1 / 21

Enhancing IT Governance: Achieving Value for Money in Zambia Government | Presentation Overview

Detailed insights on IT auditing, policies, challenges faced, and recommendations issued by the Auditor General's Office to improve IT services and governance in the Zambian government.

crewsj
Download Presentation

Enhancing IT Governance: Achieving Value for Money in Zambia Government | Presentation Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Office of theAuditor General – Zambia7th Performance Auditing Seminar of INTOSAI Working Group onIT Audit ‘Role of SAI's in Promoting Policy for IT Improvement & Value For Money’

  2. Presentation Overview • Background and evolution of computing in Government • Information Technology Auditing in OAG-Z • Adoption of Generally Accepted IT Policies in other Government Agencies • Recommendations issued by OAG and implemented by auditees • OAG Recommendations that have improved the process of Acquisition of IT Services • Challenges • Conclusion Specialised Audit Department

  3. Background • Information Communication Technology (ICT) in Zambia started in the 1980s. • Advancements in technology enhanced efficiency and effectiveness of business processes and service delivery. • Government implemented some systems Specialised Audit Department

  4. Background continued…… • Systems implemented were; • Payroll Management Establishment Control (PMEC) System • Land Information Management System (LIMS) • Revenue Systems (ITAS, ASYCUDA) • Transport Information System – Zambia Transport Information Systems (ZAMTIS) • Utilities System • Banking Systems - (National Savings and Credit Bank), and more recently; • Integrated Financial Management Information System (IFMIS) Specialised Audit Department

  5. Background continued……. • Initially, country had no appropriate policy to guide ICT in the country • Government later enacted: • Telecommunication Act of 1994 • Formulated ICT policy (in April 2006) • Information and Communications Technology Act of 2009 • The Electronic, Communication and Transport Act of 2009 Specialised Audit Department

  6. IT Auditing in OAG-Z • OAG-Z restructured in 2005 and established: • MIS section • IT Audit section • The IT Audits Section is responsible for carrying out information technology audits. • Produced seventeen (17) IT audits reports, out of which nine (9) have been tabled in Parliament. Specialised Audit Department

  7. Adoption of Generally Accepted IT Policies in Government Agencies • Adopted ISACA standards • Integrated auditing approach As a result: • The audit scope and recommendations have been enhanced. Specialised Audit Department

  8. Participation at meetings of international and regional groupings • Recommendations made resulted in clients making improvements to their systems or they have acquired and implemented new systems using these standards. • Realization of value for money for the clients’ operations. Specialised Audit Department

  9. What recommendations has the Office Issued on IT and seen Implemented • IT Governance • IT Security • Audit Trail • Change Management • Business continuity and backup procedures Specialised Audit Department

  10. IT Governance • Implementation of ICT Policy and Strategic Plans. e.g. The Ministry of Finance and the National Savings and Credit Bank • Adoption of internationally recognized standards e.g. ZESCO Limited, Zambia Revenue Authority have adopted the COBIT Framework • Elevation of ICT to policy making level. E.g Some MPSAs and water utility companies have restructured their organizations and ICT functions and in addition, segregation of duties has been enhanced. Specialised Audit Department

  11. Security • Physical and environmental, logical and network controls have either been implemented or strengthened in institutions such as Road Transport and Safety Agency, Payroll Management Establish Control and water utility companies (billing systems). Specialised Audit Department

  12. Audit Trail • The LIMS, PMEC and NATSAVE have implemented audit trails. Specialised Audit Department

  13. Change Management • Implementation of documented Change Management procedures e.g. Ministry responsible for Finance (IFMIS), Zambia Revenue Authoriry (ITAS), University of Zambia and NATSAVE have documented and implemented change management procedures. Specialised Audit Department

  14. Business Continuity Plans and Backup Procedures • Development and implementation of the business continuity plans and backup procedures. e.g ZESCO Limited, Zambia Revenue Authority, University of Zambia, Ministry of Lands and NATSAVE Bank Specialised Audit Department

  15. Recommendations that have been Issued by the Office that have improved the Acquisition of IT Services • Alignment of IT Strategic Plan with overall Strategic Plan to ensure that acquisition of IT systems are in line with business objectives • Establishment of IT Steering or Technical Committee to ensure good governance of the IT projects and resources Specialised Audit Department

  16. Continued…. • IT representation at the Decision Making Level to ensure that management recognizes IT opportunities and risks that exist in organization’s operations. • Clients/IT units entering into Service Level Agreements with end users and vendors to ensure services are delivered to desired expectations. Specialised Audit Department

  17. Challenges • The high costs associated with IT auditing training and tools, • Inadequate awareness and appreciation of IT audits by some stakeholders and clients. Specialised Audit Department

  18. Way forward • Continuous IT training (both short and long term) • Sensitization of stakeholders Specialised Audit Department

  19. Conclusion • With the above developments and the Office’s close collaboration and coordination with INTOSAI, ISACA, Cooperating Partners and key stakeholders’ great strides have been achieved in IT auditing. • The Office sensitization campaigns of Cabinet Ministers, Members of Parliament, Chief Executive Officers and senior Government officials has had an impact in promoting policy for IT improvement within the public sector in Zambia. Specialised Audit Department

  20. Continued…. • There has been a remarkable increase in the response rate to audit queries and management letters by Controlling Officers, Chief Executive Officers and Heads of Departments. • The IT audit work plans have been executed timely and the audit reports produced, tabled and discussed by Parliament and most of the recommendations have been implemented by the clients. • Our clients have appreciated our work such that they have invited us to be part of the technical committees responsible for Acquisition of IT systems and interviewing panels. Specialised Audit Department

  21. Thank you Specialised Audit Department

More Related