Скачать презентацию Experiences of the Audit Office of Lithuania Dainius Скачать презентацию Experiences of the Audit Office of Lithuania Dainius

0bae07d6d4244139738afe53c195bf7a.ppt

  • Количество слайдов: 9

Experiences of the Audit Office of Lithuania Dainius Jakimavičius Director Information Technology Department Experiences of the Audit Office of Lithuania Dainius Jakimavičius Director Information Technology Department

Why self-assessment ? IT Development Strategy (September 2002) • • main aspects for IT Why self-assessment ? IT Development Strategy (September 2002) • • main aspects for IT development until 2006 oriented more on technological potential, less on office needs Mid-sized office • • • over 300 working places (230 notebooks - auditors, 80 desktops – administration & audit management) 6 remote locations (branch offices) less posibilities for ad-hoc management 2

Objectives Introduce principles (practices ? ) of corporate IT governance by integration of the Objectives Introduce principles (practices ? ) of corporate IT governance by integration of the main office processes with IT processes as well as • • • increase awareness of the main office processes owners consolidating their inputs for IT development disclose the most important IT processes supporting the main office business processes set priorities for subsequent actions in the NAO 3

Findings PO 1 Define a Strategic IT Plan AI 1 15/18 2 Identify Automated Findings PO 1 Define a Strategic IT Plan AI 1 15/18 2 Identify Automated Solutions 14/18 2 DS 5 Ensure Systems Security 14/18 2 4

PO 1: Define a Strategic IT Plan Indicated Shortcoming: “Policy not known, no business PO 1: Define a Strategic IT Plan Indicated Shortcoming: “Policy not known, no business planning system”, Pilot LT NAO, October 2003 Actions: • • Clear Procedures & Priorities for Allocation of Resources (importance ranking: 10) Setting up Business Requirements 5

Enforcement (1) Establishment of LT NAO Strategic Management & Risk Management Commission (November 2003). Enforcement (1) Establishment of LT NAO Strategic Management & Risk Management Commission (November 2003). IT Management – among 7 most important risk areas Approval by LT NAO Council Implementation Plan of LT NAO IT Strategy (January 2004): • • IT Infrastructure Development System Policies & Procedures Business Software Remote access & direct links to NAO clients 6

Enforcement (2) Establishment of IT Management Committee (February 2004) - sharing responsibility for IT Enforcement (2) Establishment of IT Management Committee (February 2004) - sharing responsibility for IT development with owners of the main processes (auditors) Approval by LT NAO Council of outline of the new LT NAO information system (March 2004) Establishment of WG for elaboration proposals for development of future audit management and documentation system (May 2004) 7

Practical Hints Involvement of Head of SAI at the very early stage of self-assessment Practical Hints Involvement of Head of SAI at the very early stage of self-assessment – demonstrating importance of the issue Mixing auditors & IT professionals – corporate nature of IT management Closing seminar – summing up things to be done 8

Other Added Values Recognition of SAI by ISACA community (locally). Presentation of self-assessment to Other Added Values Recognition of SAI by ISACA community (locally). Presentation of self-assessment to the LT Chapter meeting (February 2004) Demonstrating IT awareness to SAI clients 9