The Supreme Audit Office run a workshop on IT audit at the X EUROSAI Congress
The Supreme Audit Office (SAO) attended the EUROSAI Congress in Istanbul not only as a candidate for the next presidency. The SAO representatives also prepared a workshop on Two Controversial Issues Related to IT Audits for SAIs: i) Mandate for IT Audits and ii) Capacities of SAIs to Conduct IT Audits for the participants. Colleagues from the Slovenian and Polish SAIs, as well as representatives from AFROSAI-E gave their presentations and shared their experience at the workshop.
Before the Congress, the SAO auditors had designed an online survey, which 20 SAIs responded to. Among others, the results show that a SAI´s mandate to perform IT audit follows from the mandates to carry out performance audit, compliance audit, and financial audit as well. The answers also show that the most important issues which should IT audit deal with in accordance with ISSAI 5300 are based on performance audit. The SAO auditors presented their approach to IT audit and e-Government at the workshop. This area of audit has also demonstrated a certain development. Previously, it was connected to financial audit and legality audit of financial operations that were documented in accounting information systems. Today, services of public administration that provide or operate directly information systems under e-Government are more emphasized.
This change brings much better opportunities for IT performance audit. This type of audit is the only one that can answer a question whether the significant costs spent on IT systems bring the desired value for money. Thus, it is necessary that the SAIs are able to respond swiftly to the fast technological development. Only then they can focus their IT audits successfully on changing priorities in this area. The IT Governance belongs to the most important and most often audited areas. Also, the area of IT acquisition and operation, outsourcing, operating continuity plans, and cybersecurity are in this group of audit topics. The SAO´s experience is that performance audits focused on IT and e-Government bring concrete results such as better efficiency of public administration and higher quality of e-services.
One conclusion of the workshop was that SAIs have been challenged individually in areas such as using tools of Business Intelligence for a complex data analysis and/or carrying through risk analyses as regards cybersecurity. The importance of sharing information about the good practice and international benchmarking was also stressed at the workshop.
The outcomes of the workshop became a part of EUROSAI Congress´ recommendations formulated in so called Istanbul Declaration which corroborates the great contribution of the workshop. These recommendations comprise the necessity of strategic development of IT audit in each SAI on one hand and a call to make a stronger bond between IT and performance audit on the other hand.
Communication Department
Supreme Audit Office