24 Meeting Minutes of 24th wgita poland

Minutes of the 24th Meeting of the INTOSAI Working Group on IT Audit (Warsaw, Poland, 29 and 30 June 2015)

Minutes

Download

The 24th meeting of the INTOSAI Working Group on IT Audit (WGITA) was held at Warsaw, Poland on 29 and
30 June 2015. The WGITA participants were also invited by SAI – Poland to participate in the joint activities of the WGITA and EUROSAI Working Group on Information Technology on 1st July 2015. The WGITA meeting was presided over by Mr. Shashi Kant Sharma, Comptroller & Auditor General of India and Chairman of the Working Group. The list of delegates who attended the meeting as members and observers are attached as Annexure. The proceedings of the 24th WGITA are as follows:

Agenda item No. 1: Welcome Address by Mr. Krzysztof Kwiatkowski, President of the Supreme Audit Office of Poland

Mr. Krzysztof Kwiatkowski, President of the Polish Supreme Audit Office welcomed all the participants and expressed his appreciation for the work of the group, particularly on the elaboration of the ISSAI 5300 standard. He was convinced that INTOSAI members were anxious to see the results of the meeting as this is the group that tries to address how auditors could catch up with the dynamic IT environment in their work. He also mentioned that the representative of SAI Poland is a member of similar EUROSAI group. Mr. Kwiatkowski complimented the Comptroller and Auditor General of India, Mr. Shashi Kant Sharma, who chaired the group, and wished all participants a fruitful meeting.

Agenda item No. 2 & 3: Opening remarks by Mr. Shashi Kant Sharma, Comptroller & Auditor General of India and Chairman, WGITA and adoption of Agenda of the 24th WGITA Meeting

Mr. Shashi Kant Sharma, Comptroller and Auditor General of India and Chairman, WGITA thanked the President of the Polish Supreme Audit Office and his staff, for the warm and generous hospitality. He also thanked them for the excellent
arrangements made for hosting the meeting in Warsaw. Mr. Sharma welcomed two new members
(SAIs of Georgia and Mauritius) and two new observers (ISACA and AFROSAI-E) to the Working Group. The Chairman, on behalf of all WGITA members, also thanked the SAI of Malaysia for shouldering the responsibilities of hosting and maintaining the website of WGITA.

The Chairman stated that the Working Group on IT Audit was constantly working to support SAIs in developing their capacity and skills in the audit of Information Technology by facilitating Knowledge Sharing and encouraging bilateral and regional cooperation. He mentioned that the present meeting would jointly review and discuss the progress made by the five IT Projects undertaken by the Working Group as per WGITA Work Plan (2014-2016). Mr. Sharma also intimated
that a survey for shortlisting IT projects for the next Work Plan of WGITA (i.e. 2017-2019) will be sent to all
members/observers by the end of August 2015.

Mr. Sharma further stated that in view of comments from various member SAIs and project team members on the preliminary draft of ISSAI 5300, the same will be redrafted and forwarded to WGITA members/observers in due course for approval through email communication. Thereafter, Mr. Sharma informed the participants about two new items of the agenda i.e. items no.
10 – Audit Management System and no. 14 – WGITA’s role in management of Big Data.

Afterwards, the Chairman placed the Agenda of the meeting before the Working Group, which was accepted without comments.

Agenda item No. 4: Update on website of the Working Group on IT Audit

Ms. Carolina Muyang Lileng made a presentation on the website of the Working Group (www.intosaiitaudit.org) and information that can be found there e.g. materials from the group’s previous meeting in Kuwait, IDI handbook as well as archived issues of “IntoIT Journals”.

Agenda item No. 5: Work Plan (2014-2016): Progress report on Project-1 titled “IT Governance”

Mr. Daniel Jezini from SAI – Brazil gave a presentation on the “Governance Evaluation Techniques for IT – GET. IT” which is part of the “IT Governance” project. He briefly explained basic details about his SAI and department
(SEFTI – Department of IT Audit) and also provided latest update on the GET. IT project i.e. its scope, approaches, history and next steps to be taken.

He informed that the first draft of the IT governance guide is ready and its more refined version will be sent for comments by the end of this year so that the complete product can be presented at the next meeting

Agenda item No. 6: Work Plan (2014-2016): Progress report on Project – 2 titled “Data Mining as a Tool in Fraud Investigation

A short introduction of SAI-South Africa and its mandate was given by Mr. Tobias Johannes Bruyns. He then presented the latest project timeline and described briefly the guide, its usage and status. The project team would finalise and submit the guide before 2016 WGITA for approval.

He also asked the participants whether they are willing to participate in a survey, his SAI wants to issue, to identify how data analytics is being used in different SAIs. In response to queries, Mr. Tobias clarified that the tool could be used at the planning stage on even before and that corruption is also included in the definition of fraud.

Agenda item No. 7: Work Plan (2014-2016): Progress report on Project-3 titled “Development of Standards for State Information Systems and Project Audit”

Mr. Andrey Abramov presented progress report of the WGITA project led by SAI of Russian Federation. He proposed to change the name of the standard as “Standard for State Information Systems” in view of the fact that the word Project is understood in their practice as a technical document determining the hard, soft and information components of the information system (IS) under development. He presented the current status of Standard for State Information Systems Audit. He explained the new ideas and visions that have been introduced by the project members during the course of the project. He then briefly shared the revised structure of the standard containing 10 domains.

Taking into consideration all the necessary adjustments introduced into the document i.e. its name, structure, content and correct wording of the text, he hoped that the result of the work will be produced by the end of this year.

After detailed discussions on the need for changing the project title and structure, it was decided that SAI-Russia could
complete the project as proposed by the end of the year and the same would be circulated to members for comments.
Adecision could then be made about the revised project title & structure.

Agenda item No. 8: Work Plan (2014-2016): Progress report on Project-4 titled
“Development of Data Interface Standard for Accounting Software”

Ms. Li Yang from SAI-China presented the progress report describing briefly the projects background, roadmap, the work done and the working draft of the document. Comments received from SAIs of India and Poland on the proposed working draft were also shared during the meeting.

It was decided that SAI-China will submit the final version of the draft document after considering the following remarks of participants –
(i) measures to ensure quality of data;
(ii) relationship between XBRL and XML format; and (iii) its applicability for
accounting systems and different levels of financial reporting.
SAI-China also confirmed
that the issue of whether it will be an open or licensed standard will be discussed further in the project team.

Agenda item No. 9: Work Plan (2014-2016): Progress report on Project-5 titled “Development of ISSAI-5300 on
‘Guidelines on IT Audits”

Mr. K. S. Subramanian from SAI-India gave an account of the activities completed on the project “Development of ISSAI 5300: Guidelines on IT Audits” since last WGITA meeting in Kuwaitin April, 2014. He stated that the Project Team had also finalised a detailed IT Audit Questionnaires aimed at generating a comprehensive database covering IT Audit practices, standards and manuals in use, etc. in order to determine the IT Audit related maturity and profile of SAIs world-wide. Till date, only 52 SAIs have responded to the questionnaires. Once completed, the Project Team would use the database for deriving required inputs for framing the ISSAI.

Mr. Subramanian also stated that the SAI-India Team had also prepared a skeletal draft of ISSAI 5300 in May 2015 which was circulated amongst all WGITA members/observers for comments/suggestions (if any) in June 2015. The project team however, proposed to revise the schedule in view of the fact that the project schedule approved by the KSC in October 2014 underestimated the multiple levels of approvals and endorsements required, as well as the complexity involved in arriving at a universally acceptable draft. The Project Team would now attempt to finalise the draft ISSAI and then seek approval of the exposure draft by the WGITA and the KSC through email exchanges.

After discussions, the Working Group approved the proposal for revision of project schedule and for seeking approval of the exposure draft from WGITA members/observers through email exchanges. The Group also agreed that the standard 5300 should be a concise document with reference to other INTOSAI products, as having a detailed self-contained standard would require frequent updates.

Agenda item No. 10: A brief report on the project ‘Audit Management System’

Mr. K. S. Subramanian from SAI-India briefly familiarized participants about the Audit Management System, its advantages, design features, implementation risk, etc. He stated that several commercial products are readily available in market. However, they are expensive and the products do not fully meet SAIs’ unique needs. He further stated that they are working in collaboration with the IDI for development of Audit Management System. A Survey/interview will be conducted in 2015 to identify/finalise requirements and detailed Work Plan for development/testing/rollout will be presented in 2016 WGITA. Mr. Subramanian also asked the participants whether they would be interested in software development on audit management system.

Mr. Pawel Banas of SAI-Poland promised to share the results of an EUROSAI project to finalise the requirements for development of such a software. It was decided that a survey would be sent by SAI-India within the next few months to ascertain the needs for the development of AMS.

Agenda item No. 11: Report of AFROSAI-E on cooperation with WGITA

Mr. Fredrick Bobo from AFROSAI-E made a presentation on AFROSAI-E’s cooperation with WGITA. He briefly described the background of the AFROSAI-E, their capacity building approaches, their Strategic imperatives from 2009, use of IT in Audit, strategic imperatives 2015-2019, etc. He then gave an account of its previous and current projects in the region as well as future plans and its cooperation with the WGITA. AFROSAI-E agreed to share the results of its survey on electronic working papers with SAI-India, WGITA Secretariat.

Agenda item No. 12: Report of ISACA on cooperation with WGITA

Mr. Thomas Lamm expressed his appreciation to all the participants and the institutions they represented, for their effort
to improve the shape of their governments and countries. He gave a brief presentation on the ISACA, its main areas of interest and its cooperation with the INTOSAI.

Agenda item No. 13: Report of IDI on cooperation with WGITA

Mr. K. S. Subramanian from SAI-India presented IDI report on cooperation with WGITA on behalf of IDI who participated in this meeting via teleconference. Mr. Subramanian described the WGITA IDI handbook, the capacity development program on IT
audit supporting SAIs in enhancing their IT audit capacity and the plans for the future cooperation with WGITA

Agenda item No. 14: WGITA’s role in management of Big Data

Mr. K. S. Subramanian from SAI-India started his presentation with the definition of big data and then he briefly described the process and aim of big data analysis, opportunities and challenges, etc. He stated that the WGITA could provide guidance on best practices that the SAIs could embrace to adapt their audit design procedures and methodologies to the changing order of big data environment. He further stated that the practical guidance could be made available to SAIs by WGITA on Digital Auditing, data Analytics and moving from sample to whole.

Agenda item No.15: Country Paper presentations and discussions thereon (Australia, Bangladesh, Iran, Japan, Malaysia
and Pakistan)

Another important role of the Working Group on IT Audit is to promote and share best practices and methods in Information Technology related audits and to facilitate exchange of information and experience. Accordingly, sixmember SAIs viz.
Australia, Bangladesh, Japan, Iran, Malaysia and Pakistan presented country papers on the following topics

(i) Improving Australian Government agencies’ ICT security posture (SAI-Australia)

Mr. Alex Doyle from SAI – Australia presented a country paper on “Improving Australian Government agencies’ ICT security
posture”. He stated that the Australian National Audit Office (ANAO) had conducted an audit examining several Australian Government agencies’ compliance with the information security requirements of the Protective Security Policy Framework (PSPF). The Performance Audit Report No. 50 of 2013-14 on “Cyber Attacks: Securing Agencies’ ICT Systems” was tabled in the parliament in June 2014. He also highlighted major audit findings from the report.

(ii) Initiatives by SAI – Bangladesh to implement IT audits (SAI-Bangladesh)

Mr. Md. Aftabuzzaman from SAI – Bangladesh gave a short presentation on the initiatives taken up by SAI-Bangladesh
to implement IT audits. He familiarized the participants with some basic facts about both Bangladesh and his institution. He also presented features of the IT Strategic Plan and Strategic Plan of SAI Bangladesh and details of the

ICT infrastructure in his SAI. He also stated that SAI – Bangladesh haddeveloped an IT Audit manual to guide the
audit teams in ensuring conduct of quality audit

iii) SANA, Electronic Auditing System (SAI-Iran)

Mr. Ali Rashidi briefly described the electronic auditing system called SANA. The SANA is regarded as one of the biggest projects of the state information technology, and it included six parts: Software, Data Center, Infrastructure, Training and Culture Making, Developing Working Principles, and Security and Connection Management. He stated
that SANA’s goal is to transfer all jobs that computers can do from human to machines in order to increase speed, precision, accuracy and comprehensiveness of monitoring and auditing, improve the availability of comprehensive information of auditees, facilitate the analysis of information by using CAAT techniques and automate processes of auditing (AMS).

(iv)Summaries of “shiteki” cases regarding “IT” in a recent audit report (SAI-Japan)

Ms. Kae Kobayashi from SAI-Japan madea presentation on “shiteki” cases regarding “IT” in a recent audit report of SAI of Japan. She explained the social-legal concept of the word “shiteki” (which literally means “pointing out”) and also
gaveexamples of such cases described in her SAI reports.

(v)IT Audit: Issues, lessons learnt and actions for a successful IT System implementation (SAI-Malaysia);

Ms. Carolina Muyang Lileng from SAI-Malaysia madea presentation on “IT AUDIT: ISSUES, LESSONS LEARNT AND ACTIONS FOR A SUCCESSFUL IT SYSTEM IMPLEMENTATION”. She shared an overview of technology development in the
Malaysian Public Service and described the experiences in IT audits of the National Audit Department of Malaysia’s (NADM). She highlighted some audit issues and lessons learnt as well as actions taken in order to successfully implement IT system.

(vi) Enhancing the Scope of Financial Audit using IT Audit Techniques (SAI-Pakistan).

Mr. Muhammad Ali Farooq Gheba from SAI-Pakistan madea presentation on enhancing the scope of financial audit using IT audit techniques. He explained the impact of IT environment in conducting Financial Audits. He also stated that the Financial Auditor needs to go beyond numbers and the IT Audit techniques plays a significant role in this change of perspective

All the above country paper presentations were appreciated by the members of the Working Group.
The Chairman expressed his gratitude to the SAIs of Australia, Bangladesh, Japan, Iran, Malaysia and Pakistan
for sharing their experiences with the Working Group.The Chairman also stated that that these presentations have been
enriching and educative.

Agenda item No. 16: Presentation on WGITA-IDI Handbook on IT Audit

Mr. Madhav Panwar from SAI-USA familiarized the participants with the WGITA-IDI Handbook on IT Audit i.e. its origins, what it is and how to use it, etc. He also presented aproposal for its update and asked for volunteers to join the project. He also informed about the e-learning course on the handbook hosted by IDI

Appreciating the utility of the Handbook, it was decided that the work of updating of the Handbook will be discussed further with IDI.

Agenda item No. 17: Discussion on preparation for the 25th meeting of WGITA

It was unanimously decided in the 22nd WGITA meeting held in April 2013 at Vilnius, Lithuania that the 25th
WGITA meeting would be hosted by SAI-Brazil in 2016. Accordingly, Mr. Vital Rogo Filho from SAI-Brazil gave an update on the preparations for the next meeting and invited participants to Brazil for the next WGITA meeting.
The Chairman thanked SAI-Brazil for their gracious offer to host the next meeting of WGITA and also for apprising
the members on the preparations for the meeting.

Agenda item No. 18: Discussion on venue for the 26thmeeting of WGITA

Mr. Shashi Kant Sharma stated that in order to identify host of the 26th WGITA meeting, the SAIs of Bangladesh, Georgia, Korea, Slovenia, Switzerland, UK, USA and Zimbabwe were requested to inform whether their SAI wishes to host the 26th
WGITA Meeting in 2017. In response, SAI-Korea has expressed their willingness to host the 26th meeting.
Mr. Sharma expressed his gratitude for SAI – Korea’s willingness to host the 2017 WGITA meeting.

The representative of the SAI of South Korea invited all the members of the WGITA and expressed his gratitude to the SAI-India for sharing its experience and practices with other members of the group.

Agenda item No. 19: Any other item for discussion with permission of the Chair

Mr. K. S. Subramanian from SAI-India reminded about the request of SAI of South Africa (Please refer to Agenda Item No.6)
to distribute a survey on data analytics among all the Working Group members. Since the survey could betime consuming,
it was agreed that SAI-South Africa would send the electronic version to the SAI of India who in turn will circulate it among the group. Mr. Tobias Johannes Bruyns thanked the participants for their willingness to take part in the survey and stated that he
is looking forward to receiving their feedback.

Agenda item No. 20: Closing Remarks and summing up

Mr. Krzysztof Kwiatkowski, President of the Polish Supreme Audit Office thanked participants for their involvement in the groups’ work and for two days of fruitful meeting. He also thanked the Chair for effectively organizing the workflow during the meeting.

Mr. Shashi Kant Sharma, Comptroller and Auditor General of India and Chairman, WGITA summarized the discussions at the meeting and thanked the participants for their presentations. He also expressed his appreciation to all members for the significant progress made during two days of hard work. He mentioned that the decisions taken during this meeting would guide the Working Group in achieving the objectives for which it was constituted. The Chairman also conveyed his gratitude to SAI-Brazil and SAI-Korea for agreeing to host the 25th and 26th WGITA meetings, respectively.

Mr. Sharma also thanked Mr. Krzysztof Kwiatkowski, President of the Polish Supreme Audit Office and his officers for
successfully organizing and hosting the 24th WGITA meeting and expressed his gratitude to all the members of the Group for their active participation and support to the proceedings. He also thanked the IDI, ISACA and AFROSAI-E for their cooperation with the Working Group.

**********************

Annexure

List of the participants

# Country Name Status
1. Australia Mr. Alex Doyle Member
2. Bangladesh Mr. Md. Aftabuzzaman Member
3. Bangladesh Mr.Masud Ahmed Member
4. Bangladesh Mr.Mohammed Maisur Mahmood Chowdhury Member
5. Bhutan Ms.Tshering Dema Member
6. Bhutan Mr.Jamtsho Member
7. Bhutan Mr.Tshering Wangchuk Member
8. Brazil Mr.Daniel Jezini Member
9. Brazil Mr. Vital Rogo Filho Member
10. China Ms. Xing Liu Member
11. China Ms.Li Yang Member
12. China Mr.Qiang Yin Member
13. Congo Mr.Anasthasie Kalubi Muamba Member
14. Congo Mr.Heritier Luyindamo Diavanga Member
15. Congo Mr.Beni Miantezila Sosani Member
16. Congo Mr.Dan Ziala Ziala Member
17. Ecuador Mr. Nelson Duenas Lopez Member
18. Ecuador Mr. Carlos Polit Faggioni Member
19. Finland Mr. Pasi Korhonen Member
20. Georgia Mr. Ivane Shavdatuashvili Member
21. India Mr.Shashi Kant Sharma Member
22. India Mr. K. S. Subramanian Member
23. India Mr. Kulwant Singh Member
24. India Mr. Anadi Misra Member
25. Indonesia Mrs.Ria Anugriani Member
26. Indonesia Mrs.Sylvia Ika Oktavi Member
27. Indonesia Mr.Agus Joko Pramono Member
28. Indonesia Mr.Rochmadi Saptogiri Member
29. Iran Mr. Gholamreza Bazgosha Member
30. Iran Mr. Ali Rashidi Member
31. Japan Mr. Hideki Fujii Member
32. Japan Ms. Kae Kobayashi Member
33. Kuwait Mr. Abdulaziz Alansari Member
34. Kuwait Mr. Faisal Alhaqan Member
35. Kuwait Ms. Rawan Alsubaie Member
36. Lithuania Mr. Dainius Jakimavičius Member
37. Lithuania Ms.Carolina Muyang Lileng Member
38. Norway Mr. Stig Folkvord Member
39. Norway Mr. Andreas Førde Member
40. Norway Ms. Magnhild Kaasin Member
41. Pakistan Mr. Muhammad Ali Farooq Gheba Member
42. Poland Mr. Paweł Banaś Member
43. Russia Mr. Andrey Abramov Member
44. Russia Ms. Elena Vasilieva Member
45. Slovakia Mrs. Zuzana Martincová Member
46. South Africa Mr. Tobias Johannes Bruyns Member
47. South Africa Mrs. Catharina Petronella Ferreira Member
48. South Korea Mr. Jinwon Ho Member
49. South Korea Mr. Changyu Kim Member
50. Switzerland Mr. Bernhard Hamberger Member
51. United States Mr. Madhav Panwar Member
52. Zimbabwe Mrs. Emily Dzinouya Member
53. Zimbabwe Mrs. Jemmima Muzamhindo Member
54. AFROSAI-E Mr. Fredrick Bobo Observer
55. ISACA Mr. Thomas Lamm Observer
56. ISACA Mr. Krishna Seeburn Observer
57. Malta Mr. Simon Camilleri Observer

Download Agenda