordinated by the Swiss Federal Audit Office. It is and IT governance instrument which takes the form of a workshop with participants from IT and user sides at various levels. Workshop participants assess the quality of current and future support of business processes by IT. The approach allows for a focussed and pragmatic solution definition. An ITSA is led by a moderator who comes from another SAI. After the presentation of the ITSA results to Executive Management, the most important part begins: the refinement and implementation of the suggested actions. During last year several ITSA workshops have been carried out. The detailed plan of the future ITSA workshops was agreed on July 2015 in Warsaw. IT Audit Self-Assessment (ITASA) The IT Audit Self-Assessment project is also co- ordinated by the Swiss Federal Audit Office. The approach of workshops allows for a focussed and pragmatic solution definition. An ITASA is led also by a moderator who comes from another SAI. Workshop participants assess current and future maturities of the IT audit function. As in ITSA, after the presentation of the ITSA results to Executive Management, the most important parts begins: the refinement and implementation of the suggested actions. Since 2014 the workshops devoted to ITASA in the National Audit Office of Estonia and the Court of Audit of Belgium haven been conducted. The EUROSAI IT Working Group continues to promote ITSA and ITASA tools outside EUROSAI. As a result, e.g. an ITSA workshop has been carried out in the Court of Audit of Algeria. Parallel and Joint Audits A parallel audit on Biometric Passports was carried out in 2014. This audit was performed in six different countries: Belgium, Latvia, Lithuania, Norway, Portugal and Switzerland.